Lucene search
K

79 matches found

Prion
Prion
added 2023/03/27 9:15 p.m.18 views

Privilege escalation

Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to privileges to root...

4.3CVSS7.7AI score0.00264EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/03/16 9:15 p.m.21 views

Privilege escalation

Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to the SYSTEM user...

4.3CVSS7.8AI score0.00185EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/02/23 12:0 a.m.4 views

pdf_info 安全漏洞

pdfinfo is a package pdfinfo command line tool by tomtaylor personal developer. A security vulnerability exists in pdfinfo version 0.5.3, which can be exploited by an attacker to execute operating system commands using a command chain...

9.8CVSS8.6AI score0.03014EPSS
Exploits2References5
The Hacker News
The Hacker News
added 2023/02/15 1:33 p.m.28 views

Financially Motivated Threat Actor Strikes with New Ransomware and Clipper Malware

A new financially motivated campaign that commenced in December 2022 has seen the unidentified threat actor behind it deploying a novel ransomware strain dubbed MortalKombat and a clipper malware known as Laplas. Cisco Talos said it "observed the actor scanning the internet for victim machines wi...

0.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/09 10:38 a.m.23 views

Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms

The Gootkit malware is prominently going after healthcare and finance organizations in the U.S., U.K., and Australia, according to new findings from Cybereason. The cybersecurity firm said it investigated a Gootkit incident in December 2022 that adopted a new method of deployment, with the actors...

0.8AI score
Exploits0
hivepro
hivepro
added 2022/12/21 10:15 a.m.14 views

Outlining a new SiestaGraph backdoor

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Foreign Affairs Office of an Association of Southeast Asian Nations ASEAN member is targeted by multiple threat actors who are coordinating active campaigns via a vulnerable Microsoft Exchange server...

3.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/11/09 3:0 p.m.23 views

Microsoft Defender Experts for Hunting demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations for Managed Services

Microsoft Defender Experts for Hunting, our newest managed threat hunting service, delivered industry-leading results during the inaugural MITRE Engenuity ATT&CK® Evaluations for Managed Services. We provided a seamless, comprehensive, and rapid response to the simulated attack using expert-led...

8.3AI score
Exploits0
The Hacker News
The Hacker News
added 2022/10/20 8:39 a.m.22 views

New Ursnif Variant Likely Shifting Focus to Ransomware and Data Theft

The Ursnif malware has become the latest malware to shed its roots as a banking trojan to revamp itself into a generic backdoor capable of delivering next-stage payloads, joining the likes of Emotet, Qakbot, and TrickBot. "This is a significant shift from the malware's original purpose to enable...

1.8AI score
Exploits0
Talos Blog
Talos Blog
added 2022/09/15 12:2 p.m.23 views

Gamaredon APT targets Ukrainian government agencies in new campaign

By Asheer Malhotra and Guilherme Venere. Cisco Talos recently identified a new, ongoing campaign attributed to the Russia-linked Gamaredon APT that infects Ukrainian users with information-stealing malware. The adversary is using phishing documents containing lures related to the Russian invasion...

0.6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2022/09/07 9:0 p.m.133 views

Profiling DEV-0270: PHOSPHORUS’ ransomware operations

Microsoft threat intelligence teams have been tracking multiple ransomware campaigns and have tied these attacks to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS. Microsoft assesses with moderate confidence that DEV-0270 conducts malicious network operations,...

9.3CVSS0.7AI score0.99999EPSS
Exploits437
The Hacker News
The Hacker News
added 2022/07/13 6:4 a.m.43 views

Researchers Uncover New Attempts by Qakbot Malware to Evade Detection

The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection. "Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel XLM 4.0 to trick...

1.9AI score
Exploits0
The Hacker News
The Hacker News
added 2022/06/21 8:2 a.m.57 views

New NTLM Relay Attack Lets Attackers Take Control Over Windows Domain

A new kind of Windows NTLM relay attack dubbed DFSCoerce has been uncovered that leverages the Distributed File System DFS: Namespace Management Protocol MS-DFSNM to seize control of a domain. "Spooler service disabled, RPC filters installed to prevent PetitPotam and File Server VSS Agent Service...

7.1AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/03/09 12:0 a.m.13 views

New Nokoyawa Ransomware Possibly Related to Hive

In March 2022, we came across evidence that another, relatively unknown, ransomware known as Nokoyawa is likely connected with Hive, as the two families share some striking similarities in their attack chain, from the tools used to the order in which they execute various steps...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2021/11/18 2:0 p.m.23 views

Spear-Phishing Campaign Exploits Glitch Platform to Steal Credentials

A long-term spear-phishing campaign is targeting employees of major corporations with emails containing PDFs that link to short-lived Glitch apps hosting credential-harvesting SharePoint phishing pages, researchers have found. Researchers from DomainTools discovered the suspicious PDFs – which...

7.2AI score
Exploits0References8
OSV
OSV
added 2021/09/09 7:15 p.m.5 views

CVE-2021-28914

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because the strength is shown in configuration tool, but finally not enforced. This is usable and part of an attack chain to gain SSH root access...

6.5CVSS6.6AI score0.01018EPSS
Exploits0References1
Prion
Prion
added 2021/09/09 6:15 p.m.14 views

Default credentials

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow unauthenticated attackers to access uncontrolled the login service at /webif/SecurityModule in a brute force attack. The password could be weak and default username is known as 'admin'. This is usable and part of an attack chain to gain SS...

5CVSS9.6AI score0.01391EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/09/09 6:15 p.m.14 views

Hardcoded credentials

BAB TECHNOLOGIE GmbH eibPort V3. Each device has its own unique hard coded and weak root SSH key passphrase known as 'eibPort string'. This is usable and the final part of an attack chain to gain SSH root access...

9CVSS7.1AI score0.01226EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2021/08/22 9:51 a.m.501 views

WARNING: Microsoft Exchange Under Attack With ProxyShell Flaws

The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as...

10CVSS1AI score0.99999EPSS
Exploits18
Microsoft Secure
Microsoft Secure
added 2021/05/05 10:0 p.m.60 views

Stopping Carbanak+FIN7: How Microsoft led in the MITRE Engenuity® ATT&CK® Evaluation

In MITRE Engenuity’s recent Carbanak+FIN7 ATT&CK Evaluation, Microsoft demonstrated that we can stop advanced, real-world attacks by threat actor groups with our industry-leading security capabilities. In this year’s evaluation, we engaged our unified Microsoft 365 Defender stack, with...

Exploits0
NVD
NVD
added 2021/03/16 4:15 p.m.14 views

CVE-2021-22887

A vulnerability in the BIOS of Pulse Secure PSA-Series Hardware models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device...

2.3CVSS0.00249EPSS
Exploits0References2
Rows per page
Query Builder