Lucene search
K

1072 matches found

Malwarebytes
Malwarebytes
added 2020/07/21 3:0 p.m.5324 views

Chinese APT group targets India and Hong Kong using new variant of MgBot malware

This blog post was authored by Hossein Jazi and Jérôme Segura On July 2, we found an archive file with an embedded document pretending to be from the government of India. This file used template injection to drop a malicious template which loaded a variant of Cobalt Strike. One day later, the sam...

9.3CVSS8.8AI score0.99966EPSS
Exploits21
FireEye
FireEye
added 2020/07/07 6:0 p.m.21 views

Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool

We recently encountered a large obfuscated malware sample that offered several interesting analysis challenges. It used virtualization that prevented us from producing a fully-deobfuscated memory dump for static analysis. Statically analyzing a large virtualized sample can take anywhere from...

Exploits0References4
Carbon Black Blog
Carbon Black Blog
added 2020/06/08 2:59 p.m.77 views

TAU Threat Analysis: Hakbit Ransomware

The bad actors behind Hakbit ransomware recently released an updated variant of their ransomware, which encrypts the victim’s data and demands 3 Bitcoins in ransom payment. This updated variant is delivered via phishing email as a malicious Excel document, and contains added functionality from th...

7.2AI score
Exploits0
Securelist
Securelist
added 2020/05/28 10:0 a.m.1798 views

The zero-day exploits of Operation WizardOpium

Back in October 2019 we detected a classic watering-hole attack on a North Korea-related news site that exploited a chain of Google Chrome and Microsoft Windows zero-days. While we've already published blog posts briefly describing this operation available here and here, in this blog post we'd li...

7.2CVSS8.8AI score0.80968EPSS
Exploits43
OSV
OSV
added 2020/05/18 5:15 p.m.5 views

CVE-2020-13136

D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer...

7.5CVSS7.1AI score0.01205EPSS
Exploits0References1
NVD
NVD
added 2020/05/18 5:15 p.m.25 views

CVE-2020-13136

D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer...

7.5CVSS7.6AI score0.01205EPSS
Exploits0References1
CVE
CVE
added 2020/05/18 4:5 p.m.79 views

CVE-2020-13136

CVE-2020-13136 affects D-Link DSP-W215 (version 1.26b03): the device transmits an obfuscated hash that can be intercepted and decoded by a network sniffer, enabling information disclosure. The NVD records a CVSS2 base score of 5.0 (Medium) and CVSS3.1 base score of 7.5 (High) with network access ...

7.5CVSS7.5AI score0.01205EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/05/18 4:5 p.m.29 views

CVE-2020-13136

D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer...

7.6AI score0.01205EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/05/18 12:0 a.m.6 views

PT-2020-13350 · D Link · D-Link Dsp-W215

Name of the Vulnerable Software and Affected Versions: D-Link DSP-W215 version 1.26b03 Description: The issue concerns the transmission of an obfuscated hash by the device, which can be intercepted and decoded by a network sniffer. Recommendations: For D-Link DSP-W215 version 1.26b03, consider...

7.5CVSS7.5AI score0.01205EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2020/03/24 10:0 a.m.6 views

Dozens of Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme

More than 50 Android apps on the Google Play Store—most of which were designed for kids and had racked up almost 1 million downloads between them—have been caught using a new trick to secretly click on ads without the knowledge of smartphone users. Dubbed "Tekya ," the malware in the apps imitate...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2020/03/23 12:0 a.m.18 views

CVE-2020-5252

The command-line “safety” package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...

5CVSS0.7AI score0.00366EPSS
Exploits0References4
OSV
OSV
added 2020/01/22 5:36 p.m.4 views

DRUPAL-CONTRIB-2020-002

The SpamSpan module obfuscates email addresses to help prevent spambots from collecting them. This module contains a spamspan twig filter which doesn't sanitize the passed HTML string. This vulnerability is mitigated by the fact that sites must have custom twig template files that use the SpamSpa...

6.7AI score
Exploits0References1
Carbon Black Blog
Carbon Black Blog
added 2020/01/21 4:33 p.m.48 views

Threat Analysis Unit (TAU) Threat Intelligence Notification: SatanCryptor Ransomware

In early January 2020, a new ransomware named ‘SatanCryptor’ was discovered. After it performs file encryption, it will drop a ransom note named “ SATAN CRYPTOR .hta” and append ‘.satan’ as a file extension to the encrypted files. In addition, SatanCryptor will delete itself after the execution t...

7.1AI score
Exploits0
NVD
NVD
added 2019/12/12 7:15 p.m.26 views

CVE-2019-18339

A vulnerability has been identified in SiNVR/SiVMS Video Server All versions V5.0.0. The HTTP service default port 5401/tcp of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network...

9.8CVSS9.4AI score0.02652EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/12/12 7:8 p.m.21 views

CVE-2019-18337

A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access ...

9.8CVSS9.2AI score0.02544EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/12/12 12:0 a.m.7 views

PT-2019-15356 · Unknown · Control Center Server

Name of the Vulnerable Software and Affected Versions: Control Center Server CCS versions prior to V1.5.0 Description: A remote attacker with network access to the CCS server could exploit an authentication bypass vulnerability in the XML-based communication protocol, as provided by default on...

9.8CVSS9.4AI score0.02544EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2019/12/12 12:0 a.m.4 views

PT-2019-15358 · Siemens · Sinvr/Sivms Video Server

Name of the Vulnerable Software and Affected Versions: SiNVR/SiVMS Video Server versions prior to V5.0.0 Description: A vulnerability has been identified in the HTTP service of the SiVMS/SiNVR Video Server, which contains an authentication bypass issue. This allows a remote attacker with network...

9.8CVSS9.4AI score0.02652EPSS
Exploits0References2
CNVD
CNVD
added 2019/11/19 12:0 a.m.5 views

Xiaomi Mi Mix 2S Access Control Error Vulnerability (CNVD-2019-41691)

Xiaomi Mi Mix 2S is a smartphone from Chinese company Xiaomi Technology Xiaomi. A vulnerability in the Xiaomi Mi Mix 2S build fingerprint: Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys in the com.huaqin. An access control error vulnerability exists in the factor...

3.3CVSS6.8AI score0.00277EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2019/11/08 9:35 p.m.83 views

Platinum APT Shines Up New Titanium Backdoor

APT threat group Platinum has a shiny new plaything: A custom trojan backdoor dubbed Titanium. The backdoor’s name, aside from keeping with the silvery metal theme, comes from password to one of the self-executable archives found in the code. According to Kaspersky researchers who analyzed the...

0.7AI score
Exploits0References5
Cvelist
Cvelist
added 2019/11/05 7:35 p.m.27 views

CVE-2019-1981 Cisco Firepower Threat Defense Software NULL Character Obfuscation Detection Bypass Vulnerability

A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to...

5.8CVSS5.7AI score0.01042EPSS
Exploits0References1
Rows per page
Query Builder