The leap of a Cycldek-related threat actor

Introduction In the nebula of Chinese-speaking threat actors, it is quite common to see tools and methodologies being shared. One such example of this is the infamous "DLL side-loading triad": a legitimate executable, a malicious DLL to be sideloaded by it, and an encoded payload, generally dropp...

Facebook Shutters Accounts Used in APT32 Cyberattacks

Facebook has shut down several accounts and Pages on its platform, which were used to launch phishing and malware attacks by two cybercriminal groups: APT32 in Vietnam and an unnamed threat group based in Bangladesh. Click to register. The social-media giant said it has removed both groups’ abili...

Nation-State Hackers Caught Hiding Espionage Activities Behind Crypto Miners

A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research. Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender...

Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them

Cryptocurrency miners are typically associated with cybercriminal operations, not sophisticated nation state actor activity. They are not the most sophisticated type of threats, which also means that they are not among the most critical security issues that defenders address with urgency. Recent...

Symantec Reports on Cicada APT Attacks against Japan

Symantec is reporting on an APT group linked to China, named Cicada. They have been attacking organizations in Japan and elsewhere. Cicada has historically been known to target Japan-linked organizations, and has also targeted MSPs in the past. The group is using living-off-the-land tools as well...

Mysterious APT Leaves Curious ‘KilllSomeOne’ Clue

Researchers are scratching their heads when it comes to unmasking a new advanced persistent threat APT group targeting non-governmental organizations in the Southeast Asian nation Myanmar formerly Burma. Based on crude messages, such as “KilllSomeOne”, used in attack code strings, coupled with...

CVE-2020-7260

DLL Side Loading vulnerability in the installer for McAfee Application and Change Control MACC prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder...

CVE-2020-7260

DLL Side Loading vulnerability in the installer for McAfee Application and Change Control MACC prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder...

Code injection

DLL Side Loading vulnerability in the installer for McAfee Application and Change Control MACC prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder...

CVE-2020-7260 MACC installer DLL side loading

DLL Side Loading vulnerability in the installer for McAfee Application and Change Control MACC prior to 8.3 allows local users to execute arbitrary code via execution from a compromised folder...

CVE-2020-7260

CVE-2020-7260 describes a DLL side-loading vulnerability in the installer for McAfee Application and Change Control (MACC) prior to version 8.3, enabling local users to run arbitrary code by executing from a compromised folder. The issue is rooted in DLL loading during installation, with impact l...

Abusing DLL Misconfigurations — Using Threat Intelligence to Weaponize R&D

DLL Abuse Techniques Overview Dynamic-link library DLL side-loading occurs when Windows Side-by-Side WinSxS manifests are not explicit about the characteristics of DLLs being loaded by a program. In layman’s terms, DLL side-loading can allow an attacker to trick a program into loading a malicious...

TeamViewer DLL Side Loading Vulnerability (Oct 2019) - Windows

TeamViewer is prone to a DLL side loading vulnerability. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:teamviewer:teamviewer";...

CVE-2019-18196

A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 fixed in 11.0.214397, 12.0.181268 fixed in 12.0.214399, 13.2.36215 fixed in 13.2.36216, and 14.6.4835 fixed in 14.7.1965 on Windows could allow an attacker to perform code execution on a target system...

Design/Logic Flaw

A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 fixed in 11.0.214397, 12.0.181268 fixed in 12.0.214399, 13.2.36215 fixed in 13.2.36216, and 14.6.4835 fixed in 14.7.1965 on Windows could allow an attacker to perform code execution on a target system...

CVE-2019-18196

A DLL side loading vulnerability in the Windows Service in TeamViewer versions up to 11.0.133222 fixed in 11.0.214397, 12.0.181268 fixed in 12.0.214399, 13.2.36215 fixed in 13.2.36216, and 14.6.4835 fixed in 14.7.1965 on Windows could allow an attacker to perform code execution on a target system...

CVE-2019-18196

Summary (CVE-2019-18196): A DLL sideloading vulnerability in the Windows Service component of TeamViewer allows potential code execution via a service restart when a malicious DLL is placed in the TeamViewer directory. Affected TeamViewer versions and fixes include: up to 11.0.133222 (fixed in 11...

CVE-2019-17449

Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges...

CVE-2019-17449

Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges...

Design/Logic Flaw

DISPUTED Avira Software Updater before 2.0.6.21094 allows a DLL side-loading attack. NOTE: The vendor thinks that this vulnerability is invalid because exploiting it would require at least administrator privileges and would gain only SYSTEM privileges...