Lucene search
K

77 matches found

Prion
Prion
added 2023/01/06 10:15 p.m.24 views

Design/Logic Flaw

The signature check in the Nokia ASIK AirScale system module version 474021A.101 can be bypassed allowing an attacker to run modified firmware. This could result in the execution of a malicious kernel, arbitrary programs, or modified Nokia programs...

4.3CVSS7.8AI score0.00217EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2022/09/14 10:10 a.m.43 views

How to Do Malware Analysis?

Based on the findings of Malwarebytes' Threat Review for 2022, 40 million Windows business computers' threats were detected in 2021. In order to combat and avoid these kinds of attacks, malware analysis is essential. In this article, we will break down the goal of malicious programs' investigatio...

0.5AI score
Exploits0
CNVD
CNVD
added 2022/08/12 12:0 a.m.17 views

Seven Cats Free Fiction has a flawed logic vulnerability

Seven Cats Free Novels is a great full-length novel reading program. Seven Cats Free Novels suffers from a logic flaw vulnerability that can be exploited by attackers to inject malicious programs into the application...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2022/02/08 12:42 p.m.27 views

Several Malware Families Using Pay-Per-Install Service to Expand Their Targets

A detailed examination of a Pay-per-install PPI malware service called PrivateLoader has revealed its crucial role in the delivery of a variety of malware such as SmokeLoader, RedLine Stealer, Vidar, Raccoon, and GCleaner since at least May 2021. Loaders are malicious programs used for loading...

1.5AI score
Exploits0
The Hacker News
The Hacker News
added 2021/09/04 7:50 a.m.65 views

Microsoft Says Chinese Hackers Were Behind SolarWinds Serv-U SSH 0-Day Attack

Microsoft has shared technical details about a now-fixed, actively exploited critical security vulnerability affecting SolarWinds Serv-U managed file transfer service that it has attributed with "high confidence" to a threat actor operating out of China. In mid-July, the Texas-based company...

10CVSS0.5AI score0.9116EPSS
Exploits2
Veracode
Veracode
added 2021/03/24 9:52 p.m.28 views

Arbitrary Code Execution

The bpf verifier in the Linux kernel is vulnerable to arbitrary code execution. A local attacker with the ability to load malicious bpf programs is able to exploit an out-of-bounds read through the bpf verifier and execute arbitrary code on the host OS...

7.8CVSS3AI score0.0061EPSS
Exploits0References8Affected Software3
OpenVAS
OpenVAS
added 2020/01/28 12:0 a.m.9 views

Linux: Hidden executables

Malicious programs, code, and scripts usually start with a dot . to hide themselves. Note: This script dramatically increases the scan duration. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

7.2AI score
Exploits0References1
ThreatPost
ThreatPost
added 2019/11/20 5:20 p.m.128 views

High-Severity Windows UAC Flaw Enables Privilege Escalation

Researchers disclosed details of a high-severity Microsoft Windows vulnerability that could give attackers elevated privileges – ultimately allowing them to install programs, and view, change or delete data. The bug stems from User Account Control UAC, a security feature of Windows within Secure...

7.2CVSS2.6AI score0.08589EPSS
Exploits7References8
CNVD
CNVD
added 2019/09/16 12:0 a.m.1 views

Siemens SIMATIC WinCC PdlComponents.dll control has an arbitrary file write vulnerability

Siemens SIMATIC is an automation software with a single engineering environment.WinCC supports the discovery and configuration of LAN device information with the PN-DCP protocol at the Ethernet layer. An arbitrary file write vulnerability exists in the Siemens SIMATIC WinCC PdlComponents.dll...

6.9AI score
Exploits0
ThreatPost
ThreatPost
added 2019/09/11 8:48 p.m.82 views

ThreatList: Apple Adware, Phishing, APT Attacks Threaten macOS Users

While macOS is often touted as “safer” on the cybersecurity front compared to Windows-based systems, cybercriminals are in fact increasingly targeting Apple’s ecosystem. The number of attacks on macOS users through malicious and potentially unwanted programs has been increasing annually since 201...

0.7AI score
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2019/09/10 7:0 a.m.50 views

Microsoft Compatibility Appraiser Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Compatibility Appraiser where a configuration file, with local privileges, is vulnerable to symbolic link and hard link attacks. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An...

7.8CVSS3.4AI score0.01183EPSS
Exploits0
NVD
NVD
added 2019/06/04 10:29 p.m.12 views

CVE-2019-5587

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods...

6.5CVSS6.5AI score0.00484EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2019/06/04 9:35 p.m.10 views

CVE-2019-5587

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods...

6.8AI score0.00484EPSS
Exploits0References2
Cvelist
Cvelist
added 2019/06/04 9:35 p.m.20 views

CVE-2019-5587

Lack of root file system integrity checking in Fortinet FortiOS VM application images all versions below 6.0.5 may allow attacker to implant malicious programs into the installing image by reassembling the image through specific methods...

6.5AI score0.00484EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2019/05/23 7:22 p.m.133 views

Knowing when it’s worth the risk: riskware explained

If there’s one thing I like more than trivia quizzes, it’s quotes. Positive, inspirational, and motivational quotes. Quotes that impart a degree of ancient wisdom, or those that make you stop and consider. Reading them melts our fears, sorrows, and feelings of inadequacy away. Some of the most...

7.1AI score
Exploits0
Debian CVE
Debian CVE
added 2019/03/25 5:47 p.m.22 views

CVE-2019-3827

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...

7CVSS7.4AI score0.00368EPSS
Exploits0
myhack58
myhack58
added 2019/02/22 12:0 a.m.276 views

WinRAR aeration elder has a major vulnerability that hackers can be malicious programs implanted in the boot process-vulnerability warning-the black bar safety net

Foreign security agencies to Check Point disclosed that of the famous compression software WinRAR the presence of a elder level of security vulnerability once used by hackers, hackers could a malicious app implant user's computer by a boot program, the vulnerability in 2005 already exists. WinRAR...

6.8CVSS0.8AI score0.96274EPSS
Exploits16
Malwarebytes
Malwarebytes
added 2018/07/26 5:21 p.m.56 views

Introducing: Malwarebytes Browser Extension

Are you tired of all the unwanted content the world wide web offers up, whether you like it or not? It is our privilege to introduce you to the Malwarebytes Browser Extension BETA. Or, better said, the Malwarebytes Browser Extensions, because we have one for Firefox and one for Chrome. Introducti...

0.2AI score
Exploits0
OpenVAS
OpenVAS
added 2018/06/27 12:0 a.m.34 views

Microsoft Windows: Windows Defender SmartScreen (Explorer)

This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloade...

6.9AI score
Exploits0References8
Securelist
Securelist
added 2018/01/25 11:0 a.m.101 views

Denis and Co.

In April 2017, we published a detailed review of a malicious program that used DNS tunneling to communicate to its C&C. That study prompted us to develop a technology to detect similar threats, which allowed us to collect a multitude of malware samples using DNS tunneling. In this article, we wil...

7.2AI score
Exploits0
Rows per page
Query Builder