477 matches found
OfflRouter Malware Evades Detection in Ukraine for Almost a Decade
Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform...
Toolkit - The Essential Toolkit For Reversing, Malware Analysis, And Cracking
This tool compilation is carefully crafted with the purpose of being useful both for the beginners and veterans from the malware analysis world. It has also proven useful for people trying their luck at the cracking underworld. It's the ideal complement to be used with the manuals from the site,...
U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Thursday issued an emergency directive ED 24-02 urging federal agencies to hunt for signs of compromise and enact preventive measures following the recent compromise of Microsoft's systems that led to the theft of email...
Stopping a K-12 cyberattack (SolarMarker) with ThreatDown MDR
In early 2024, a large K-12 school district partnered with ThreatDown MDR to strengthen its cybersecurity posture. Shortly after onboarding, ThreatDown MDR analysts detected unusual patterns of activity subsequently identified as the work of SolarMarker, a sophisticated backdoor. It became eviden...
PYSEC-2024-257
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...
CVE-2024-29190 MobSF SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in android:host, so requests can also ...
Cisco Secure Endpoint Buffer Overflow Vulnerability
Cisco Secure Endpoint Cisco AMP for Endpoints is the United States Cisco Cisco company's set of integrated static and dynamic malware analysis and threat intelligence in one of the endpoint applications. A buffer overflow vulnerability exists in the Cisco Secure Endpoint Connector for Windows...
SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks
Cybersecurity researchers have shed light on the command-and-control C2 server workings of a known malware family called SystemBC. "SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control C2 server, and a web administration...
CVE-2024-0320
Cross-Site Scripting in FireEye Malware Analysis AX affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user...
CVE-2024-0320
Cross-Site Scripting in FireEye Malware Analysis AX affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user...
Cross site scripting
Cross-Site Scripting in FireEye Malware Analysis AX affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user...
CVE-2024-0320 Cross-Site Scripting in FireEye Malware Analysis (AX)
Cross-Site Scripting in FireEye Malware Analysis AX affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user...
CVE-2024-0320
CVE-2024-0320 is a Cross-Site Scripting issue in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. The vulnerability allows an attacker to inject a crafted JavaScript payload via the application URL to retrieve a user’s session details. Public details consistently reference this vulne...
CVE-2024-0320 Cross-Site Scripting in FireEye Malware Analysis (AX)
Cross-Site Scripting in FireEye Malware Analysis AX affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user...
PT-2024-15468 · Fireeye · Fireeye Malware Analysis
Name of the Vulnerable Software and Affected Versions: FireEye Malware Analysis AX version 9.0.3.936530 Description: The issue allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user. This is achieved by...
Trellix Malware Analysis Cross-Site Scripting Vulnerability
Trellix Malware Analysis is a malware analysis software from Trellix, Inc. A cross-site scripting vulnerability exists in Trellix Malware Analysis version 9.0.3.936530, which stems from the presence of a cross-site scripting vulnerability. The vulnerability allows an attacker to send a specially...
How to Analyze Malware's Network Traffic in A Sandbox
Malware analysis encompasses a broad range of activities, including examining the malware's network traffic. To be effective at it, it's crucial to understand the common challenges and how to overcome them. Here are three prevalent issues you may encounter and the tools you'll need to address the...
MISP cross-site scripting vulnerability (CNVD-2023-9749884)
MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. Cross-site scripting vulnerability exists in versions prior to MISP 2.4.179. The...
7 Uses for Generative AI to Enhance Security Operations
Welcome to a world where Generative AI revolutionizes the field of cybersecurity. Generative AI refers to the use of artificial intelligence AI techniques to generate or create new data, such as images, text, or sounds. It has gained significant attention in recent years due to its ability to...
A deep dive into Phobos ransomware, recently deployed by 8Base group
Cisco Talos has recently observed an increase in activity conducted by 8Base, a ransomware group that uses a variant of the Phobos ransomware and other publicly available tools to facilitate their operations. Most of the groups Phobos variants are distributed by SmokeLoader, a backdoor trojan. Th...