69 matches found
EUVD-2004-0474
Malware in sbrugna...
EUVD-2017-15476
Malware in sbrugna...
Ubuntu 14.04 LTS : libmspack vulnerabilities (USN-7788-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7788-1 advisory. Jakub Wilk discovered that libmspack did not correctly handle certain integer operations and bounds checking. A remote attacker could possibly use this...
N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks
The North Korea-linked threat actor known as Kimsuky aka Black Banshee, Emerald Sleet, or Springtail has been observed shifting its tactics, leveraging Compiled HTML Help CHM files as vectors to deliver malware for harvesting sensitive data. Kimsuky, active since at least 2012, is known to target...
The Updated APT Playbook: Tales from the Kimsuky threat actor group
Co-authors are Christiaan Beek and Raj Samani Within Rapid7 Labs we continually track and monitor threat groups. This is one of our key areas of focus as we work to ensure that our ability to protect customers remains constant. As part of this process, we routinely identify evolving tactics from...
STARK#MULE Targets Koreans with U.S. Military-themed Document Lures
An ongoing cyber attack campaign has set its sights on Korean-speaking individuals by employing U.S. Military-themed document lures to trick them into running malware on compromised systems. Cybersecurity firm Securonix is tracking the activity under the name STARKMULE. The scale of the attacks i...
North Korean Kimsuky Hackers Strike Again with Advanced Reconnaissance Malware
The North Korean advanced persistent threat APT group known as Kimsuky has been observed using a piece of custom malware called RandomQuery as part of a reconnaissance and information exfiltration operation. "Lately, Kimsuky has been consistently distributing custom malware as part of...
Tonto Team Uses Anti-Malware File to Launch Attacks on South Korean Institutions
South Korean education, construction, diplomatic, and political institutions are at the receiving end of new attacks perpetrated by a China-aligned threat actor known as the Tonto Team. "Recent cases have revealed that the group is using a file related to anti-malware products to ultimately execu...
Bitter APT Group Targets Chinese Energy Sector with New phishing Campaign
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary A new cyber espionage campaign targeting the energy sector in China by the South Asian threat group Bitter APT. The campaign involves the use of social engineering tactics through phishing emails that...
Ubuntu: Security Advisory (USN-3393-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5423-2: ClamAV vulnerabilities
USN-5423-1 fixed several vulnerabilities in ClamAV. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Original advisory details: Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause...
USN-5423-1: ClamAV vulnerabilities
Michał Dardas discovered that ClamAV incorrectly handled parsing CHM files. A remote attacker could possibly use this issue to cause ClamAV to stop responding, resulting in a denial of service. CVE-2022-20770 Michał Dardas discovered that ClamAV incorrectly handled parsing TIFF files. A remote...
openSUSE 15 Security Update : libmspack (openSUSE-SU-2022:0069-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2022:0069-1 advisory. - DISPUTED chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative...
Masslogger Swipes Outlook, Chrome Credentials
Cybercriminals are targeting Windows users with a new variant of the Masslogger trojan, which is spyware designed to swipe victims’ credentials from Microsoft Outlook, Google Chrome and various instant-messenger accounts. Researchers uncovered the campaign targeting users in Italy, Latvia and...
EulerOS 2.0 SP8 : libmspack (EulerOS-SA-2020-1014)
According to the version of the libmspack package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - DISPUTED chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative...
MGASA-2019-0248 Updated libmspack packages fix security vulnerability
Updated libmspack packages fix security vulnerability: It was discovered that libmspack incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information CVE-2019-1010305...
USN-4066-2: ClamAV vulnerability
USN-4066-1 fixed a vulnerability in libmspack. This update provides the corresponding update for ClamAV in Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled certain CHM files. A remote attacker could possibly use this issue to acce...
Ubuntu 16.04 LTS / 18.04 LTS : libmspack vulnerability (USN-4066-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4066-1 advisory. It was discovered that libmspack incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive informatio...
USN-4066-1 libmspack vulnerability
It was discovered that libmspack incorrectly handled certain CHM files. A remote attacker could possibly use this issue to access sensitive information...
PT-2019-4926
Name of the Vulnerable Software and Affected Versions libmspack version 0.9.1alpha Description The issue is caused by a buffer overflow in the chmd read headers function in the libmspack library, which can allow a remote attacker to disclose protected information using a specially crafted chm fil...