EUVD-2016-3352

Malware in sbrugna...

EUVD-2019-9232

Malware in sbrugna...

CVE-2019-19620

In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the...

Booking.com Phishers May Leave You With Reservations

A number of cybercriminal innovations are making it easier for scammers to cash in on your upcoming travel plans. This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen. We'll also explore an array of cybercrime services aim...

Reply URL Flaw Allowed Unauthorized MS Power Platform API Access

By Habiba Rashid Critical Vulnerability in Microsoft Power Platform Discovered and Reported by Secureworks Researchers. This is a post from HackRead.com Read the original post: Reply URL Flaw Allowed Unauthorized MS Power Platform API Access...

Smoke Loader Botnet Drops Location Tracker Whiffy Recon Malware

By Deeba Ahmed The new Whiffy Recon Malware was identified by cybersecurity researchers at Secureworks. This is a post from HackRead.com Read the original post: Smoke Loader Botnet Drops Location Tracker Whiffy Recon Malware...

Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor

Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell. Patchwork, also...

K13838: XSS vulnerability CVE-2012-2975

Security Advisory Description A cross-site scripting XSS vulnerability exists on the BIG-IP ASM traffic overview page. Malicious request URLs may be exposed in the Configuration utility without proper sanitization. CVE-2012-2975 Impact Privileged root access may be granted to unauthenticated user...

U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks

The U.S. Treasury Department's Office of Foreign Assets Control OFAC on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps IRGC for their involvement in ransomware attacks at least since October 2020. The agency said...

JSSLoader: the shellcode edition

The Malwarebytes Threat Intelligence team observed a malspam campaign in late June that we attribute to the FIN7 APT group. One of the samples was also reported on Twitter by Josh Trombley; during execution, it was observed to drop a secondary payload, written in .NET. Details about FIN7 campaign...

State-Backed Hackers Using Ransomware as a Decoy for Cyber Espionage Attacks

A China-based advanced persistent threat APT group is possibly deploying short-lived ransomware families as a decoy to cover up the true operational and tactical objectives behind its campaigns. The activity cluster, attributed to a hacking group dubbed Bronze Starlight by Secureworks, involves t...

State-backed hacking group from China is targeting the Russian military

In an unexpected turn of events, research has surfaced about a Chinese APT advanced persistent threat group targeting the Russian military in recent cyberattacks. Tracked as Bronze President, Mustang Panda, RedDelta, and TA416, the group has focused mainly on Southeast Asian targets—and more...

Lyceum APT Returns, This Time Targeting Tunisian Firms

The Lyceum threat group has resurfaced, this time with a weird variant of a remote-access trojan RAT that doesn’t have a way to talk to a command-and-control C2 server and might instead be a new way to proxy traffic between internal network clusters. Kaspersky’s Mark Lechtik – senior security...

CVE-2019-19620

In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the...

CVE-2019-19620

In SecureWorks Red Cloak Windows Agent before 2.0.7.9, a local user can bypass the generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file. This is limited in scope to the collection of process-execution telemetry, for executions against specific files where the...

CVE-2019-19620

CVE-2019-19620 affects SecureWorks Red Cloak Windows Agent prior to 2.0.7.9. The issue is a local-privilege-like bypass where a local user can circumvent generation of telemetry alerts by removing NT AUTHORITY\SYSTEM permissions from a file, specifically impacting process-execution telemetry for ...

Dell Technologies + VMware Carbon Black: Better Together

It’s been an exciting few months for the VMware Carbon Black team and we’re excited to share some big news with you. Today, from VMworld Europe 2019 in Barcelona, VMware announced an enhanced partnership with Dell Technologies that will make Carbon Black Cloud, along with Dell Trusted Devices and...

QNAP Photo Station 5.7.0 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: QNAP Photo Station 5.7.0 - Cross-Site Scripting Exploit Author: Mitsuaki Mitch Shiraishi - secureworks Vendor Homepage: https://www.qnap.com/ja-jp/security-advisory/nas-201808-23 Software Link: N/A Version: QNAP Photo Station...

QNAP Photo Station 5.7.0 - Cross-Site Scripting

Exploit Title: QNAP Photo Station 5.7.0 - Cross-Site Scripting Google Dork: N/A Date: 2018-09-07 Exploit Author: Mitsuaki Mitch Shiraishi - secureworks Vendor Homepage: https://www.qnap.com/ja-jp/security-advisory/nas-201808-23 Software Link: N/A Version: QNAP Photo Station versions 5.7.0 and...

QNAP Photo Station 5.7.0 Cross Site Scripting

Exploit Title: QNAP Photo Station 5.7.0 - Cross-Site Scripting Google Dork: N/A Date: 2018-09-07 Exploit Author: Mitsuaki Mitch Shiraishi - secureworks Vendor Homepage: https://www.qnap.com/ja-jp/security-advisory/nas-201808-23 Software Link: N/A Version: QNAP Photo Station versions 5.7.0 and...