329 matches found
ROS-2-2532
2.2532 Notification on the update of the Red OS OPERATION SYSTEM MIS Due to quality improvement and bug fixing, an updated version of the "RED OS" Operating System "RED OS" 7.3 antimalware protection system has been released. You can contact the technical support service within the framework of...
ROS-2-2413
2.2413 Notification on the update of the Red OS OPERATION SYSTEM MIS Due to quality improvement and bug fixing, an updated version of the "RED OS" Operating System "RED OS" 7.3 antimalware protection system has been released. You can contact the technical support service within the framework of...
ROS-2-2448
2.2448 Notification on the update of the Red OS OPERATION SYSTEM MIS Due to quality improvement and bug fixing, an updated version of the "RED OS" Operating System "RED OS" 7.3 antimalware protection system has been released. You can contact the technical support service within the framework of...
ROS-2-2428
2.2428 Notification on the update of the Red OS OPERATIONAL SYSTEM MIS Due to quality improvement and bug fixing, an updated version of the "RED OS" Operating System "RED OS" 7.3 antimalware protection system has been released. You can contact the technical support service within the framework of...
ROS-2-2485
2.2485 Notification on the update of the Red OS OPERATING SYSTEM MIS Due to quality improvement and bug fixing, an updated version of the "RED OS" Operating System "RED OS" 7.3 antimalware protection system has been released. You can contact the technical support service within the framework of...
ROS-2-2440
2.2440 Notification on the update of the Red OS OPERATION SYSTEM MIS Due to quality improvement and bug fixing, an updated version of the "RED OS" Operating System "RED OS" 7.3 antimalware protection system has been released. You can contact the technical support service within the framework of...
ROS-2-2596
2.2596 Notification on the update of the Red OS OPERATIONAL SYSTEM MIS Due to quality improvement and bug fixing, an updated version of the "RED OS" Operating System "RED OS" 7.3 antimalware protection system has been released. You can contact the technical support service within the framework of...
New Fileless Malware Uses Windows Registry as Storage to Evade Detection
A new JavaScript-based remote access Trojan RAT propagated via a social engineering campaign has been observed employing sneaky "fileless" techniques as part of its detection-evasion methods to elude discovery and analysis. Dubbed DarkWatchman by researchers from Prevailion's Adversarial...
ZipExec - A Unique Technique To Execute Binaries From A Password Protected Zip
ZipExec is a Proof-of-Concept POC tool to wrap binary-based tools into a password-protected zip file. This zip file is then base64 encoded into a string that is rebuilt on disk. This encoded string is then loaded into a JScript file that when executed, would rebuild the password-protected zip fil...
Encrypted & Fileless Malware Sees Big Growth
A full 91.5 percent of malware was delivered using HTTPS-encrypted connections in the second quarter, researchers said, making attacks more evasive. That’s according to WatchGuard Technologies’ latest report on findings within its telemetry, which also found that these detections come primarily...
Remote code execution
Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents. An attacker could craft a malicious Active...
PT-2021-3925
Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description A remote code execution issue exists in MSHTML, the browser rendering engine used by Microsoft Internet Explorer and Microsoft Office. The flaw is caused by incorrect code generatio...
Backstab - A Tool To Kill Antimalware Protected Processes
Have these local admin credentials but the EDR is standing in the way? Unhooking or direct syscalls are not working against the EDR? Well, why not just kill it? Backstab is a tool capable of killing antimalware protected processes by leveraging sysinternals’ Process Explorer ProcExp driver, which...
CVE-2021-31728
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to .\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a flaw in IOCTL 0x80002040, install a hook...
CVE-2021-31728
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to .\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a flaw in IOCTL 0x80002040, install a hook...
Design/Logic Flaw
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 where IOCTL's 0x80002014, 0x80002018 expose unrestricted disk read/write capabilities respectively. A non-privileged process can open a handle to .\ZemanaAntiMalware, register with the driver using IOCTL...
Design/Logic Flaw
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to .\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a flaw in IOCTL 0x80002040, install a hook...
CVE-2021-31728
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a non-privileged process to open a handle to .\ZemanaAntiMalware, register itself with the driver by sending IOCTL 0x80002010, allocate executable memory using a flaw in IOCTL 0x80002040, install a hook...
CVE-2021-31728
CVE-2021-31728 affects MalwareFox AntiMalware 2.74.0.150, with vulnerable drivers zam64.sys and zam32.sys. A non-privileged process can obtain a handle to \.\ZemanaAntiMalware, register via IOCTL 0x80002010, allocate executable memory via IOCTL 0x80002040, install a hook with IOCTL 0x80002044, an...
CVE-2021-31727
MalwareFox AntiMalware 2.74.0.150 is affected by CVEs CVE-2021-31727 and CVE-2021-31728. The vulnerability stems from incorrect access control in zam64.sys and zam32.sys, enabling a non-privileged process to obtain a handle to \.\ZemanaAntiMalware and issue IOCTLs (notably 0x80002010, 0x80002014,...