Woody RAT: A new feature-rich malware spotted in the wild

This blog post was authored by Ankur Saini and Hossein Jazi The Malwarebytes Threat Intelligence team has identified a new Remote Access Trojan we are calling Woody Rat that has been in the wild for at least one year. This advanced custom Rat is mainly the work of a threat actor that targets...

Woody RAT: A new feature-rich malware spotted in the wild

This blog post was authored by Ankur Saini and Hossein Jazi The Malwarebytes Threat Intelligence team has identified a new Remote Access Trojan we are calling Woody Rat that has been in the wild for at least one year. This advanced custom Rat is mainly the work of a threat actor that targets...

F5 NGINX Instance Manager Denial of Service Vulnerability

NGINX Instance Manager NIM is part of F5's NGINX Management Suite NMS.The NIM module provides a REST API that uses standard authentication methods and HTTP response code, among other things.A denial of service vulnerability exists in F5 NGINX Instance Manager, which stems from a When using NGINX...

java-11-openj9,java-1_8_0-openj9: unverified methods can be invoked using MethodHandles

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles...

RHEL 8 : java-1.8.0-ibm (RHSA-2022:5837)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5837 advisory. IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE ...

Moderate: Red Hat Security Advisory: ruby:2.5 security update

An update for the ruby:2.5 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

GHSA-5MV2-VQQ7-MQ5H CSRF vulnerability in Jenkins OpenShift Deployer Plugin

OpenShift Deployer Plugin 1.2.0 and earlier does not perform permission checks in methods implementing form validation. These form validation methods do not require POST requests, resulting in a cross-site request forgery CSRF vulnerability...

CSRF vulnerability in Jenkins OpenShift Deployer Plugin

OpenShift Deployer Plugin 1.2.0 and earlier does not perform permission checks in methods implementing form validation. These form validation methods do not require POST requests, resulting in a cross-site request forgery CSRF vulnerability...

CVE-2022-36885

Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature...

Jenkins GitHub Plugin 安全漏洞

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

Malicious IIS extensions quietly open persistent backdoors into servers

Attackers are increasingly leveraging Internet Information Services IIS extensions as covert backdoors into servers, which hide deep in target environments and provide a durable persistence mechanism for attackers. While prior research has been published on specific incidents and variants, little...

Hackers for Hire: Adversaries Employ ‘Cyber Mercenaries’

A for-hire cybercriminal group is feeling the talent-drought in tech just like the rest of the sector and has resorted to recruiting so-called “cyber-mercenaries” to carry out specific illicit hacks that are part of larger criminal campaigns. Dubbed Atlas Intelligence Group A.I.G., the cybergang...

DFSCoerce

Coerce an authentication attempt over SMB to other machines via MS-DFSNM methods. Module Options msf use auxiliary/scanner/dcerpc/dfscoerce msf auxiliarydfscoerce show actions ...actions... msf auxiliarydfscoerce set ACTION msf auxiliarydfscoerce show options ...show and set options... msf...

GO-2022-0322 Uncontrolled resource consumption in github.com/prometheus/client_golang

The Prometheus clientgolang HTTP server is vulnerable to a denial of service attack when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of the promhttp.InstrumentHandler middleware except RequestsInFlight; not filter any specific...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:10055-1 Rating: important References: 1201216 Cross-References: CVE-2022-2294 CVE-2022-2295 CVE-2022-2296 Affected Products: openSUSE Backports SLE-15-SP3 openSUSE Backports SLE-15-SP4 An update that fixes...

Description of the security update for Office 2016: July 12, 2022 (KB5002112)

Description of the security update for Office 2016: July 12, 2022 KB5002112 Summary This security update resolves a Microsoft Office security feature bypass vulnerability. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2022-33632. Note: To apply this...

GHSA-H7PF-H58R-MV93 CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin allow capturing credentials

XebiaLabs XL Release Plugin 22.0.0 and earlier does not perform permission checks in methods implementing form validation. This allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method,...

GHSA-2588-CX6W-6VM6 Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow capturing credentials

Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

Security update for various openSUSE kernel module packages (important)

openSUSE Security Update: Security update for various openSUSE kernel module packages Announcement ID: openSUSE-SU-2022:10032-1 Rating: important References: 1198581 Affected Products: openSUSE Leap 15.3 An update that contains security fixes can now be installed. Description: This update of...

GHSA-W24X-87MR-4R23 SpEL Injection in Spring Data MongoDB

A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized...