Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign

Emergent threats evolve quickly. We will update this blog with new information as it comes to light and we are able to verify it. Erick Galinkin, Ted Samuels, Zach Dayton, Eoin Miller, Caitlin Condon, Stephen Fewer, Spencer McIntyre, and Christiaan Beek all contributed to this blog. On Wednesday,...

MSI Dump - A Tool That Analyzes Malicious MSI Installation Packages, Extracts Files, Streams, Binary Data And Incorporates YARA Scanner

MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner. On Macro-enabled Office documents we can quickly use oletools mraptor to determine whether document is malicious. If we want to dissect it further, we could...

[SECURITY] Fedora 38 Update: rizin-0.5.1-1.fc38.2

Rizin is a free and open-source Reverse Engineering framework, providing a complete binary analysis experience with features like Disassembler, Hexadecimal editor, Emulation, Binary inspection, Debugger, and more. Rizin is a fork of radare2 with a focus on usability, working features and co de...

3CX Desktop App Installed (Windows)

Binary data 3cxdesktopappinstalled.nbin...

Fedora: Security Advisory for rizin (FEDORA-2023-af305bed3d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Terramaster TOS Web Detection

Binary data terramastertosdetect.nbin...

3CX Desktop App Installed (macOS)

Binary data macos3cxdesktopappinstalled.nbin...

4 Steps to Creating a Powerful Research Lab for Reverse Engineering

However, manual lab setup and configuration can prove to be a laborious and time-consuming process. In this article, we'll look at 4 ways to create a reverse engineering lab, discuss how to save time, and, potentially, improve the detection rate using a sandbox-as-a-service, and a recommended lis...

MongoDB 安全漏洞

MongoDB is a document-oriented database management system from the American company MongoDB. A security vulnerability exists in MongoDB that stems from a potential infinite loop in C-Driver when validating certain BSON input data...

Fedora 38 : cutter-re / rizin (2023-af305bed3d)

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-af305bed3d advisory. rebase rizin to v0.5.1 and cutter-re to 0.2.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

ABB (CVE-2019-7229)

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: Utilization of USB/SD Card to flash the device and Remote provisioning process via ABB Panel Builder 600 over FTP. Neither of these transmission methods implements any form of encryption...

Golang Go Programming Language Installed (Windows)

Binary data golangwininstalled.nbin...

Memory corruption

A flaw was found in rizin. The createsectionfromphdr function allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads, which can lead to memory corruption and possibly code execution through the binary object's callback function...

Tenable Sensor Proxy Installed

Binary data sensorproxyinstalled.nbin...

PT-2023-12300 · Rizin · Rizin

Name of the Vulnerable Software and Affected Versions: rizin affected versions not specified Description: A flaw was found in the create section from phdr function, which allocates space for ELF section data by processing the headers. Crafted values in the headers can cause out of bounds reads,...

UPX 安全漏洞

UPX is a portable and extensible executable compression program. A security vulnerability exists in UPX, which stems from function PackLinuxElf32::invertptdynamic in plxelf.cpp:1688 that causes the "bucket" variable to point to an inaccessible address...

USN-5966-1: amanda vulnerabilities

Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. CVE-2022-37703 Maher Azzouzi discovered a privilege...

Amazon Linux 2023 : ImageMagick, ImageMagick-c++, ImageMagick-c++-devel (ALAS2023-2023-121)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-121 advisory. ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image e.g., for resize, the convert process could be left waiting for stdin input. CVE-2022-44267 ImageMagick...

Amazon Linux 2023 : protobuf, protobuf-compiler, protobuf-devel (ALAS2023-2023-049)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-049 advisory. A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to...

IBM Aspera Faspex Web Detection

Binary data ibmasperafaspexwebdetect.nbin...