Lucene search
K

87 matches found

Tenable Nessus
Tenable Nessus
added 2019/05/14 12:0 a.m.53 views

RHEL 7 : qemu-kvm (RHSA-2019:1185)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1185 advisory. Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide th...

5.9CVSS7.1AI score0.01553EPSS
Exploits0References11
Malwarebytes
Malwarebytes
added 2019/02/12 4:0 p.m.775 views

Exploit kits: winter 2019 review

Active malvertising campaigns in December and the new year have kept exploit kit activity from hibernating in winter 2019. We mostly observed Fallout and RIG with the occasional, limited GrandSoft appearance for wider geo-targeting. In addition, narrowly-focused exploit kits such as Magnitude,...

10CVSS9.6AI score0.89618EPSS
Exploits40
Malwarebytes
Malwarebytes
added 2019/01/21 4:48 p.m.244 views

A week in security (January 14 – 20)

Last week on the Malwarebytes Labs blog, we took a look at how the government shutdown is influencing cybersecurity jobs, Advanced Persistent Threats group APT10, the comeback of Fallout EK, the hosting of malicious sites on legitimate servers, and the Collection 1 data breach. Other cybersecurit...

4.6CVSS8.2AI score0.04679EPSS
Exploits2
ThreatPost
ThreatPost
added 2019/01/18 7:58 p.m.154 views

Fallout EK Retools for a Fresh New 2019 Look

A new version of the Fallout exploit kit EK has emerged, featuring new exploits and fresh payloads, including the GandCrab ransomware. The development shows that EKs have a lot of life yet left in them, researchers say. The Fallout EK generally finds its victims by way of malvertising campaigns,...

10CVSS9.8AI score0.81971EPSS
Exploits13References5
Malwarebytes
Malwarebytes
added 2019/01/17 7:51 p.m.291 views

Improved Fallout EK comes back after short hiatus

Edit 2019-01-24 Fallout EK introduces a new dropper to facilitate the final payload retrieval. This update replaces the plain MZ we saw for a little while. -- After a short hiatus in early January, the Fallout exploit kit is back in business again with some new features for the new year. During i...

10CVSS0.2AI score0.81971EPSS
Exploits13
Malwarebytes
Malwarebytes
added 2019/01/04 6:15 p.m.255 views

Vidar and GandCrab: stealer and ransomware combo observed in the wild

We have been tracking a prolific malvertising campaign for several weeks and captured a variety of payloads, including several stealers. One that we initially identified as Arkei turned out to be Vidar, a new piece of malware recently analyzed in detail by Fumik0 in his post: Let’s dig into Vidar...

7AI score
Exploits0
Trellix
Trellix
added 2018/10/30 12:0 a.m.11 views

Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims

ARCHIVED STORY Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims By John Fokker · October 30, 2018 Alexandr Solad and Daniel Hatheway of Recorded Future are coauthors of this post. Read Recorded Future’s version of this analysis. Rising from the deep, Kraken Cryptor ransomware has...

0.3AI score
Exploits0
Trellix
Trellix
added 2018/10/30 12:0 a.m.104 views

Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims

ARCHIVED STORY Fallout Exploit Kit Releases the Kraken Ransomware on Its Victims By John Fokker · October 30, 2018 Alexandr Solad and Daniel Hatheway ofRecorded Future are coauthors of this post. Read Recorded Future’s version of this analysis. Rising from the deep, Kraken Cryptor ransomware has...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/10/24 4:10 p.m.926 views

Exploit kits: fall 2018 review

Exploit kit EK activity continues to surprise us as the weather cools, the leaves change, and we move into the fall of 2018. Indeed, shortly after our summer review, a new exploit kit was discovered, and while no new vulnerabilities were added to the current EKs, several malvertising chains are...

7.6CVSS9.1AI score0.89618EPSS
Exploits28
ThreatPost
ThreatPost
added 2018/09/14 4:9 p.m.12 views

Five Weakest Links in Cybersecurity That Target the Supply Chain

Matan Or-El, co-founder and CEO at Panorays Third-party breaches have become an epidemic as cybercriminals target the weakest link. Organizations such as BestBuy, Sears, Delta and even NYU Medical Center are just a few that have felt the impact of cyberattacks through third-party vendors. The...

0.3AI score
Exploits0References6
Check Point Advisories
Check Point Advisories
added 2018/09/04 12:0 a.m.2 views

Fallout Exploit Kit Landing Page

Fallout exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...

2.8AI score
Exploits0
Fortinet
Fortinet
added 2018/04/13 12:0 a.m.65 views

AMD processors affected by vulnerabilities: Ryzenfall, Fallout, Chimera and Masterkey

A collection of AMD vulnerabilities known as "Ryzenfall, Fallout, Chimera, Masterkey" has been released. Attackers in possession of these vulnerabilities would receive additional capabilities, like persistence by malware injection, stealth, network credential theft and more. It affects AMD...

9.3CVSS3.9AI score0.01811EPSS
Exploits0Affected Software2
NVD
NVD
added 2018/03/22 2:29 p.m.15 views

CVE-2018-8933

The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3...

9.3CVSS9.2AI score0.01717EPSS
Exploits0References5
Prion
Prion
added 2018/03/22 2:29 p.m.13 views

Improper access control

The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3...

9.3CVSS9.1AI score0.01717EPSS
Exploits0References5
CVE
CVE
added 2018/03/22 2:0 p.m.61 views

CVE-2018-8933

CVE-2018-8933 affects AMD EPYC Server processors. The vulnerability stems from insufficient access control for protected memory regions (FALLOUT-1/2/3), enabling circumvention of platform security controls and potential unauthorized access to memory. Impact is described as high (confidentiality, ...

9.3CVSS9.1AI score0.01717EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2018/03/22 2:0 p.m.23 views

CVE-2018-8933

The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3...

9.2AI score0.01717EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2018/03/21 8:12 a.m.44 views

AMD Acknowledges Newly Disclosed Flaws In Its Processors — Patches Coming Soon

AMD has finally acknowledged 13 critical vulnerabilities, and exploitable backdoors in its Ryzen and EPYC processors disclosed earlier this month by Israel-based CTS Labs and promised to roll out firmware patches for millions of affected devices 'in the coming weeks.' According to CTS-Labs...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2018/03/20 5:46 p.m.29 views

AMD Acknowledges Vulnerabilities, Will Roll Out Patches In Coming Week

AMD on Tuesday acknowledged several vulnerabilities that had been previously reported in its Ryzen and EPYC chips, and said that it would roll out firmware patches for those flaws in the coming weeks. The response comes a week after Israel-based CTS-Labs said that it has discovered 13 critical...

7.6AI score
Exploits0References2
ThreatPost
ThreatPost
added 2018/03/13 4:4 p.m.8 views

AMD Investigating Reports of 13 Critical Vulnerabilities Found in Ryzen, EPYC Chips

Researchers on Tuesday said they found several critical security vulnerabilities in various AMD chips, allegedly opening them up to attackers who want to steal sensitive data and install malware on AMD servers, workstations and laptops. Israel-based CTS-Labs said that it has discovered 13 critica...

0.8AI score
Exploits0References4
hackapp
hackapp
added 2017/03/09 3:48 p.m.143 views

Fallout Shelter - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Fallout Shelter published at the 'play' market has multiple vulnerabilities...

0.4AI score
Exploits0References1Affected Software1
Rows per page
Query Builder