VulnCheck KEV: CVE-2014-0114

Apache Commons BeanUtils, as distributed in lib/commons-beanutils-1.8.0.jar in Apache Struts 1.x through 1.3.10 and in other products requiring commons-beanutils through 1.9.2, does not suppress the class property, which allows remote attackers to "manipulate" the ClassLoader and execute...

UBUNTU-CVE-2022-1649

Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see CWE...

Cybercriminals Using New Malware Loader 'Bumblebee' in the Wild

Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development. "Based on the timing of its appearance in the threat landscape and use by multiple...

CVE-2022-23822

In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader FSBL by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a...

CVE-2022-23822

In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader FSBL by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a...

CVE-2022-23822

CVE-2022-23822 concerns the Zynq-7000 SoC First Stage Boot Loader (FSBL). A physical attack may bypass FSBL authentication and load a malicious image onto the device, enabling the attacker to perform further actions such as using the device as a decryption oracle. The NVD entry notes a mitigation...

CVE-2022-23822

In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader FSBL by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a...

CVE-2022-23822

In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader FSBL by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a...

Newly patched VMware vulnerability exploited by Iranian espionage group, Rocket Kitten

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here An Iranian cyber espionage gang known as Rocket Kitten has began delivering the Core Impact penetration testing tool on susceptible computers by exploiting a newly fixed severe vulnerability in VMware Workspace ONE...

Iranian Hackers Exploiting VMware RCE Bug to Deploy 'Core Impact' Backdoor

An Iranian-linked threat actor known as Rocket Kitten has been observed actively exploiting a recently patched VMware vulnerability to gain initial access and deploy the Core Impact penetration testing tool on vulnerable systems. Tracked as CVE-2022-22954 CVSS score: 9.8, the critical issue...

Mageia: Security Advisory (MGASA-2022-0148)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated openscad packages fix security vulnerability

Out-of-bounds memory access in DXF loader. CVE-2022-0496 Out-of-bounds memory access in comment parser. CVE-2022-0497...

MGASA-2022-0148 Updated openscad packages fix security vulnerability

Out-of-bounds memory access in DXF loader. CVE-2022-0496 Out-of-bounds memory access in comment parser. CVE-2022-0497...

Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Vulnerabilities (cisco-sa-cdb-cmicr-vulns-KJjFtNb)

According to its self-reported version, Cisco Catalyst Digital Building Series Switches and Cisco Catalyst Micro Switches Vulnerabilities is affected by the following vulnerabilities: - A denial of service DoS vulnerability exists in the boot loader. An unauthenticated, physical attacker can...

Shhhloader - SysWhispers Shellcode Loader

Shhhloader is a SysWhispers Shellcode Loader that is currently a Work in Progress. It takes raw shellcode as input and compiles a C++ stub that has been integrated with SysWhispers in order to bypass AV/EDR. The included python builder will work on any Linux system that has Mingw-w64 installed. T...

APT 10, a state-sponsored Chinese threat group, conducting a global cyber espionage operation

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A Chinese state-sponsored advanced persistent threat APT 10 group has been attacking government, legal, religious entities and non-governmental organizations NGOs around the world in what appears to be an espionage campaign th...

A week in security (April 4 – 10)

Last week on Malwarebytes Labs: Why data protection and privacy are not the same, and why that matters: Lock and Code S03E09 YouTube channels of Taylor Swift, Justin Bieber, Harry Styles, and other musicians compromised Successful operations against Russian Sandworm and Strontium groups targeting...

PT-2022-3849 · Nginx · Nginx Njs

Name of the Vulnerable Software and Affected Versions: Nginx NJS version 0.7.3 Description: The issue is caused by a stack overflow in the njs default module loader function at /src/njs/src/njs module.c of the Nginx NJS interpreter. This could allow a remote attacker to impact the confidentiality...

Researchers Uncover How Colibri Malware Stays Persistent on Hacked Systems

Cybersecurity researchers have detailed a "simple but efficient" persistence mechanism adopted by a relatively nascent malware loader called Colibri, which has been observed deploying a Windows information stealer known as Vidar as part of a new campaign. "The attack starts with a malicious Word...

Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique

This blog post was authored by Ankur Saini, with contributions from Hossein Jazi and Jérôme Segura 2022-04-07: Added MITRE ATT&CK mappings 2022-04-07: Changed the name of the final payload from Vidar to Mars Stealer Colibri Loader is a relatively new piece of malware that first appeared on...