McAfee Consumer Product Removal Tool 代码问题漏洞

McAfee Consumer Product Removal Tool is a McAfee, Inc. designed to completely remove McAfee Security products in order to reinstall or install a different antivirus. A code issue vulnerability exists in versions prior to McAfee Consumer Product Removal Tool 10.4.128 that stems from a previous...

Deep Panda deploys new rootkit “Fire Chili” by exploiting Log4shell in VMware horizon

THREAT LEVEL: Red For a detailed advisory, download the pdf file here Deep Panda, a Chinese APT group, took advantage of the well-known Log4Shell vulnerability in VMware Horizon servers to deploy a backdoor, rootkit, and steal sensitive data. This threat actor is primarily targeting firms in the...

Mustang Panda targets European diplomats using enhanced PlugX backdoor

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Mustang Panda, a Chinese cyberespionage group, has been targeting European diplomats with a revised version of the PlugX backdoor in an ongoing campaign linked to the ongoing conflict in Ukraine. The group, also known as...

VulnCheck KEV: CVE-2016-3235

Microsoft Office Object Linking & Embedding OLE dynamic link library DLL contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution...

Microsoft Office OLE DLL Side Loading Vulnerability

Microsoft Office Object Linking & Embedding OLE dynamic link library DLL contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution...

CVE-2021-26556

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...

CVE-2021-26557

When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...

CVE-2021-26556

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...

CVE-2021-26557

When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...

Design/Logic Flaw

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...

Design/Logic Flaw

When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...

CVE-2021-26557

CVE-2021-26557 affects Octopus Tentacle when installed to a custom folder where folder ACLs are not set correctly. This misconfiguration can allow an unprivileged user to use DLL side-loading to gain privileged access, resulting in a local privilege escalation. The NVD data cites local attack vec...

CVE-2021-26557

When Octopus Tentacle is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...

CVE-2021-26556

When Octopus Server is installed using a custom folder location, folder ACLs are not set correctly and could lead to an unprivileged user using DLL side-loading to gain privileged access...

CVE-2021-26556

CVE-2021-26556 affects Octopus Server when installed in a custom folder location. The root cause is improper ACL configuration on the installation folder, enabling a DLL side-loading path for an unprivileged user to escalate to privileged access. The connected sources confirm the presence of a lo...

Details of the REvil Ransomware Attack

ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details: This weekends attack was carried out with almost surgical precision. According to Cybereason, the REvil affiliates first gained access to targeted environments and then used the zero-day in the...

Chinese Hackers Attacking Military Organizations With New Backdoor

Bad actors with suspected ties to China have been behind a wide-ranging cyberespionage campaign targeting military organizations in Southeast Asia for nearly two years, according to new research. Attributing the attacks to a threat actor dubbed "Naikon APT," cybersecurity firm Bitdefender laid ou...

Targeted Malware Reverse Engineering Workshop follow-up. Part 1

On April 8, 2021, we conducted a webinar with Ivan Kwiatkowski and Denis Legezo, Senior Security Researchers from our Global Research & Analysis Team GReAT, who gave live workshops on practical disassembling, decrypting and deobfuscating authentic malware cases, moderated by GReATs own Dan Demete...

Hackers From China Target Vietnamese Military and Government

A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam. The attacks have been attributed with low confidence to the advanced persistent threat APT called Cycldek or Goblin Panda,...

Hackers From China Target Vietnamese Military and Government

A hacking group related to a Chinese-speaking threat actor has been linked to an advanced cyberespionage campaign targeting government and military organizations in Vietnam. The attacks have been attributed with low confidence to the advanced persistent threat APT called Cycldek or Goblin Panda,...