32 matches found
Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape
In April 2024, Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using...
UBUNTU-CVE-2024-45752
logiops through 0.3.4, in its default configuration, allows any unprivileged user to configure its logid daemon via an unrestricted D-Bus service, including setting malicious keyboard macros. This allows for privilege escalation with minimal user interaction...
DEBIAN-CVE-2024-28244
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using \def or \newcommand that causes a near-infinite loop, despite setting maxExpand to avoid such loops. KaTeX supports an option named...
New Attack Drops LokiBot Malware Via Malicious Macros in Word Docs
By Waqas LokiBot, a notorious Trojan active since 2015, specializes in stealing sensitive information from Windows machines, posing a significant threat to user data. This is a post from HackRead.com Read the original post: New Attack Drops LokiBot Malware Via Malicious Macros in Word Docs...
N. Korean Kimsuky Hackers Using New Recon Tool ReconShark in Latest Cyberattacks
The North Korean state-sponsored threat actor known as Kimsuky has been discovered using a new reconnaissance tool called ReconShark as part of an ongoing global campaign. "ReconShark is actively delivered to specifically targeted individuals through spear-phishing emails, OneDrive links leading ...
Threat Roundup for March 10 to March 17
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 10 and March 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...
No More Macros? Better Watch Your Search Results!
No More Macros? Better Watch Your Search Results! By Pham Duy Phuc and Max Kersten · February 08, 2023 Threat actors often rely on the same techniques until their hand is forced, usually due to defensive changes or chance-based opportunities, to leverage a new technique. Malicious macros in...
No More Macros? Better Watch Your Search Results!
No More Macros? Better Watch Your Search Results! By Pham Duy Phuc · February 08, 2023 This blog was also written by Max Kersten Threat actors often rely on the same techniques until their hand is forced, usually due to defensive changes or chance-based opportunities, to leverage a new technique...
Ekipa RAT A High-Priced and Evolving Threat for Targeted Attacks
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Ekipa is a remote access trojan RAT that is used for targeted attacks and can be purchased on underground forums for a high price of$3,900. It primarily spreads and operates through the use of Microsoft...
Microsoft Adds Default Protection Against RDP Brute-Force Attacks in Windows 11
Microsoft is now taking steps to prevent Remote Desktop Protocol RDP brute-force attacks as part of the latest builds for the Windows 11 operating system in an attempt to raise the security baseline to meet the evolving threat landscape. To that end, the default policy for Windows 11 builds –...
jscom RevoWorks 安全漏洞
J's Communication RevoWorks Browser and J's Communication RevoWorks Desktop are both products of J's Communication Japan. J's Communication RevoWorks Browser is a web browser and J's Communication RevoWorks Desktop is a remote office solution. Provides secure browser and virtual desktop...
JVN#27256219: RevoWorks incomplete filtering of MS Office v4 macros
RevoWorks SCVX, RevoWorks Browser and RevoWorks Desktop provided by J's Communication Co., Ltd. enables users to execute web browsers, accessing drives, folders, files and registries in a sandboxed environment. Users can download files from the internet to the sandboxed environment, sanitizing...
Researchers Uncover New Iranian Hacking Campaign Targeting Turkish Users
Details have emerged about a previously undocumented malware campaign undertaken by the Iranian MuddyWater advanced persistent threat APT group targeting Turkish private organizations and governmental institutions. "This campaign utilizes malicious PDFs, XLS files and Windows executables to deplo...
PT-2021-18924 · Apple +1 · Apple Macos +1
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 12.0.1 macOS Big Sur versions prior to 11.6.6 Description: A logic issue was addressed with improved state management. This issue allows a sandboxed process to potentially circumvent sandbox restrictions. The...
Ferocious Kitten: 6 years of covert surveillance in Iran
Ferocious Kitten is an APT group that since at least 2015 has been targeting Persian-speaking individuals who appear to be based in Iran. Although it has been active for a long time, the group has mostly operated under the radar and has not been covered by security researchers to the best of our...
Purgalicious VBA: Macro Obfuscation With VBA Purging
Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss "VBA Purging", a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in Februa...
New Emotet delivery method spotted during downward detection trend
Emotet, one of cybersecurity’s most-feared malware threats, got a superficial facelift this week, hiding itself within a fake Microsoft Office request that asks users to update Microsoft Word so that they can take advantage of new features. This revamped presentation could point to internal effor...
IcedID Banker is Back, Adding Steganography, COVID-19 Theme
A new version of the IcedID banking trojan has debuted that notably embraces steganography – the practice of hiding code within images – in order to stealthily infect victims. It has also changed up its process for eavesdropping on victims’ web activity. Researchers at Juniper Threat Labs have...
Espionage Group Hits U.S. Utilities with Sophisticated Spy Tool
The APT known as TA410 has added a modular remote-access trojan RAT to its espionage arsenal, deployed against Windows targets in the United States’ utilities sector. According to researchers at Proofpoint, the RAT, called FlowCloud, can access installed applications and control the keyboard,...
TrickBot Adds ActiveX Control, Hides Dropper in Images
The TrickBot banking trojan has gotten trickier, with the addition of a Windows 10 ActiveX control to execute malicious macros in boobytrapped documents. Michael Gorelik, researcher at Morphisec Labs, said that at least two dozen documents have come to light in the last few weeks that use ActiveX...