macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users

Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts "almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of...

DoNot Team Hackers Updated its Malware Toolkit with Improved Capabilities

The Donot Team threat actor has updated its Jaca Windows malware toolkit with improved capabilities, including a revamped stealer module designed to plunder information from Google Chrome and Mozilla Firefox browsers. The improvements also include a new infection chain that incorporates previousl...

IT threat evolution Q2 2021

Targeted attacks The leap of a Cycldek-related threat actor It is quite common for Chinese-speaking threat actors to share tools and methodologies: one such example is the infamous "DLL side-loading triad": a legitimate executable, a malicious DLL to be side-loaded by it and an encoded payload,...

Hackers From China Target Vietnamese Military and Government

A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam. The attacks have been attributed with low confidence to the advanced persistent threat APT called Cycldek or Goblin Panda,...

Ramsay Malware Targets Air-Gapped Networks

A cyber-espionage malware has been discovered that’s capable of collecting and exfiltrating sensitive documents from within air‑gapped networks. The malware, dubbed Ramsay, is still under active development — so far, researchers have found three different samples, with each sample adding new...

Multiple Cobalt Personality Disorder

Introduction Despite the notion that modern cybersecurity protocols have stopped email-based attacks, email continues to be one of the primary attack vectors for malicious actors — both for widespread and targeted operations. Recently, Cisco Talos has observed numerous email-based attacks that ar...

CVE-2017-11150

Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents...

Command injection

Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents...

CVE-2017-11150

Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted file name of RTF documents...

CVE-2017-11150

CVE-2017-11150 affects Synology Office, affecting Document.php in versions 2.2.0-1502 and 2.2.1-1506. A command-injection flaw allows remote authenticated users to execute arbitrary commands by supplying shell metacharacters in the filename of crafted RTF documents. The underlying cause is input ...

CVE-2017-0199: In the Wild Attacks Leveraging HTA Handler

FireEye recently detected malicious Microsoft Office RTF documents that leverage CVE-2017-0199, a previously undisclosed vulnerability. This vulnerability allows a malicious actor to download and execute a Visual Basic script containing PowerShell commands when a user opens a document containing ...

Microsoft OLE URL Moniker improperly handles remotely-linked HTA data

Overview Microsoft OLE uses the URL Moniker to open application data based on the server-provided MIME type, which can allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft OLE uses the URL Moniker to processes remotely-linked content in ...

CVE-2016-7193

Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps...

APT Threat Targets Tibetans, Journalists and Human Rights Workers

Tibetans, journalists and human rights workers in Hong Kong and Taiwan have been targeted in an APT campaign that makes use of Microsoft Rich Text File RTF documents to compromise computers. Researchers say it’s a new strategy by attackers in an ongoing advanced persistent threat that dates back ...

GNU UnRTF 0.19.3 - Font Table Conversion Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12030/info GNU UnRTF is prone to a buffer overflow vulnerability. This issue is exposed when the program converts RTF font table data. Since RTF documents may originate from an external or untrusted source, this...

Microsoft Warns Of Security Hole in Windows Graphics Engine

Microsoft issued an advisory to Windows users about a security vulnerability in a common Windows component that could be used by remote attackers to run malicious code on machines running the Windows XP, Vista and Windows Server 2003 operating systems. The company said on Tuesday that it is...

CVE-2010-1901

Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich tex...

Memory corruption

Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Word Viewer; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly handle unspecified properties in rich tex...

Ubuntu: Security Advisory (USN-482-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu Update for openoffice.org(2)/-amd64 vulnerability USN-482-1

Ubuntu Update for Linux kernel vulnerabilities USN-482-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN4821.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for openoffice.org2/-amd64 vulnerability USN-482-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...