Analyzing the FUD Malware Obfuscation Engine BatCloak

We look into BatCloak engine, its modular integration into modern malware, proliferation mechanisms, and interoperability implications as malicious actors take advantage of its fully undetectable FUD capabilities...

Siemens SCALANCE W1750D Uncontrolled Resource Consumption (CVE-2002-20001)

The Diffie-Hellman Key Agreement Protocol allows remote attackers from the client side to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular- exponentiation calculations, aka a DHEater attack. The client needs very little CPU resources and...

Bad Magic's Extended Reign in Cyber Espionage Goes Back Over a Decade

New findings about a hacker group linked to cyber attacks targeting companies in the Russo-Ukrainian conflict area reveal that it may have been around for much longer than previously thought. The threat actor, tracked as Bad Magic aka Red Stinger, has not only been linked to a fresh sophisticated...

modularhomes.com Cross Site Scripting vulnerability OBB-3352156

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Hitachi Energy MSM

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Modular Switchgear Monitoring MSM Vulnerabilities: Improper Restriction of Excessive Authentication Attempts, Authentication Bypass by Capture-replay, Code Injection, Improper...

Siemens Multiple RTOS Integer Overflow or Wraparound (CVE-2020-28895)

In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc. As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption. SCALANCE X-200, X-200IRT, and X-300...

IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar arithmetic

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

GHSA-MJQV-XHGM-GX8C IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar arithmetic

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

CVE-2023-26557

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

CVE-2023-26557

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

AlienFox Malware Targets API Keys and Secrets from AWS, Google, and Microsoft Cloud Services

A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services,...

New 'Bad Magic' Cyber Threat Disrupt Ukraine's Key Sectors Amid War

Amid the ongoing war between Russia and Ukraine, government, agriculture, and transportation organizations located in Donetsk, Lugansk, and Crimea have been attacked as part of an active campaign that drops a previously unseen, modular framework dubbed CommonMagic. "Although the initial vector of...

Threat Roundup for March 10 to March 17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 10 and March 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

New Version of Prometei Botnet Infects Over 10,000 Systems Worldwide

An updated version of a botnet malware called Prometei has infected more than 10,000 systems worldwide since November 2022. The infections are both geographically indiscriminate and opportunistic, with a majority of the victims reported in Brazil, Indonesia, and Turkey. Prometei, first observed i...

Sharp Panda A Sophisticated Cyber-Espionage Campaign Targeting Governments

Threat Level Actor Report Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs. Summary The Sharp Panda cyber-espionage campaign, which has been active for a considerable period, focuses on infiltrating government entities in Southeast Asia. This operatio...

Sharp Panda Using New Soul Framework Version to Target Southeast Asian Governments

High-profile government entities in Southeast Asia are the target of a cyber espionage campaign undertaken by a Chinese threat actor known as Sharp Panda since late last year. The intrusions are characterized by the use of a new version of the Soul modular framework, marking a departure from the...

Thunderstorm - Modular Framework To Exploit UPS Devices

Thunderstorm is a modular framework to exploit UPS devices. For now, only the CS-141 and NetMan 204 exploits will be available. The beta version of the framework will be released on the future. CVE Thunderstorm is currently capable of exploiting the following CVE: CVE-2022-47186 – Unrestricted fi...

Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)

Description When using the non-default "fallback" crypto back-end, ECC operations in node-jose can trigger a Denial-of-Service DoS condition, due to a possible infinite loop in an internal calculation. For some ECC operations, this condition is triggered randomly; for others, it can be triggered ...

SUSE CVE-2013-4207

Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH servers to cause a denial of service crash via an invalid DSA signature that is not properly handled during computation of a modular inverse and triggers the overflow during a division by zero by the bignum functionality, a differe...

SUSE CVE-2015-0837

The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...