EUVD-2021-28218

Malicious code in bioql PyPI...

New Variant of UpdateAgent Malware Infects Mac Computers with Adware

Microsoft on Wednesday shed light on a previously undocumented Mac trojan that it said has undergone several iterations since its first appearance in September 2020, effectively granting it an "increasing progression of sophisticated capabilities." The company's Microsoft 365 Defender Threat...

Design/Logic Flaw

An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead to manipulation o...

Inspecting TLS Web Traffic - Part 2

In the first blog post I covered why HTTPS web traffic has grown to unprecedented levels, provided a TLS primer and looked at the basic concept of intercepting and inspecting HTTPS web traffic with Man-In-The-Middle techniques MITM. In the second part, I will dive a bit deeper into how the TLS MI...

InstallShield Update Agent - Downloads and executes "Rule Scripts" insecurely.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUMMARY InstallShield Update Agent - Remote "Rule Script" Code Execution Vulnerability. OVERVIEW InstallShield Update Agent uses insecure methods of retrieving operational script code from unauthenticated, unverified external sources over HTTP...