Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

The threat actor known as Silver Fox has been spotted orchestrating a false flag operation to mimic a Russian threat group in attacks targeting organizations in China. The search engine optimization SEO poisoning campaign leverages Microsoft Teams lures to trick unsuspecting users into downloadin...

EUVD-2021-0925

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-29272

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the script...

Unveiling the Deceptive Dance: Phobos Ransomware Masquerading As VX-Underground

During a recent hunt, Qualys Threat Research has come across a ransomware family known as Phobos, impersonating VX-Underground. Phobos ransomware has been knocking on our door since early 2019 and is often seen being distributed via stolen Remote Desktop Protocol RDP connections. Strongly believe...

Keyboard layout dynamic sync not working with East Asian, Cyrillic language usernames

When a user using Windows English OS and the username chars are East Asian/Cyrillic Unicode, the Keyboard layout dynamic sync of the Citrix Workspace App will not work. The remote language bar’s language will always be the first-time synced language when the session is created. Changing Microsoft...

GO-2022-0762 Cross-site scripting due to incorrect sanitization in github.com/microcosm-cc/bluemonday

An XSS injection was possible because the sanitization of the Cyrillic character i bypass a protection mechanism against user-inputted HTML elements such as the tag...

Cross-site scripting in bluemonday

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string...

CVE-2021-29272

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string...

CVE-2021-29272

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string...

CVE-2021-29272

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string...

Design/Logic Flaw

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string...

UBUNTU-CVE-2021-29272

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string...

CVE-2021-29272

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string...

CVE-2021-29272

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string...

CVE-2021-29272

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string...

MontysThree: Industrial espionage with steganography and a Russian accent on both sides

In summer 2020 we uncovered a previously unknown multi-module C++ toolset used in highly targeted industrial espionage attacks dating back to 2018. Initially the reason for our interest in this malware was its rarity, the obviously targeted nature of the campaign and the fact that there are no...

CactusPete APT group’s updated Bisonal backdoor

CactusPete also known as Karma Panda or Tonto Team is an APT group that has been publicly known since at least 2013. Some of the groups activities have been previously described in public by multiple sources. We have been investigating and privately reporting on this groups activity for years as...

CARBANAK Week Part One: A Rare Occurrence

It is very unusual for FLARE to analyze a prolifically-used, privately-developed backdoor only to later have the source code and operator tools fall into our laps. Yet this is the extraordinary circumstance that sets the stage for CARBANAK Week, a four-part blog series that commences with this...

CVE-2019-10044

Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if for example Latin and Cyrillic characters...

CVE-2019-9970

Open Whisper Signal aka Signal-Desktop through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are vulnerable to an IDN homograph attack when displaying messages containing URLs. This occurs because the application produces a clickable link even if for example Latin...