UBUNTU-CVE-2020-22030

A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at libavfilter/afafade.c in crossfadesamplesfltp, which might lead to memory corruption and other potential consequences...

Telegram Platform Abused in 'ToxicEye' Malware Campaigns

Hackers are leveraging the popular Telegram messaging app by embedding its code inside a remote access trojan RAT dubbed ToxicEye, new research has found. A victim’s computer infected with the ToxicEye malware is controlled via a hacker-operated Telegram messaging account. The ToxicEye malware ca...

Obfuscation_Detection - Collection Of Scripts To Pinpoint Obfuscated Code

Automatically detect control-flow flattening and other state machines Author: Tim Blazytko Description: Scripts and binaries to automatically detect control-flow flattening and other state machines in binaries. Implementation is based on Binary Ninja. Check out the following blog post for more...

The vulnerability of the WavpackPackSamples function in the packUtils.c component of the WavPack audio codec allows for an operation that outputs data within acceptable buffer limits. This enables a malicious actor to compromise the integrity of the data and cause service failures.

The vulnerability of the WavpackPackSamples function in the packUtils.c component of the WavPack audio codec is related to the output of the operation within acceptable buffer data limits. Exploiting this vulnerability allows a remote attacker to compromise the integrity of the data and also caus...

Trojan-Spy.Win32.WinSpy.vwl Insecure Permissions

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/0187e62ca40cb3d556a2c5825620bd8f.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan-Spy.Win32.WinSpy.vwl Vulnerability: Insecure Permissions EoP Description: WinSpy.vwl create t...

The vulnerability of the Samples component of the Oracle WebLogic Server application server allows a hacker to gain full control over the application.

The vulnerability of the Samples component of the Oracle WebLogic Server application server is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain full control over the application through the use of IIOP and T3 protocols...

Oracle WebLogic Server Multiple Vulnerabilities (Jan 2021 CPU)

The version of WebLogic Server installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2021 CPU advisory. - An unspecified vulnerability exists in the Core component. An unauthenticated, remote attacker with network access via IIOP, T3 can exploit this...

CVE-2021-2075

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Samples. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP...

Design/Logic Flaw

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Samples. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP...

CVE-2021-2075

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Samples. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP...

DEBIAN-CVE-2020-35738

WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in packutils.c because of an integer overflow in a malloc argument. NOTE: some third-parties claim that there are later "unofficial" releases through 5.3.2, which are also affected...

Freki - Malware Analysis Platform

Freki is a free and open-source malware analysis platform. Goals 1. Facilitate malware analysis and reverse engineering; 2. Provide an easy-to-use REST API for different projects; 3. Easy deployment via Docker; 4. Allow the addition of new features by the community. Current features Hash...

SoReL-20M: A Huge Dataset of 20 Million Malware Samples Released Online

Cybersecurity firms Sophos and ReversingLabs on Monday jointly released the first-ever production-scale malware research dataset to be made available to the general public that aims to build effective defenses and drive industry-wide improvements in security detection and response. "SoReL-20M"...

CVE-2020-17468

creationtimestamp| type| source ---|---|--- 2020-12-12 02:35:57+00:00| seen| https://t.me/cibsecurity/20654 2020-12-12 02:38:58+00:00| seen| https://t.me/cibsecurity/20674 2020-12-12 03:25:23+00:00| seen| https://t.me/cibsecurity/20694 2020-12-12 04:07:12+00:00| seen| https://t.me/cibsecurity/207...

Adrozek Malware Delivers Fake Ads to 30K Devices a Day

A persistent malware campaign called Adrozek has been using an evolved browser modifier to deliver fraudulent ads to search-engine pages, according to Microsoft. At its peak in August, Adrozek was observed on more than 30,000 devices each day, researchers found, affecting multiple browsers. The...

CVE-2020-27132

creationtimestamp| type| source ---|---|--- 2020-12-11 20:35:44+00:00| seen| https://t.me/cibsecurity/20357 2020-12-11 20:46:00+00:00| seen| https://t.me/cibsecurity/20377 2020-12-11 21:25:15+00:00| seen| https://t.me/cibsecurity/20396 2020-12-11 22:04:32+00:00| seen| https://t.me/cibsecurity/204...

Denial Of Service (DoS)

sox is vulnerable to denial of service. An attacker is able to crash the application via the readsamples function in hcom.c via a malicious hcom file...

New Framework Released to Protect Machine Learning Systems From Adversarial Attacks

Microsoft, in collaboration with MITRE, IBM, NVIDIA, and Bosch, has released a new open framework that aims to help security analysts detect, respond to, and remediate adversarial attacks against machine learning ML systems. Called the Adversarial ML Threat Matrix, the initiative is an attempt to...

Cyberattacks against machine learning systems are more common than you think

Machine learning ML is making incredible transformations in critical areas such as finance, healthcare, and defense, impacting nearly every aspect of our lives. Many businesses, eager to capitalize on advancements in ML, have not scrutinized the security of their ML systems. Today, along with...

Cyberattacks against machine learning systems are more common than you think

Machine learning ML is making incredible transformations in critical areas such as finance, healthcare, and defense, impacting nearly every aspect of our lives. Many businesses, eager to capitalize on advancements in ML, have not scrutinized the security of their ML systems. Today, along with...