A cascade of compromise: unveiling Lazarus’ new campaign

Earlier this year, a software vendor was compromised by the Lazarus malware delivered through unpatched legitimate software. Whats remarkable is that these software vulnerabilities were not new, and despite warnings and patches from the vendor, many of the vendors systems continued to use the...

PT-2023-36233 · Unknown · Python-Pip

Name of the Vulnerable Software and Affected Versions: python-pip affected versions not specified Description: The issue with python-pip is related to the presence of .exe files in the RPM package, which could cause problems with security scanners. Recommendations: At the moment, there is no...

Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices

Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023...

Critical Firmware Vulnerability in Gigabyte Systems Exposes ~7 Million Devices

Cybersecurity researchers have found "backdoor-like behavior" within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format. Firmware security firm Eclypsium said it first detected the anomaly in April 2023...

CVE-2023-27762

An issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 allows a remote attacker to execute arbitrary commands via the democreatorsetupfull7743.exe file...

BlueNoroff introduces new methods bypassing MoTW

BlueNoroff group is a financially motivated threat actor eager to profit from its cyberattack capabilities. We have published technical details of how this notorious group steals cryptocurrency before. We continue to track the groups activities and this October we observed the adoption of new...

Threat Roundup for October 21 to October 28

Today, Talos is publishing a glimpse into the most prevalent threats weve observed between Oct. 21 and Oct. 28. As with previous roundups, this post isnt meant to be an in-depth analysis. Instead, this post will summarize the threats weve observed by highlighting key behavioral characteristics,...

Malicious NPM Package Caught Mimicking Material Tailwind CSS Package

A malicious NPM package has been found masquerading as the legitimate software library for Material Tailwind, once again indicating attempts on the part of threat actors to distribute malicious code in open source software repositories. Material Tailwind is a CSS-based framework advertised by its...

CVE-2022-36414

There is an elevation of privilege breakout vulnerability in the Windows EXE installer in Scooter Beyond Compare 4.2.0 through 4.4.2 before 4.4.3. Affected versions allow a logged-in user to run applications with elevated privileges via the Clipboard Compare tray app after installation...

Experts Uncover 350 Browser Extension Variants Used in ABCsoup Adware Campaign

A malicious browser extension with 350 variants is masquerading as a Google Translate add-on as part of an adware campaign targeting Russian users of Google Chrome, Opera, and Mozilla Firefox browsers. Mobile security firm Zimperium dubbed the malware family ABCsoup, stating the "extensions are...

Exploit for Missing Authentication for Critical Function in Zohocorp Manageengine_Servicedesk_Plus

CVE-2021-44077 Proof of Concept Exploit for CVE-2021-44077: Pr...

The return of the Malwarebytes CrackMe

This blog post was authored by Hasherezade Update: Malwarebytes Crackme : we already have the winners in the category "the fastest solve", congratulations! 1st: @nazywam 2nd: Suvaditya Sur @x0r19x91 3rd:@evandrix But we are still waiting for your submissions! -- Malwarebytes Threat Intelligence...

CVE-2021-33879

Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only...

CVE-2021-33879

Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only...

Design/Logic Flaw

Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only...

CVE-2021-33879

Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A malicious attacker in an MITM position could spoof the contents of an XML document describing an update package, replacing a download URL with one pointing to an arbitrary Windows executable. Because the only...

Tencent GameLoop 安全漏洞

Tencent GameLoop is an Android emulator from Tencent, a Chinese company. It enables players to play Android games on their computers. Tencent GameLoop before 4.1.21.90 suffers from a security vulnerability that originates from a malicious attacker in the MITM position that can be exploited to spo...

SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online

Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response. "SoReL-20M"...

Malicious Package in bb-builder

All versions of bb-builder contained malicious code. The package ran an executable targeting Windows and uploaded information to a remote server. Recommendation Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that...

shadowbroker

This repository, hc1216/shadowbroker, contains a collection of exploits and tools for various vulnerabilities. The repository was initially reported to contain sensitive data, leading to the deletion of several files. The remaining files include a mix of exploit code, payloads, and documentation...