EUVD-2020-5833

Malware in sbrugna...

CVE-2019-1457

A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka 'Microsoft Office Excel Security Feature Bypass'...

APT34 targets Jordan Government using new Saitama backdoor

On April 26th, we identified a suspicious email that targeted a government official from Jordans foreign ministry. The email contained a malicious Excel document that drops a new backdoor named Saitama. Following our investigation, we were able to attribute this attack to the known Iranian Actor...

New Hacking Campaign Targeting Ukrainian Government with IcedID Malware

The Computer Emergency Response Team of Ukraine CERT-UA has warned of a new wave of social engineering campaigns delivering IcedID malware and leveraging Zimbra exploits with the goal of stealing sensitive information. Attributing the IcedID phishing attacks to a threat cluster named UAC-0041, th...

New UAC-0056 activity: There’s a Go Elephant in the room

This blog post was authored by Ankur Saini, Roberto Santos and Hossein Jazi. UAC-0056 also known as SaintBear, UNC2589 and TA471 is a cyber espionage actor that has been active since early 2021 and has mainly targeted Ukraine and Georgia. The group is known to have performed a wiper attack in...

poi: a specially crafted Microsoft Excel document allows attacker to read files from the local filesystem

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...

[The Lost Bots] Episode 3: Stories From the SOC

!\The Lost Bots\ Episode 3: Stories From the SOChttps://blog.rapid7.com/content/images/2021/08/-The-Lost-Bots--Episode-1--External-Threat-Intelligence.jpg Welcome back to The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security wi...

CVE-2020-13586

A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 Revision 1014. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this...

CVE-2020-13586

A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 Revision 1014. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this...

Heap overflow

A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 Revision 1014. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this...

SoftMaker Office PlanMaker Excel document record 0x00fc memory corruption vulnerability

Summary A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 Revision 1014. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigg...

TAU Threat Analysis: Hakbit Ransomware

The bad actors behind Hakbit ransomware recently released an updated variant of their ransomware, which encrypts the victim’s data and demands 3 Bitcoins in ransom payment. This updated variant is delivered via phishing email as a malicious Excel document, and contains added functionality from th...

TAU Threat Analysis: Hakbit Ransomware

The bad actors behind Hakbit ransomware recently released an updated variant of their ransomware, which encrypts the victim’s data and demands 3 Bitcoins in ransom payment. This updated variant is delivered via phishing email as a malicious Excel document, and contains added functionality from th...

CVE-2020-7947

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data...

CVE-2020-7947

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data...

Automatic macro execution bug in Office Mac _when_ macros are disabled

A security feature bypass vulnerability exists in Microsoft Office software by not enforcing macro settings on an Excel document, aka ‘Microsoft Office Excel Security Feature Bypass’. Recent assessments: busterb at November 14, 2019 10:37pm UTC reported: Saw this on Patrick Wardle’s twitter accou...

Apache POI Information Disclosure Vulnerability

Apache POI is an open source JAVA library for reading and writing Microsoft document formats . An information disclosure vulnerability exists in Apache POI 4.1.0 and earlier versions. When converting a user-supplied Microsoft Excel document using the XSSFExportToXml tool, an attacker can exploit...

CVE-2019-12415

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity XXE Processing...

CB TAU Threat Intelligence Notification: Formbook Harvests Data By Intercepting Clients

Formbook is an information stealer which has been around for the past few years. Formbook acts as a form grabber which harvests credentials, passwords, banking details, key strokes and network requests, by intercepting web browser and other clients such as email and IM. The particular sample...

Adobe Issues Patch for Actively Exploited Flash Player Zero-Day Exploit

If you have already uninstalled Flash player, well done! But if you haven't, here's another great reason for ditching it. Adobe has released a security patch update for a critical vulnerability in its Flash Player software that is actively being exploited in the wild by hackers in targeted attack...