OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal

During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. The results of the investigation have shown that the...

Important: Red Hat Security Advisory: shim security update

An update for shim is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

Important: Red Hat Security Advisory: shim security update

An update for shim is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security...

The vulnerability of the UEFI loader’s shim, related to reading beyond the field, allows an attacker to disclose protected information.

The vulnerability of the UEFI loader “shim” is related to errors in reading data beyond the boundary, when attempting to verify the SBAT information. Exploiting this vulnerability can allow an attacker to disclose the protected information...

Stories from the SOC Part 2: MSIX Installer Utilizes Telegram Bot to Execute IDAT Loader

Rapid7’s Managed Detection and Response MDR team continuously monitors our customers' environments, identifying emerging threats and developing new detections. In August 2023, Rapid7 identified a new malware loader named the IDAT Loader. Malware loaders are a type of malicious software designed t...

Lenovo PC 安全漏洞

Lenovo PC is a line of computers from the Chinese company Lenovo. A security vulnerability exists in Lenovo PC that originates from a buffer overflow vulnerability in the system recovery boot loader. A privileged attacker with local access rights can exploit the vulnerability to execute arbitrary...

Lenovo PC 安全漏洞

Lenovo PC is a line of computers from the Chinese company Lenovo Lenovo. A security vulnerability exists in Lenovo PC that originates from a flaw in the system recovery boot loader. A privileged attacker with local access could exploit the vulnerability to modify the boot manager and elevate...

The vulnerability of the write_indexes() function in the GdkPixbuf image loading library allows a attacker to cause a service failure.

The vulnerability of the GdkPixbuf image loading library is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow an attacker to cause a service failure...

Watch Out for 'Latrodectus' - This Malware Could Be In Your Inbox

Threat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023. "Latrodectus is an up-and-coming downloader with various sandbox evasion functionality," researchers from Proofpoint and Team Cymru said...

CVE-2024-26678

In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat section The .compat section is a dummy PE section that contains the address of the 32-bit entrypoint of the 64-bit kernel image if it is bootable from 32-bit firmware...

ROS-20240402-06

Vulnerability in the password protection mechanism of the Grub2 boot loader is related to the bypass of authentication by spoofing. Exploitation of the vulnerability could allow an attacker to bypass established access control...

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

A botnet previously considered to be rendered inert has been observed enslaving end-of-life EoL small home/small office SOHO routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from...

Stories from the SOC Part 1: IDAT Loader to BruteRatel

Rapid7’s Managed Detection and Response MDR team continuously monitors our customers' environments, identifying emerging threats and developing new detections. In August 2023, Rapid7 identified a new malware loader named the IDAT Loader. Malware loaders are a type of malicious software designed t...

PT-2024-10928 · Allied Telesis · At-S115

Name of the Vulnerable Software and Affected Versions: Allied Telesis AT-S115 version 1.2.0 before 1.00.024 with Boot Loader 1.00.006 Description: The issue allows Directory Traversal, which can lead to partial access to data. Recommendations: For Allied Telesis AT-S115 version 1.2.0 before...

New Go loader pushes Rhadamanthys stealer

Malware loaders also known as droppers or downloaders are a popular commodity in the criminal underground. Their primary function is to successfully compromise a machine and deploy one or multiple additional payloads. A good loader avoids detection and identifies victims as legitimate i.e. not...

EulerOS Virtualization 2.11.1 : glibc (EulerOS-SA-2024-1398)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulti...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2024-1426)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.0 : glibc (EulerOS-SA-2024-1426)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulti...

New BunnyLoader Malware Variant Surfaces with Modular Attack Features

Cybersecurity researchers have discovered an updated variant of a stealer and malware loader called BunnyLoader that modularizes its various functions as well as allow it to evade detection. "BunnyLoader is dynamically developing malware with the capability to steal information, credentials and...

DEBIAN-CVE-2024-26540

A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimglibrary::CImg::loadanalyze...