105 matches found
When Guardians Become Predators: How Malware Corrupts the Protectors
When Guardians Become Predators: How Malware Corrupts the Protectors By Trellix · November 20, 2024 This blog was also written by Trishaan Kalra Introduction We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is...
Transforming Threat Actor Research into a Strong Defense Strategy
Transforming Threat Actor Research into a Strong Defense Strategy By James Murphy, Ale Houspanossian, Leandro Velasco LV and Ilya Kolmanovich · November 14, 2024 What does it take to transform threat actor research into detection engineering? If we look at threat intelligence at its core, then we...
Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool
Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 CVSS score: 9.3, the vulnerability has been described as a case of missing authentication in its...
DarkGate again but... Improved?
DarkGate again but... Improved? By Ernesto Fernández Provecho · June 3, 2024 Executive summary During 2023, DarkGate made a comeback with a version full of new features, becoming one of the most preferred Remote Access Trojans RATs by malicious actors. However, this momentum also required...
bip.covid19.athenarc.gr Cross Site Scripting vulnerability OBB-3858373
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
chromium -- multiple security fixes
Chrome Releases reports: This update includes 4 security fixes: 1511567 High CVE-2024-1060: Use after free in Canvas. Reported by Anonymous on 2023-12-14 1514777 High CVE-2024-1059: Use after free in WebRTC. Reported by Cassidy Kim@cassidy6564 on 2023-12-29 1511085 High CVE-2024-1077: Use after...
The Anatomy of HTML Attachment Phishing
The Anatomy of HTML Attachment Phishing: One Code, Many Variants By Mathanraj Thangaraju, Niranjan Hegde, and Sijo Jacob · June 14, 2023 Introduction Phishing is the malevolent practise of pretending to be a reliable entity in electronic communication to steal sensitive data, such as login...
Exploring New Techniques of Fake Browser Updates Leading to NetSupport RAT
Exploring New Techniques of Fake Browser Updates Leading to NetSupport RAT By Jonell Baltazar · August 10, 2023 This blog was also written by Antonio Ribeiro Trellix detected an ongoing campaign using fake Chrome browser updates to lure victims to install a remote administration software tool...
Qakbot Evolves to OneNote Malware Distribution
Qakbot Evolves to OneNote Malware Distribution By Pham Duy Phuc, John Fokker J.E. and Alejandro Houspanossian · March 07, 2023 This blog was also written by Raghav Kapoor and Mathanraj Thangaraju Qakbot aka QBot, QuakBot, and Pinkslipbot is a sophisticated piece of malware that has been active...
Trellix Advanced Research Center patches 61,000 vulnerable open-source projects
Trellix Advanced Research Center Patches 61,000 Vulnerable Open-Source Projects By Trellix · January 23, 2023 This blog was written by Douglas McKee Late last year, the Trellix Advanced Research Center team uncovered a vulnerability in Python’s tarfile module. As we dug in, we realized this was...
Trellix Advanced Research Center patches 61,000 vulnerable open-source projects
Trellix Advanced Research Center Patches 61,000 Vulnerable Open-Source Projects By Trellix · January 23, 2023 This blog was written by Douglas McKee Late last year, the Trellix Advanced Research Center team uncovered a vulnerability in Python’s tarfile module. As we dug in, we realized this was...
Watch Out! These Android Keyboard Apps With 2 Million Installs Can be Hacked Remotely
Multiple unpatched vulnerabilities have been discovered in three Android apps that allow a smartphone to be used as a remote keyboard and mouse. The apps in question are Lazy Mouse, PC Keyboard, and Telepad, which have been cumulatively downloaded over two million times from the Google Play Store...
Microsoft Exchange vulnerable to server-side request forgery and remote code execution.
Overview Microsoft Exchange Server 2019, Exchange Server 2016 and Exchange Server 2013 are vulnerable to a server-side request forgery SSRF attack and remote code execution. An authenticated attacker can use the combination of these two vulnerabilities to elevate privileges and execute arbitrary...
Imperva Champions Data Privacy Week 2022
As a cybersecurity industry leader, Imperva is working with the National Cybersecurity Alliance NCA as a 2022 Data Privacy Week Champion to promote the need for businesses to prioritize data privacy and protection and the importance of individuals and companies to secure their online data. As par...
File Upload Vulnerability in Super CMS
Super CMS content management system by the SEO Research Center moonseo.cn in order to solve the problem of website optimization and development of a set of products. Super CMS has a file upload vulnerability that can be exploited by attackers to upload malicious w files and gain server privileges...
curie.ornl.gov XSS vulnerability
Open Bug Bounty ID: OBB-487107 Description| Value ---|--- Affected Website:| curie.ornl.gov Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
ipsr.ku.edu XSS vulnerability
Vulnerable URL: http://www.ipsr.ku.edu/groundsite/galleryquery.php?keyword=%27%22%3E%3Csvg/onload=confirm/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 03.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown /...
PT-2018-32: Arbitrary Code Execution in NCR S1
The specialists of the Positive Research center have detected an Arbitrary Code Execution vulnerability in NCR S1. Vulnerability in the NCR S1 Dispenser controller, related to insufficient protection of the memory write mechanism, allows unauthenticated, remote attackers to execute arbitrary code...
PT-2018-17: Information Disclosure in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200
The specialists of the Positive Research center have detected an Information Disclosure vulnerability in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200. Hash collisions in algorithms used for password encryption allow attackers to obtain passwords. How to fix...
Auto Lender Exposes Loan Data For Up To 1 Million Applicants
A California auto loan company left the names, addresses, credit scores and partial Social Security numbers of up to 1 million people exposed on an insecure online database. The company behind the database is Alliance Direct Lending Corporation, according to Kromtech Security Research Center, whi...