IT threat evolution Q3 2023

IT threat evolution in Q3 2023 IT threat evolution in Q3 2023. Non-mobile statistics IT threat evolution in Q3 2023. Mobile statistics Targeted attacks Unknown threat actor targets power generator with DroxiDat and Cobalt Strike Earlier this year, we reported on a new variant of SystemBC called...

CKEditor Security Vulnerabilities

CKEditor is an open source, web-based text editor. A security vulnerability exists in CKEditor 4.15.1 and earlier versions, which stems from the presence of a cross-site scripting vulnerability that allows an attacker to send malicious JavaScript code and retrieve information about an authorized...

PT-2023-30581 · Cksource +1 · Ckeditor +1

Name of the Vulnerable Software and Affected Versions: CKEditor versions 4.15.1 and earlier CKEditor versions prior to 4.24.0-lts Description: A Cross-Site scripting issue has been found in CKSource CKEditor. An attacker could send malicious javascript code through the "samples/old/ajax.html" fil...

CVE-2023-48011

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flushrefsamples function at /gpac/src/isomedia/moviefragments.c...

DEBIAN-CVE-2023-48011

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flushrefsamples function at /gpac/src/isomedia/moviefragments.c...

UBUNTU-CVE-2023-48011

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flushrefsamples function at /gpac/src/isomedia/moviefragments.c...

PT-2023-8941 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: GPAC version 2.3-DEV-rev566-g50c2ab06f-master Description: The issue is related to a heap-use-after-free via the flush ref samples function at /gpac/src/isomedia/movie fragments.c. This is associated with incorrect dynamic memory usage during...

GPAC Security Vulnerabilities

GPAC is an open source multimedia framework. A security vulnerability exists in GPAC version v2.3-DEV-rev566-g50c2ab06f-master, which stems from a post-release reuse vulnerability in the function flushrefsamples...

libtiff: out-of-bounds write in extractContigSamplesShifted24bits() in tools/tiffcrop.c

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted24bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification...

libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification...

libtiff: out-of-bounds write in extractContigSamplesShifted16bits() in tools/tiffcrop.c

A flaw was found in tiffcrop, a program distributed by the libtiff package. A specially crafted tiff file can lead to an out-of-bounds write in the extractContigSamplesShifted16bits function in tools/tiffcrop.c, resulting in a Denial of Service and limited data modification...

Vulnerability of the extractContigSamplesShifted8bits() function in the LibTIFF library, which allows a hacker to trigger a service failure.

The vulnerability of the extractContigSamplesShifted8bits function tools/tiffcrop.c in the LibTIFF library is related to reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a system failure...

Dynmx - Signature-based Detection Of Malware Features Based On Windows API Call Sequences

dynmx spoken dynamics is a signature-based detection approach for behavioural malware features based on Windows API call sequences. In a simplified way, you can think of dynmx as a sort of YARA for API call traces so called function logs originating from malware sandboxes. Hence, the data basis f...

The vulnerability of the read_samples() function in the Sound eXchange (SoX) audio processing software allows a hacker to cause a service failure.

The vulnerability of the readsamples function in the Sound eXchange SoX sound processing software is related to incorrect numerical calculations when processing values with a comma. Exploiting this vulnerability could allow an attacker to cause a service failure...

How to export NetScaler files via FTP protocol

This article contains command sample in NetScaler to export some files via FTP protocol...

LockBit 3.0 Ransomware Builder Leak Gives Rise to Hundreds of New Variants

The leak of the LockBit 3.0 ransomware builder last year has led to threat actors abusing the tool to spawn new variants. Russian cybersecurity company Kaspersky said it detected a ransomware intrusion that deployed a version of LockBit but with a markedly different ransom demand procedure. "The...

Dissecting a Clever Malware Sample for Optimized Detection and Protection

As part of our product lineup, we offer security monitoring and malware removal services to our Wordfence Care and Response customers. In case of a security incident, our incident response team will investigate the root cause, find and remove malware from your site, and help with other...

CVE-2023-32627

A floating point exception vulnerability was found in sox, in the readsamples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service...

DEBIAN-CVE-2023-32627

A floating point exception vulnerability was found in sox, in the readsamples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service...

AZL-44616 CVE-2023-32627 affecting package sox 14.4.2.0-34

A floating point exception vulnerability was found in sox, in the readsamples function at sox/src/voc.c:334:18. This flaw can lead to a denial of service...