Separ Malware Plucks Hundreds of Companies' Credentials in Ongoing Phish

An ongoing phishing campaign is using malicious PDF documents to spread Separ malware and ultimately steal victims’ browser and email credentials. Since the attack started at the end of January, it has affected around 200 companies and over 1,000 individuals, located mainly in Southeast Asia, the...

Important kernel security update: Virtuozzo ReadyKernel patch 72.0 for all supported Virtuozzo kernels and that of Virtuozzo Infrastructure Platform 2.5

The cumulative Virtuozzo ReadyKernel patch was updated with a security fix. The patch applies to all supported Virtuozzo kernels and that of Virtuozzo Infrastructure Platform 2.5. Vulnerability id: PSBM-91042 It was discovered that a malicious user logged in to a Virtuozzo container could...

AddressSanitizer (ASan) - SUID Executable Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer ASan. ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The logpath option can be set using the...

AddressSanitizer (ASan) SUID Executable Privilege Escalation

This module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer ASan. ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The logpath option can be set using the ASANOPTIONS...

Google Android Access Privilege Control Vulnerability

Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance OHA. An access control vulnerability exists in Yocto in Android, which stems from the program not enforcing proper access control. An attacker could exploit the vulnerability to cause...

CVE-2018-11956

In all android releasesAndroid for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, improper mounting lead to device node and executable to be run from /dsp/ which presents a potential security issue...

CVE-2018-12368

Windows 10 does not warn users before opening executable files with the SettingContent-ms extension even when they have been downloaded from the internet and have the "Mark of the Web." Without the warning, unsuspecting users unfamiliar with this new file type might run an unwanted executable. Th...

USN-3789-2: ClamAV vulnerabilities

USN-3789-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that ClamAV incorrectly handled unpacking MEW executables. A remote attacker could possibly use this issue to cause ClamAV to crash, resulti...

USN-3789-1 clamav vulnerability

It was discovered that ClamAV incorrectly handled unpacking MEW executables. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service...

Music Center for PC Incorrectly Validates Software Update Files Vulnerability

Music Center for PC is an application for organizing and transferring music on audio devices made by Sony. Music Center for PC is vulnerable to incorrectly validating software update files, which, under a man-in-the-middle attack, could allow the download and execution of specially crafted...

Malwoverview - Tool To Perform An Initial And Quick Triage On Either A Directory Containing Malware Samples Or A Specific Malware Sample

Malwoverview.py is a simple tool to perform an initial and quick triage on a directory containing malware samples not zipped. This tool aims to : 1. Determining similar executable malware samples PE/PE+ according to the import table imphash and group them by different colors pay attention to the...

CVE-2018-14808

Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products...

Brave Software: RCE: DnDing shortcut files to chrome://brave allows loading HTML files in Muon's context

Summary: \395737 has shown that Brave supports chrome://brave/ URLs. The Brave team introduced a patch which blocks navigation to chrome://brave and removed chrome.remote.require to prevent command execution on the machine. Navigation to chrome://brave via shortcut files From my understanding: 1...

Microsoft Windows Defender AV: Block executable content from email client and webmail

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winavblockexeccontentmail.nasl 11495 2018-09-20 10:06:25Z emoss $ Check value for Configure Attack Surface Reduction rules: Block executable content from email client and webmail Authors: Emanuel Moss Copyright: Copyright c...

Microsoft Windows Defender AV: Process Exclusions

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winavprocessexclusions.nasl 11495 2018-09-20 10:06:25Z emoss $ Check value for Process Exclusions Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free...

Apache Struts 2 Namespace Redirect OGNL Injection

This module exploits a remote code execution vulnerability in Apache Struts version 2.3 - 2.3.4, and 2.5 - 2.5.16. Remote Code Execution can be performed via an endpoint that makes use of a redirect action. Note that this exploit is dependant on the version of Tomcat running on the target. Versio...

Reversing malware in a custom format: Hidden Bee elements

Malware can be made of many components. Often, we encounter macros and scripts that work as malicious downloaders. Some functionalities can also be achieved by position-independent code—so-called shellcode. But when it comes to more complex elements or core modules, we almost take it for granted...

CVE-2018-15809

AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. This may allow local attackers to compromise the integrity of critical resource and executable files...

CVE-2018-14791

Emerson DeltaV DCS versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, R5 may allow non-administrative users to change executable and library files on the affected products...

Code injection

In Philips' IntelliSpace Cardiovascular ISCV products ISCV Version 2.x or prior and Xcelera Version 4.1 or prior, an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local...