New SuperBear Trojan Emerges in Targeted Phishing Attack on South Korean Activists

A new phishing attack likely targeting civil society groups in South Korea has led to the discovery of a novel remote access trojan called SuperBear. The intrusion singled out an unnamed activist, who was contacted in late August 2023 and received a malicious LNK file from an address impersonatin...

Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches

The U.S. Federal Bureau of Investigation FBI is warning that Barracuda Networks Email Security Gateway ESG appliances patched against a recently disclosed critical flaw continue to be at risk of potential compromise from suspected Chinese hacking groups. It also deemed the fixes as "ineffective"...

How to configure bookmarks on NetScaler Gateway

This is a step-by-step on how to create bookmarks on the NetScaler and attach those to specific AD groups...

Arbitrary Code Execution

org.alluxio:alluxio-core-common is vulnerable to Arbitrary Code Execution. The vulnerability is due to the lluxio.util.CommonUtils.getUnixGroups method which improperly sanitizes the shell command which is used to get the Unix groups of a user. This allows an attacker to inject arbitrary code int...

5 Types of Cyber Crime Groups

Discover the five main types of cyber crime groups: access as a service, ransomware as a service, bulletproof hosting, crowd sourcing, and phishing as a service as well as tips to strengthen your defense strategy...

USN-6295-1 libpod vulnerability

It was discovered that Podman incorrectly handled certain supplementary groups. An attacker could possibly use this issue to expose sensitive information or execute binary code...

USN-6295-1: Podman vulnerability

It was discovered that Podman incorrectly handled certain supplementary groups. An attacker could possibly use this issue to expose sensitive information or execute binary code...

Ubuntu 22.04 LTS : Podman vulnerability (USN-6295-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-6295-1 advisory. It was discovered that Podman incorrectly handled certain supplementary groups. An attacker could possibly use this issue to expose sensitive information or execu...

CVE-2023-38889

An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroupsjava.lang.String...

How the Microsoft Incident Response team helps customers remediate threats

Each year, organizations face tens of billions of malware, phishing, and credential threats—with real-world impacts. When an attack succeeds, it can result in grave impacts on any industry. For example, it could delay a police or fire department’s response to an emergency, prevent a hospital from...

New SystemBC Malware Variant Targets Southern African Power Company

An unknown threat actor has been linked to a cyber attack on a power generation company in southern Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack. "The proxy-capable backdoor was deployed alongside Cobalt Strike Beacons in a sout...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. Exploiting this vulnerability allows an attacker to listen to any group or user with a specially crafted group or username and receive messages for groups they are unauthorized to view. Remediation Upgrade...

FreeBSD : electron{22,23,24,25} -- multiple vulnerabilities (f3a35fb8-2d70-47c9-a516-6aad7eb222b1)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f3a35fb8-2d70-47c9-a516-6aad7eb222b1 advisory. - Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker t...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists because the an attacker can see the basic information on private groups that a public project has been shared with...

Information Disclosure

gitlab is vulnerable to Information Disclosure. The vulnerability exists due to lack of view permissions on members which allows an attacker to gain access to the members of private groups...

Use After Free

chromium is vulnerable to Use After Free. The vulnerability exists in the Tab Groups, which allows an attacker to engage in specific UI interactions causing heap corruptions via a maliciously crafted HTML page...

CVE-2023-4002

Removed by vendor...

PT-2023-27214 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.1 through 16.0.7 GitLab EE versions 16.1 through 16.1.2 GitLab EE versions 16.2 through 16.2.1 Description: An issue has been discovered in GitLab EE where EE-licensed users could link any security policy project by its ...

CVE-2023-37498

A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges...

Design/Logic Flaw

A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges...