106 matches found
Denial of service
A Denial-of-Service DoS vulnerability was discovered in Team Server in HelpSystems Cobalt Strike 4.2 and 4.3. It allows remote attackers to crash the C2 server thread and block beacons' communication with it...
Lemon Duck Cryptojacking Botnet Changes Up Tactics
The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers. That’s according to researchers at Cisco Talos, who said that the cybercrime group behind Lemon Duck has also added the Cobalt Strike attack framework...
Qualcomm Wlan Firmware Buffer Error Vulnerability
Qualcomm Wlan Firmware is a Wlan support firmware from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Wlan Firmware that originates from a buffer over-read due to improper IE length checking in receive beacons...
CVE-2020-11212
Out of bounds reads while parsing NAN beacons attributes and OUIs due to improper length of field check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon...
Input validation
Out of bounds reads while parsing NAN beacons attributes and OUIs due to improper length of field check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon...
CVE-2020-11212
Out of bounds reads while parsing NAN beacons attributes and OUIs due to improper length of field check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon...
CVE-2020-11212
CVE-2020-11212 describes an out-of-bounds read during parsing of NAN beacon attributes and OUIs caused by an improper length check in Qualcomm Snapdragon components (Auto, Compute, Connectivity, CE Connectivity, Consumer IoT, Industrial IoT, IoT, Mobile, Voice & Music, Wired Infrastructure and Ne...
CVE-2020-16969
An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user. To exploit the vulnerability, an attacker could include...
CVE-2020-16969
An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user. To exploit the vulnerability, an attacker could include...
Information disclosure
An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user. To exploit the vulnerability, an attacker could include...
suricata-rules
This repository contains Suricata IDS Intrusion Detection System rules for detecting various types of malicious activity, including CobaltStrike, CryptoMiner, and other threats. The rules are designed to identify specific patterns and behaviors associated with these threats. The rules are organiz...
Microsoft Exchange Information Disclosure Vulnerability
An information disclosure vulnerability exists in how Microsoft Exchange validates tokens when handling certain messages. An attacker who successfully exploited the vulnerability could use this to gain further information from a user. To exploit the vulnerability, an attacker could include...
CVE-2020-12858
Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons...
Code injection
Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons...
EFF: Google, Apple's Contact-Tracing System Open to Cyberattacks
Privacy advocates are urging developers to proceed with caution as they use technology released by Apple and Google to build COVID-19 contact-tracing apps — and are warning against the potential for cybercriminal use. On the latter point, the system is meant to help people know if they have come...
Google and Apple Plan to Turn Phones into COVID-19 Contact-Tracking Devices
Tech giants Apple and Google have joined forces to develop an interoperable contact-tracing tool that will help individuals determine if they have come in contact with someone infected with COVID-19. As part of this new initiative, the companies are expected to release an API that public agencies...
Google and Apple Plan to Turn Phones into COVID-19 Contact-Tracking Devices
Tech giants Apple and Google have joined forces to develop an interoperable contact-tracing tool that will help individuals determine if they have come in contact with someone infected with COVID-19. As part of this new initiative, the companies are expected to release an API that public agencies...
Using Ultrasonic Beacons to Track Users
I've previously written about ad networks using ultrasonic communications to jump from one device to another. The idea is for devices like televisions to play ultrasonic codes in advertisements and for nearby smartphones to detect them. This way the two devices can be linked. Creepy, yes. And als...
Wikileaks Unveils CIA's Man-in-the-Middle Attack Tool
Wikileaks has published a new batch of the Vault 7 leak, detailing a man-in-the-middle MitM attack tool allegedly created by the United States Central Intelligence Agency CIA to target local networks. Since March, WikiLeaks has published thousands of documents and other secret tools that the...
Ultrasonic Beacons Are Tracking Your Every Movement
More than 200 Android mobile applications listen surreptitiously for ultrasonic beacons embedded in audio that are used to track users and serve them with targeted advertising. Academics from Technische Universitat Braunschweig in Germany recently published a paper in which they describe their...