1072 matches found
Chinese APT group targets India and Hong Kong using new variant of MgBot malware
This blog post was authored by Hossein Jazi and Jérôme Segura On July 2, we found an archive file with an embedded document pretending to be from the government of India. This file used template injection to drop a malicious template which loaded a variant of Cobalt Strike. One day later, the sam...
Configuring a Windows Domain to Dynamically Analyze an Obfuscated Lateral Movement Tool
We recently encountered a large obfuscated malware sample that offered several interesting analysis challenges. It used virtualization that prevented us from producing a fully-deobfuscated memory dump for static analysis. Statically analyzing a large virtualized sample can take anywhere from...
TAU Threat Analysis: Hakbit Ransomware
The bad actors behind Hakbit ransomware recently released an updated variant of their ransomware, which encrypts the victim’s data and demands 3 Bitcoins in ransom payment. This updated variant is delivered via phishing email as a malicious Excel document, and contains added functionality from th...
The zero-day exploits of Operation WizardOpium
Back in October 2019 we detected a classic watering-hole attack on a North Korea-related news site that exploited a chain of Google Chrome and Microsoft Windows zero-days. While we've already published blog posts briefly describing this operation available here and here, in this blog post we'd li...
CVE-2020-13136
D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer...
CVE-2020-13136
D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer...
CVE-2020-13136
CVE-2020-13136 affects D-Link DSP-W215 (version 1.26b03): the device transmits an obfuscated hash that can be intercepted and decoded by a network sniffer, enabling information disclosure. The NVD records a CVSS2 base score of 5.0 (Medium) and CVSS3.1 base score of 7.5 (High) with network access ...
CVE-2020-13136
D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer...
PT-2020-13350 · D Link · D-Link Dsp-W215
Name of the Vulnerable Software and Affected Versions: D-Link DSP-W215 version 1.26b03 Description: The issue concerns the transmission of an obfuscated hash by the device, which can be intercepted and decoded by a network sniffer. Recommendations: For D-Link DSP-W215 version 1.26b03, consider...
Dozens of Android Apps for Kids on Google Play Store Caught in Ad Fraud Scheme
More than 50 Android apps on the Google Play Store—most of which were designed for kids and had racked up almost 1 million downloads between them—have been caught using a new trick to secretly click on ads without the knowledge of smartphone users. Dubbed "Tekya ," the malware in the apps imitate...
CVE-2020-5252
The command-line “safety” package for Python has a potential security issue. There are two Python characteristics that allow malicious code to “poison-pill” command-line Safety package detection routines by disguising, or obfuscating, other malicious or non-secure packages. This vulnerability is...
DRUPAL-CONTRIB-2020-002
The SpamSpan module obfuscates email addresses to help prevent spambots from collecting them. This module contains a spamspan twig filter which doesn't sanitize the passed HTML string. This vulnerability is mitigated by the fact that sites must have custom twig template files that use the SpamSpa...
Threat Analysis Unit (TAU) Threat Intelligence Notification: SatanCryptor Ransomware
In early January 2020, a new ransomware named ‘SatanCryptor’ was discovered. After it performs file encryption, it will drop a ransom note named “ SATAN CRYPTOR .hta” and append ‘.satan’ as a file extension to the encrypted files. In addition, SatanCryptor will delete itself after the execution t...
CVE-2019-18339
A vulnerability has been identified in SiNVR/SiVMS Video Server All versions V5.0.0. The HTTP service default port 5401/tcp of the SiVMS/SiNVR Video Server contains an authentication bypass vulnerability, even when properly configured with enforced authentication. A remote attacker with network...
CVE-2019-18337
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0. The Control Center Server CCS contains an authentication bypass vulnerability in its XML-based communication protocol as provided by default on ports 5444/tcp and 5440/tcp. A remote attacker with network access ...
PT-2019-15356 · Unknown · Control Center Server
Name of the Vulnerable Software and Affected Versions: Control Center Server CCS versions prior to V1.5.0 Description: A remote attacker with network access to the CCS server could exploit an authentication bypass vulnerability in the XML-based communication protocol, as provided by default on...
PT-2019-15358 · Siemens · Sinvr/Sivms Video Server
Name of the Vulnerable Software and Affected Versions: SiNVR/SiVMS Video Server versions prior to V5.0.0 Description: A vulnerability has been identified in the HTTP service of the SiVMS/SiNVR Video Server, which contains an authentication bypass issue. This allows a remote attacker with network...
Xiaomi Mi Mix 2S Access Control Error Vulnerability (CNVD-2019-41691)
Xiaomi Mi Mix 2S is a smartphone from Chinese company Xiaomi Technology Xiaomi. A vulnerability in the Xiaomi Mi Mix 2S build fingerprint: Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys in the com.huaqin. An access control error vulnerability exists in the factor...
Platinum APT Shines Up New Titanium Backdoor
APT threat group Platinum has a shiny new plaything: A custom trojan backdoor dubbed Titanium. The backdoor’s name, aside from keeping with the silvery metal theme, comes from password to one of the self-executable archives found in the code. According to Kaspersky researchers who analyzed the...
CVE-2019-1981 Cisco Firepower Threat Defense Software NULL Character Obfuscation Detection Bypass Vulnerability
A vulnerability in the normalization functionality of Cisco Firepower Threat Defense Software, Cisco FirePOWER Services Software for ASA, and Cisco Firepower Management Center Software could allow an unauthenticated, remote attacker to bypass filtering protections. The vulnerability is due to...