New Malware Takes Commands From Memes Posted On Twitter

Security researchers have discovered yet another example of how cybercriminals disguise their malware activities as regular traffic by using legitimate cloud-based services. Trend Micro researchers have uncovered a new piece of malware that retrieves commands from memes posted on a Twitter accoun...

Security Bulletin: Multiple Vulnerabilities in IBM Runtime Environments Java Technology Edition, Versions 6, 7, & 8 Affect Transformation Extender

Summary There are multiple vulnerabilities in IBM® Runtime Environments Java™ Technology Edition versions 6, 7, & 8 that are used by Transformation Extender. This issue was disclosed as part of the IBM Java SDK updates in October 2017. Vulnerability Details CVEID: CVE-2017-10356 DESCRIPTION: An...

US-CERT Warns of More CryptoLocker Ransomware Infections

CryptoLocker is a devious evolution of now-familiar ransomware schemes in which the malware encrypts files it finds on a number of network resources and demands a ransom for the decryption key. US-CERT issued an advisory today warning businesses and consumers of the risks presented by CryptoLocke...

Cybercriminals Use Evernote as C&C

At least one group of cybercriminals has taken to Evernote, the popular cloud-based note-taking and data-sharing service, as a base of operations for a data stealing Trojan, according to TrendMicro threat response engineer Nikko Tamana. TrendMicro detected the threat as “BKDRVERNOT.A” and observe...

CVE-2012-5345

Buffer overflow in the Remote command server Rcmd.bat in IpTools aka Tiny TCP/IP server 0.1.4 allows remote attackers to cause a denial of service crash via a long string to TCP port 23...

Buffer overflow

Buffer overflow in the Remote command server Rcmd.bat in IpTools aka Tiny TCP/IP server 0.1.4 allows remote attackers to cause a denial of service crash via a long string to TCP port 23...

CVE-2012-5345

Buffer overflow in the Remote command server Rcmd.bat in IpTools aka Tiny TCP/IP server 0.1.4 allows remote attackers to cause a denial of service crash via a long string to TCP port 23...

CVE-2012-5345

CVE-2012-5345 affects IpTools (Tiny TCP/IP server) 0.1.4, specifically the Remote command server (Rcmd.bat). The vulnerability is a buffer overflow in the Rcmd.bat component that can be triggered remotely by sending a long string to TCP port 23, leading to a denial of service (crash). The provide...

Carberp: It's Not Over Yet

On 20 March, Russian law enforcement agencies announced the arrest of a cybercriminal gang involved in stealing money using the Carberp Trojan. This is very good news, but unfortunately does not mark the end of the Carberp story. Evidently, those arrested were just one of the criminal gangs using...

IpTools 0.1.4 Overflow

Title: IpToolsTiny TCP/IP server - Rcmd Remote Overflow Vulnerability Software : IpToolsTiny TCP/IP server Software Version : 0.1.4 Vendor: http://iptools.sourceforge.net/iptools.html Class: Boundary Condition Error CVE: Remote: Yes Local: No Published: 2012-01-07 Updated: Impact : High Bug...

IPtools 0.1.4 - Remote Buffer Overflow

source: https://www.securityfocus.com/bid/51312/info IPtools is prone to a remote buffer-overflow vulnerability because it fails to bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Exploiting this vulnerability may allow remote attackers to execute...

CVE-2011-1378

IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM group are established, does not properly verify User Authorization File UAF data, which allows local users to kill listener processes and the command server via a control command...

Researchers Find Trojan Using Facebook

Researchers at Symantec have discovered a trojan that uses Facebook to communicate with a control and command server. Dubbed “whitewell” this malware spreads via email, contacts the mobile version of Facebook and uses its Notes section to perform actions based on the Notes titles. Andrea Lelli...

IBM DB2 db2rcmd.exe Command Execution Vulnerability

This module exploits a vulnerability in the Remote Command Server component in IBM's DB2 Universal Database 8.1. An authenticated attacker can send arbitrary commands to the DB2REMOTECMD named pipe which could lead to administrator privileges. This module requires Metasploit:...

CVE-2004-0795

DB2 8.1 remote command server DB2RCMD.EXE executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe...

CVE-2004-0795

DB2 8.1 remote command server DB2RCMD.EXE executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe...

Sasser Virus Detection

The Sasser worm is infecting this host. Specifically, a backdoored command server may be listening on port 9995 or 9996 and an ftp server used to load malicious code is listening on port 5554 or 1023. There is every indication that the host is currently scanning and infecting other systems. C...