email-newsletter-samples.com Cross Site Scripting vulnerability OBB-1279221

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

US Government Warns of a New Strain of Chinese 'Taidoor' Virus

Intelligence agencies in the US have released information about a new variant of 12-year-old computer virus used by China's state-sponsored hackers targeting governments, corporations, and think tanks. Named "Taidoor, " the malware has done an 'excellent' job of compromising systems as early as...

OSV-2020-1006 Use-of-uninitialized-value in decimate_dsd_run

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19928 Crash type: Use-of-uninitialized-value Crash state: decimatedsdrun WavpackUnpackSamples WavpackSeekSample64...

PT-2021-10978 · Speex +8 · Speex +8

Name of the Vulnerable Software and Affected Versions: Speex version 1.2 Description: A Divide by Zero vulnerability in the function read samples of Speex allows attackers to cause a denial of service DoS via a crafted WAV file. Recommendations: For Speex version 1.2, as a temporary workaround,...

OSV-2020-48 UNKNOWN READ in decode_fast

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20448 Crash type: UNKNOWN READ Crash state: decodefast unpackdsdsamples WavpackUnpackSamples...

CVE-2020-8100

Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063...

Scanners-Box

This is a collection of open-source scanning tools, referred to as "Scanners Box" or "scanbox." The project is a repository of various tools for scanning and testing web applications, IoT devices, and other targets. The tools are primarily used for vulnerability scanning, penetration testing, and...

Memory Corruption Vulnerability in DCCE HMIware at Dalian Polytechnic Computer Control Engineering Co.

DCCE HMIware configuration editing software, is a special human-machine interface configuration software developed for DCCE touch screen, the software provides users with a powerful integrated development environment, the product is widely used in the field of medical, chemical, electric power,...

Cross-site Scripting (XSS)

gwtupload-samples is vulnerable to cross-site scripting XSS. The attack is possible because it allows the attacker to input malicious file names using the upload functionality, leading to an execution of malicious script when the filename is processed...

New Research Paper: Prevalence and impact of low-entropy packing schemes in the malware ecosystem

Detection of malware is a constant battle between the technologies designed to detect and prevent malware and the authors creating them. One common technique adversaries leverage is packing binaries. Packing an executable is similar to applying compression or encryption and can inhibit the abilit...

Windows - Shell COM Server Registrar Local Privilege Escalation Exploit

Windows - Shell COM Server Registrar Local Privilege Escalation Exploit // Axel '0vercl0k' Souchet - December 28 2019 // References: // - Found by an anonymous researcher, written up by Simon '@HexKitchen' Zuckerbraun // -...

GoPro GPMF-parser heap buffer overflow vulnerability

GoPro gpmf-parser is a GPMF format telemetry data parser for use in GoPro cameras from GoPro USA. A buffer overflow vulnerability exists in the 'GPMFSeekToSamples' function of the GPMFparse.c file in GoPro GPMF-parser version 1.2.3. The vulnerability stems from a networked system or product...

VMware Carbon Black TAU Threat Research: Visualizing Ransomware with MITRE ATT&CK

If no one had ever heard of ransomware prior to May 2017, then one thing that is fairly certain is that the WannaCry ransomware outbreak unquestionably put ransomware on the security radar, and sent shivers up CISO’s and analysts’ spines for the weeks and months that followed. Only a few weeks...

U.S. Cyber Command Shares Seven New Malware Samples

U.S. Cyber Command has released seven malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review U.S. Cyber Command’s VirusTotal page to view the samples. CISA also recommends...

CVE-2015-9470

creationtimestamp| type| source ---|---|--- 2019-10-10 20:31:28+00:00| seen| https://t.me/cibsecurity/7346 2019-10-16 22:29:31+00:00| seen| https://t.me/cibsecurity/7464...

[SECURITY] Fedora 30 Update: yara-3.10.0-2.fc30

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

Russian APT Map Reveals 22,000 Connections Between 2000 Malware Samples

Though Russia still has an undiversified and stagnant economy, it was one of the early countries in the world to realize the value of remotely conducted cyber intrusions. In recent years, many Russia hacking groups have emerged as one of the most sophisticated nation-state actors in cyberspace,...

Russian APT Map Reveals 22,000 Connections Between 2000 Malware Samples

Though Russia still has an undiversified and stagnant economy, it was one of the early countries in the world to realize the value of remotely conducted cyber intrusions. In recent years, many Russia hacking groups have emerged as one of the most sophisticated nation-state actors in cyberspace,...

U.S. Cyber Command Shares 11 New Malware Samples

U.S. Cyber Command has released 11 malware samples to the malware aggregation tool and repository, VirusTotal. The Cybersecurity and Infrastructure Security Agency CISA encourages users and administrators to review U.S. Cyber Command’s VirusTotal page to view the samples. CISA also recommends use...

CVE-2016-10766

creationtimestamp| type| source ---|---|--- 2019-07-29 20:35:12+00:00| seen| https://t.me/cibsecurity/5774 2019-08-05 18:34:07+00:00| seen| https://t.me/cibsecurity/5926...