Obfuscation in the Wild: Targeted Attackers Lead the Way in Evasion Techniques

Throughout 2017 we have observed a marked increase in the use of command line evasion and obfuscation by a range of targeted attackers. Cyber espionage groups and financial threat actors continue to adopt the latest cutting-edge application whitelisting bypass techniques and introduce innovative...

Navetti PricePoint 4.6.0.0 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery

Navetti PricePoint 4.6.0.0 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery ======================================================================= title: Multiple vulnerabilities product: Navetti PricePoint vulnerable version: 4.6.0.0 fixed version: 4.7.0.0 or higher CVE number: -...

Arbitrary Code Injection

Overview mobile-icon-resizer resizes large images for use as icons for iOS and Android. mobile-icon-resizer has a code execution vulnerability in versions before 0.4.3. mobile-icon-resizer takes an options object as an argument to define the resulting icons as such: var options = config:...

U.S. Dept Of Defense: Remote File Inclusion, Malicious File Hosting, and Cross-site Scripting (XSS) in ████████

Details: There is currently a security misconfiguration on plain.php function located on the host http://██████████/ allowing attackers to include webserver contents of their choosing no restriction on filetypes and/or IP addresses, as well as embed malicious javascript payloads in the response v...