CVE-2016-10766

creationtimestamp| type| source ---|---|--- 2019-07-29 20:35:12+00:00| seen| https://t.me/cibsecurity/5774 2019-08-05 18:34:07+00:00| seen| https://t.me/cibsecurity/5926...

SoX Buffer Overflow Vulnerability

SoX is a set of open source audio processing tools. The product supports playing, converting and recording audio in many formats. A buffer overflow vulnerability exists in the 'readsamples' function of the xa.c file in SoX 14.4.2 and earlier. The vulnerability stems from a networked system or...

PT-2019-13236 · Xpdf · Xpdf

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.01.01 Description: A heap-based buffer over-read issue can be triggered in the SampledFunction::transform function when using a large index for samples, potentially allowing an attacker to cause Denial of Service or an...

Newly-Discovered Malware Targets Unpatched MacOS Flaw

Researchers have discovered never-before-seen Mac malware samples, which they believe are being developed to target a recently-disclosed vulnerability in the MacOS operating system. The vulnerability, a bypass that was disclosed in May and has yet to be patched by Apple, exists in the MacOS...

New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched

Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month. Intego team last week discovered four samples of new macOS...

Double-Free RCE in VLC. A honggfuzz how-to

Introduction I spent three months working on VLC using Honggfuzz, tweaking it to suit the target. In the process, I found five vulnerabilities, one of which was a high-risk double-free issue and merited CVE-2019-12874. Here’s the VLC advisory . Here’s how I found it. I hope you find the how-to...

Scanners-Box

This is a collection of open-source scanning tools and wordlists for web application security testing. The repository, Scanners-Box, is a collection of tools from various contributors, including lijiejie, ringzero, and others. The tools are categorized into subdomains, database vulnerability...

Flerken - Obfuscated Command Detection Tool

Command line obfuscation has been proved to be a non-negligible factor in fileless malware or malicious actors that are "living off the land". To bypass signature-based detection, dedicated obfuscation techniques are shown to be used by red-team penetrations and even APT activities. Meanwhile,...

CVE-2018-10055

creationtimestamp| type| source ---|---|--- 2019-04-24 20:28:10+00:00| seen| https://t.me/cibsecurity/3921 2019-04-30 22:31:40+00:00| seen| https://t.me/cibsecurity/4027...

[SECURITY] Fedora 30 Update: yara-3.9.0-1.fc30

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

[SECURITY] Fedora 30 Update: python-yara-3.9.0-2.fc30

Python binding for the YARA pattern matching tool. YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each...

Defeating Compiler-Level Obfuscations Used in APT10 Malware

Summary The Carbon Black Threat Analysis Unit TAU recently analyzed a series of malware samples that utilized compiler-level obfuscations. For example, opaque predicates were applied to Turla mosquito and APT10 ANEL. Another obfuscation, control flow flattening, was applied to APT10 ANEL and Dhar...

Pentagon Draws Back the Veil on APT Malware with Sudden Embrace of VirusTotal

The Pentagon has suddenly started uploading malware samples from APTs and other nation-state sources to the website VirusTotal, which is essentially a malware zoo that’s used by security pros and antivirus/malware detection engines to gain a better understanding of the threat landscape. The Cyber...

Threat Intelligence, the Dark Web and Information sharing: Supporting improved protection

There are numerous different elements and obstacles that contribute to the challenges of data protection in the current threat environment. However, a leading issue is ensuring protection against the latest, emerging attack styles and breach strategies. After all, how can an organization ensure t...

Mail Security Tester - A Testing Framework For Mail Security And Filtering Solutions

A testing framework for mail security and filtering solutions. IMPORTANT: Don't do anything evil with this! Tests of cloud or otherwise hosted solutions should always be approved by the tested provider. Only use your own test accounts and don't annoy anyone with a load of test mails. Installation...

ThreatList: Malware Samples Targeting IoT More Than Double in 2018

It’s no secret that connected devices are posing a security threat in the commercial, consumer and industrial worlds. A fresh report on this expanding threat landscape shows that attacks are accelerating, with MikroTik routers, Telnet password-cracking and the Mirai botnet dominating the...

New trends in the world of IoT threats

Cybercriminals' interest in IoT devices continues to grow: in H1 2018 we picked up three times as many malware samples attacking smart devices as in the whole of 2017. And in 2017 there were ten times more than in 2016. That doesn't bode well for the years ahead. We decided to study what attack...

[SECURITY] Fedora 27 Update: yara-3.8.1-1.fc27

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

Cross-site Scripting (XSS)

paypal/invoice-sdk-php is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of permToken and allows arbitrary scripts to be rendered in samples/permissions.php...

CVE-2018-14338

The CVE-2018-14338 issue affects Exiv2 (example code: samples/geotag.cpp) in the 0.26 release. The root cause is misuse of the realpath function on POSIX platforms (excluding Apple), where glibc is not used, which could lead to a buffer overflow. Public references in vendor advisories/NVD entries...