New Cylance Ransomware Targets Linux and Windows Operating Systems

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Cylance ransomware is a new malware that is capable of adjusting to customized encryption tactics and can accept different command-line parameters. To receive real-time threat advisories, please follow...

New Cylance Ransomware Targets Linux and Windows, Warn Researchers

By Waqas For now, Cylance ransomware is still in its early stages, yet it has already claimed several victims. This is a post from HackRead.com Read the original post: New Cylance Ransomware Targets Linux and Windows, Warn Researchers...

Mortar - Evasion Technique To Defeat And Divert Detection And Prevention Of Security Products (AV/EDR/XDR)

red teaming evasion technique to defeat and divert detection and prevention of security products.Mortar Loader performs encryption and decryption of selected binary inside the memory streams and execute it directly with out writing any malicious indicator into the hard-drive. Mortar is able to...

CVE-2021-32021

A denial of service vulnerability in the message broker of BlackBerry Protect for Windows versions versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system...

CVE-2021-32023

An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows versions versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system...

CVE-2021-32021

A denial of service vulnerability in the message broker of BlackBerry Protect for Windows versions versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system...

CVE-2021-32023

An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows versions versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system...

Denial of service

A denial of service vulnerability in the message broker of BlackBerry Protect for Windows versions versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system...

Privilege escalation

An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows versions versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system...

Design/Logic Flaw

A low privileged delete vulnerability using CEF RPC server of BlackBerry Protect for Windows versions versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that has admin rights on the system and gaining the ability to delete...

CVE-2021-32023

CVE-2021-32023 is an elevation-of-privilege flaw in the message broker of BlackBerry Protect for Windows (versions 1574 and earlier). Exploitation involves abusing the Cylance/BlackBerry Cylance service context via ALPC to elevate from a local unprivileged account to SYSTEM, potentially allowing ...

Pun-free Cylance vulnerability, fixed

TL;DR Blackberry Cylance for Windows is affected by three vulnerabilities. CVE-2021-32021 - Denial of service in message broker. CVE-2021-32022 - Low privileged delete using CEF RPC server. CVE-2021-32023 - Elevation of privilege in message broker. A heap overflow resulting in a denial of service...

BlackBerry UEM 安全漏洞

Blackberry BlackBerry UEM is a cross-device platform for device, application and content management from Blackberry Canada. The platform allows organizations to view all users, devices, applications and policies in their environment through a single, integrated management panel. A security...

Blackberry Workspaces Server 安全漏洞

Blackberry Workspaces Server is an application from Blackberry of Canandaigua, Inc. an enterprise-grade content collaboration platform. A security vulnerability exists in BlackBerry Protect for Windows versions 1574 and earlier that could allow an attacker to execute code in a BlackBerry Cylance...

BlackBerry UEM 安全漏洞

Blackberry BlackBerry UEM is a cross-device platform for device, application and content management from Blackberry Canada. The platform allows organizations to view all users, devices, applications and policies in their environment through a single, integrated management panel. A security...

Citrix Provisioning Services Boot Degradation With Cylance Protect

1. Target Device TD boot times increase when Cylance Protect 2.1 is installed within the vDisk. The boot delay is after the OS has been delivered to the Target Device and is now resident in RAM. This is after our Target has transitioned from Single IO to Multi IO mode in a BIOS based TD...

New Zeppelin Ransomware Targeting Tech and Health Companies

A new variant of Vega ransomware family, dubbed Zeppelin, has recently been spotted in the wild targeting technology and healthcare companies across Europe, the United States, and Canada. However, if you reside in Russia or some other ex-USSR countries like Ukraine, Belorussia, and Kazakhstan,...

Cylance Antivirus Vulnerability

The CERT Coordination Center CERT/CC has released information on a vulnerability affecting Cylance Antivirus products. A remote attacker could bypass Cylance antivirus detection. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review CERT/CC...

Cylance Antivirus Products Susceptible to Concatenation Bypass

Overview The Cylance AI-based antivirus product, prior to July 21, 2019, contains flaws that allow an adversary to craft malicious files that the AV product will likely mistake for benign files. Description Cylance PROTECT is an endpoint protection system. It contains an antivirus functionality...

StrongPity APT Changes Tactics to Stay Stealthy

The APT group behind the sophisticated malware known as StrongPity a.k.a. Promethium has changed its tactics, after various research groups analyzed the malware and exposed its methods of deployment. The efforts have allowed the group to return to hidden status, even after being labeled a known...