Lucene search
+L

286 matches found

Snyk
Snyk
added 2023/03/24 2:3 p.m.2 views

Malicious Package

Overview Nexzor.Graphical.Designer.Core is a malicious package. This package adopts typosquatting techniques and attempts to trick users into downloading it. It contains a PowerShell script that will execute upon installation and trigger a download of a 2nd stage payload, which can be remotely...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2023/03/24 2:3 p.m.3 views

Malicious Package

Overview Sys.Forms.26 is a malicious package. This package adopts typosquatting techniques and attempts to trick users into downloading it. It contains a PowerShell script that will execute upon installation and trigger a download of a 2nd stage payload, which can be remotely executed. Indicators...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2023/03/24 2:3 p.m.4 views

Malicious Package

Overview Managed.Windows.Core is a malicious package. This package adopts typosquatting techniques and attempts to trick users into downloading it. It contains a PowerShell script that will execute upon installation and trigger a download of a 2nd stage payload, which can be remotely executed...

9.8CVSS7AI score
Exploits0References2
The Hacker News
The Hacker News
added 2023/03/22 8:58 a.m.2 views

Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware

The NuGet repository is the target of a new "sophisticated and highly-malicious attack" aiming to infect .NET developer systems with cryptocurrency stealer malware. The 13 rogue packages, which were downloaded more than 160,000 times over the past month, have since been taken down. "The packages...

7.2AI score
Exploits0
hivepro
hivepro
added 2023/02/21 10:21 a.m.21 views

The Intricate Evolution of SoulSearcher Loader for Multi-Stage Malware Execution

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary SoulSearcher is a second-stage loader that has been seen in the wild since October 2017, and it is responsible for executing the Soul module payload and parsing its configuration. The samples found in th...

1.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.3 views

SUSE CVE-2022-33747

Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M Physical-to-Machine mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation to replace a...

3.8CVSS4.5AI score0.00259EPSS
Exploits0References12
The Hacker News
The Hacker News
added 2023/01/06 2:15 p.m.27 views

Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS

Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems. "While these malware families are old, they exemplify the range of capabilities and malicious behavior possible on the platform," the tech...

0.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/01/03 9:9 a.m.27 views

BitRAT Now Sharing Sensitive Bank Data as a Lure

Introduction In June of 2022 Qualys Threat Research Unit TRU wrote an in-depth report on Redline, a commercial off the shelf infostealer that spreads via fake cracked software hosted on Discord’s content delivery network. Since then, we have continued to track similar threats to identify their...

0.6AI score
Exploits0
OSV
OSV
added 2022/10/11 1:15 p.m.4 views

ALPINE-CVE-2022-33747

Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M Physical-to-Machine mapping. When large pages are in use to map guest pages in the 2nd-stage page tables, such a removal operation may incur a memory allocation to replace a...

3.8CVSS6.8AI score0.00259EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2022/06/27 10:0 a.m.60 views

Researchers Warn of 'Matanbuchus' Malware Campaign Dropping Cobalt Strike Beacons

A malware-as-a-service Maas dubbed Matanbuchus has been observed spreading through phishing campaigns, ultimately dropping the Cobalt Strike post-exploitation framework on compromised machines. Matanbuchus, like other malware loaders such as BazarLoader, Bumblebee, and Colibri, is engineered to...

7.5AI score
Exploits0
FireEye
FireEye
added 2021/09/01 3:30 p.m.55 views

Too Log; Didn't Read — Unknown Actor Using CLFS Log Files for Stealth

The Mandiant Advanced Practices team recently discovered a new malware family we have named PRIVATELOG and its installer, STASHLOG. In this post, we will share a novel and especially interesting technique the samples use to hide data, along with detailed analysis of both files that was performed...

0.2AI score
Exploits0References5
Pen Test Partners Blog
Pen Test Partners Blog
added 2021/08/09 5:28 a.m.1804 views

Breaking the Android Bootloader on the Qualcomm Snapdragon 660

This post is a companion to the DEF CON 29 video available here. A few months ago I purchased an Android phone to do some research around a specific series of NFC chips, which required me to gain root access to the device in order to fully access its hardware capabilities. Gaining root access on...

7.2CVSS8AI score0.00199EPSS
Exploits0
ThreatPost
ThreatPost
added 2021/06/02 8:33 p.m.56 views

Podcast: The State of Ransomware

Last month, ransomware group DarkSide targeted operator Colonial Pipeline Co., disrupting fuel supply in the Eastern part of the U.S. The attack on a major U.S. oil pipeline had widespread ripples: it prompted President Joe Biden to declare a state of emergency and caused substantial pain at gas...

7.1AI score
Exploits0References12
ThreatPost
ThreatPost
added 2021/05/03 3:47 p.m.55 views

Buer Malware Tool Rewritten in E-Z Rust Language

A variant of the Buer malware, which is being distributed in emails disguised as DHL support shipping notices, comes with a fresh code rewrite in the popular Rust language and looks like it may be in the process of prepping for rental to other cybercrooks. Join Threatpost for “Fortifying Your...

7.5AI score
Exploits0References14
The Hacker News
The Hacker News
added 2021/04/20 5:33 a.m.66 views

Lazarus APT Hackers are now using BMP images to hide RAT malware

A spear-phishing attack operated by a North Korean threat actor targeting its southern counterpart has been found to conceal its malicious code within a bitmap .BMP image file to drop a remote access trojan RAT capable of stealing sensitive information. Attributing the attack to the Lazarus Group...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2021/01/06 2:0 p.m.46 views

Hackers Using Fake Trump's Scandal Video to Spread QNode Malware

Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan RAT by purporting to contain a sex scandal video of U.S. President Donald Trump. The emails, which carry with the subject line "GOOD LOAN OFFER!!," come attached with a Java archive JAR file...

0.4AI score
Exploits0
ThreatPost
ThreatPost
added 2020/06/23 2:39 p.m.40 views

Hakbit Ransomware Attack Uses GuLoader, Malicious Microsoft Excel Attachments

A ransomware campaign, dubbed Hakbit, is targeting mid-level employees across Austria, Switzerland and Germany with malicious Excel attachments delivered via the popular email provider GMX. The spear-phishing based campaign is low volume and so far targeted the pharmaceutical, legal, financial,...

7.1AI score
Exploits0References11
The Hacker News
The Hacker News
added 2019/07/17 2:13 p.m.2 views

EvilGnome: A New Backdoor Implant Spies On Linux Desktop Users

Security researchers have discovered a rare piece of Linux spyware that's currently fully undetected across all major antivirus security software products, and includes rarely seen functionalities with regards to most Linux malware, The Hacker News learned. It's a known fact that there are a very...

7.2AI score
Exploits0
Carbon Black Blog
Carbon Black Blog
added 2019/04/24 7:43 p.m.83 views

CB TAU Threat Intelligence Notification: Emotet Utilizing WMI to Launch PowerShell Encoded Code

Carbon Black recently learned that a customer had received a malicious email, which was written in German and was attached with a password-protected zip file that contained a malicious document file. This phishing email belongs to the recent Emotet campaign. However, what makes this malware uniqu...

2.7AI score
Exploits0
Metasploit
Metasploit
added 2018/11/15 12:44 a.m.68 views

Safari Proxy Object Type Confusion

This module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e....

8.8CVSS8.4AI score0.53772EPSS
Exploits12
Rows per page
Query Builder