89 matches found
EUVD-2018-1408
Malware in sbrugna...
EUVD-2018-8043
Malware in sbrugna...
Cyberattack Group 'Awaken Likho' Targets Russian Government with Advanced Tools
Russian government agencies and industrial entities are the target of an ongoing activity cluster dubbed Awaken Likho. "The attackers now prefer using the agent for the legitimate MeshCentral platform instead of the UltraVNC module, which they had previously used to gain remote access to systems,...
Awaken Likho is awake: new techniques of an APT group
Introduction In July 2021, a campaign was launched primarily targeting Russian government agencies and industrial enterprises. Shortly after the campaign started, we began tracking it, and published three reports in August and September 2024 through our threat research subscription on the threat...
macOS Version of HZ RAT Backdoor Targets Chinese Messaging App Users
Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts "almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of...
Hackers Exploit Legitimate Packer Software to Spread Malware Undetected
Threat actors are increasingly abusing legitimate and commercially available packer software such as BoxedApp to evade detection and distribute malware such as remote access trojans and information stealers. "The majority of the attributed malicious samples targeted financial institutions and...
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
Phar files formerly known as "PHP archives" can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt...
PT-2024-40242 · Typo3 · Typo3
Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue arises from Phar files, which can act as self-extracting archives, leading to the execution of source code when invoked. Phar files can be disguised with various file extensions,...
Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks
An unknown threat actor used a malicious self-extracting archive SFX file in an attempt to establish persistent backdoor access to a victim's environment, new findings from CrowdStrike show. SFX files are capable of extracting the data contained within them without the need for dedicated software...
Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks
An unknown threat actor used a malicious self-extracting archive SFX file in an attempt to establish persistent backdoor access to a victim's environment, new findings from CrowdStrike show. SFX files are capable of extracting the data contained within them without the need for dedicated software...
Emotet Botnet Distributing Self-Unlocking Password-Protected RAR Files to Drop Malware
The notorious Emotet botnet has been linked to a new wave of malspam campaigns that take advantage of password-protected archive files to drop CoinMiner and Quasar RAT on compromised systems. In an attack chain detected by Trustwave SpiderLabs researchers, an invoice-themed ZIP file lure was foun...
CVE-2020-5681
Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
Self-Extracting files created by multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries
Overview Self-Extracting files created by multiple SEIKO EPSON products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. SEIKO EPSON CORPORATION reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...
JVN#94244575: Self-Extracting files created by multiple SEIKO EPSON products may insecurely load Dynamic Link Libraries
Self-Extracting files created by multiple SEIKO EPSON products contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the Self-Extracting files. Solution Update t...
Epson Setupmanager Code Issue Vulnerability
Epson Setupmanager is a printer driver software from Epson Japan for Windows operating systems. A code issue vulnerability exists in the self-extracting file in version 2.2.1 of Epson Setupmanager, which could lead to unsafe loading of dynamic link libraries...
Design/Logic Flaw
Untrusted search path vulnerability in Self-Extracting Archives created by UNLHA32.DLL prior to Ver 3.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2018-16189
Untrusted search path vulnerability in Self-Extracting Archives created by UNLHA32.DLL prior to Ver 3.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2018-16189
Untrusted search path vulnerability in Self-Extracting Archives created by UNLHA32.DLL prior to Ver 3.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...
CVE-2018-16189
The CVE-2018-16189 issue affects UNLHA32.DLL Self-Extracting Archives (Win32) prior to Ver 3.00, where the DLL search path flaw may allow arbitrary code execution via a Trojan horse DLL in the same directory. The vulnerability is caused by insecure DLL loading (CWE-427) and can enable code execut...
UNLHA32.DLL, UNARJ32.DLL, LHMelting and LMLzh32.DLL may insecurely load Dynamic Link Libraries
Overview UNLHA32.DLL, UNARJ32.DLL, LHMelting and LMLzh32.DLL provided by Micco contain vulnerabilities listed below. Self-Extracting Archives created by UNLHA32.DLL may insecurely load Dynamic Link Libraries CWE-427 - CVE-2018-16189 Insecurely load specific DLL file in the same directory CWE-427 ...