Lucene search
K

17 matches found

HackRead
HackRead
added 2026/04/01 12:43 p.m.4 views

Ransomware Groups Exploit Legit IT Tools to Bypass Antivirus

New research from Seqrite explains the 'dual-use dilemma,' where ransomware attackers repurpose legitimate IT tools like IOBit Unlocker…...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/10 12:0 a.m.4 views

On the Ethics of Using LLMs for Offensive Security

Large Language Models LLMs have rapidly evolved over the past few years and are currently evaluated for their efficacy within the domain of offensive cyber-security. While initial forays showcase the potential of LLMs to enhance security research, they also raise critical ethical concerns regardi...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/04/18 11:19 a.m.19 views

Using LLMs to Create Bioweapons

Im not sure there are good ways to build guardrails to prevent this sort of thing: There is growing concern regarding the potential misuse of molecular machine learning models for harmful purposes. Specifically, the dual-use application of models for predicting cytotoxicity18 to create new poison...

6.7AI score
Exploits0
Talos Blog
Talos Blog
added 2023/01/27 9:43 p.m.21 views

Talos Takes 126: Year in Review - Threat Landscape Edition

Were back with another year in review focused episode. This time the focus will be the threat landscape generally and Ill be joined by threat researcher Caitlin Huey. In this episode well discuss what we found in the last year, with a focus on the general threat landscape. Well spend time...

0.1AI score
Exploits0
Talos Blog
Talos Blog
added 2022/10/25 12:0 p.m.72 views

Quarterly Report: Incident Response Trends in Q3 2022

Ransomware and pre-ransomware engagements make up 40 percent of threats seen this quarter By Caitlin Huey. For the first time since compiling these reports, Cisco Talos Incident Response saw an equal number of ransomware and pre-ransomware engagements, making up nearly 40 percent of threats this...

9.3CVSS0.6AI score0.99999EPSS
Exploits425
The Hacker News
The Hacker News
added 2021/06/05 1:56 p.m.89 views

GitHub Updates Policy to Remove Exploit Code When Used in Active Attacks

Code-hosting platform GitHub Friday officially announced a series of updates to the site's policies that delve into how the company deals with malware and exploit code uploaded to its service. "We explicitly permit dual-use security technologies and content related to research into vulnerabilitie...

7.5AI score
Exploits0
ThreatPost
ThreatPost
added 2020/10/29 9:15 p.m.45 views

Kegtap, Singlemalt, Winekey Malware Serve Up Ransomware to Hospitals

The boozy names might sound like the kind of thing conjured up in a frat-house common room, but malware families Kegtap, Singlemalt and Winekey are being used to gain initial network access in potentially lethal ransomware attacks on healthcare organizations in the midst of a global pandemic,...

0.2AI score
Exploits0References14
ThreatPost
ThreatPost
added 2020/09/21 9:27 p.m.65 views

Fileless Malware Tops Critical Endpoint Threats for 1H 2020

In the first half of 2020, the most common critical-severity cybersecurity threat to endpoints was fileless malware, according to a recent analysis of telemetry data from Cisco. Fileless threats consist of malicious code that runs in memory after initial infection, instead of files being stored o...

0.6AI score
Exploits0References10
Talos Blog
Talos Blog
added 2020/07/08 7:12 a.m.29 views

WastedLocker Goes "Big-Game Hunting" in 2020

By Ben Baker, Edmund Brumaghin, JJ Cummings and Arnaud Zobec. Threat summary After initially compromising corporate networks, the attacker behind WastedLocker performs privilege escalation and lateral movement prior to activating ransomware and demanding ransom payment.The use of "dual-use" tools...

1.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.6 views

The vulnerability of the Mozilla SeaMonkey software package, which allows a malicious individual to trigger a service failure

The Mozilla SeaMonkey browser contains a vulnerability related to errors in the implementation of a certain type of key verification mechanism in the cryptoGenerateCRMFRequest method. Exploiting this vulnerability allows malicious actors to induce a service failure abnormal termination of the...

5CVSS7AI score0.01932EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2016/07/05 12:0 a.m.7 views

The vulnerability of the Firefox browser, which allows a malicious actor to trigger a service failure

Mozilla Firefox browser contains a vulnerability related to errors in the implementation of a certain type of key verification mechanism in the crypto.generateCRMFRequest method. Exploiting this vulnerability allows malicious actors, operating remotely, to cause a service failure abnormal...

5CVSS7AI score0.01932EPSS
Exploits0References3Affected Software1
ThreatPost
ThreatPost
added 2015/05/21 12:59 p.m.13 views

Proposed U.S. Wassenaar Rules on Intrusion Software

Two things worth noting from yesterday’s unveiling of the Bureau of Industry and Security’s proposed Wassenaar rules for the U.S. that weren’t so overt: a The U.S. generally leads the way in implementing Wassenaar changes, and this time it’s been beaten by the EU by almost 18 months; and b reques...

7.3AI score
Exploits0References4
seebug.org
seebug.org
added 2014/03/21 12:0 a.m.68 views

Mozilla多个产品crypto.generateCRMFRequest拒绝服务漏洞

CVE ID:CVE-2014-1498 Mozilla Firefox/SeaMonkey是Mozilla所发布的WEB浏览器/新闻组客户端。 Mozilla多个产品在生成ec-dual-use请求时crypto.generateCRFMRequest方法没有正确校验KeyParams参数的键值类型,允许攻击者利用漏洞进行拒绝服务攻击,使应用程序崩溃。 0 Mozilla Firefox 27 Mozilla Seamonkey 2.24 Mozilla Firefox 28,Seamonkey 2.25已经修复该漏洞,建议用户下载更新: http://www.mozilla.org...

5CVSS9.5AI score0.01778EPSS
Exploits1
Prion
Prion
added 2014/03/19 10:55 a.m.20 views

Design/Logic Flaw

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service application crash via vectors that trigger generation of a key that supports the Elliptic Curve...

5CVSS6.8AI score0.01778EPSS
Exploits1References8Affected Software7
CVE
CVE
added 2014/03/19 10:0 a.m.118 views

CVE-2014-1498

CVE-2014-1498 : The vulnerability affects Mozilla Firefox before 28.0 and SeaMonkey before 2.25, where crypto.generateCRMFRequest fails to validate a specific key type. This can cause remote crashes/DoS via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algo...

5CVSS8.8AI score0.01778EPSS
Exploits1References8Affected Software3
Cvelist
Cvelist
added 2014/03/19 10:0 a.m.33 views

CVE-2014-1498

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service application crash via vectors that trigger generation of a key that supports the Elliptic Curve...

8.9AI score0.01778EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2014/03/18 12:0 a.m.24 views

CVE-2014-1498

The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service application crash via vectors that trigger generation of a key that supports the Elliptic Curve...

5CVSS6.9AI score0.01778EPSS
Exploits1References3
Rows per page
Query Builder