2112 matches found
UPDATE: Infection Monkey 1.8.2
Infection Monkey 1.8.2, the open source breach and attack simulation tool was released a yesterday. My first post about this tool can be found in a post titled the List of Adversary Emulation Tools. To keep it simple from the last update, this is a small maintenance release. It includes some bug...
Denial-of-service vulnerability in mod_RSsim (CNVD-2020-38498)
modRSsim is a simulation simulation software. A denial of service vulnerability exists in modRSsim, which can be exploited by attackers to cause a denial of service...
Vulnerability of the User Interface sub-component of the Oracle Financial Services Liquidity Risk Management banking analytics system’s simulation model. This vulnerability allows attackers to create, delete, or modify access rights to protected information, or gain read-only access to data.
The vulnerability of the User Interface component of the Oracle Financial Services Liquidity Risk Management banking analytics system’s simulation model applications is related to the lack of protection for operational data. Exploiting this vulnerability could allow an attacker to create, delete,...
The vulnerability of the User Interface sub-component of the Oracle Financial Services Data Foundation component in the banking analytics system’s simulation model allows attackers to create, delete, or modify access rights to protected information, or gain read-only access to data.
The vulnerability of the User Interface sub-component of the Oracle Financial Services Data Foundation component in the banking analytics system’s simulation model application is related to the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor to...
The vulnerability of the User Interface sub-component of the Oracle Financial Services Liquidity Risk Measurement and Management banking analytics system’s simulation model applications allows attackers to create, delete, or modify access rights to protected information, or gain read-only access to data.
The vulnerability of the User Interface sub-component of the Oracle Financial Services Liquidity Risk Measurement and Management banking analytics system’s simulation model applications is related to the lack of protection for operational data. Exploiting this vulnerability could allow an attacke...
The vulnerability of the User Interface sub-component of the Oracle Financial Services Asset Liability Management banking analytics system’s simulation model applications allows attackers to create, delete, or modify access rights to protected information, or gain read-only access to data.
The vulnerability of the User Interface sub-component of the Oracle Financial Services Asset Liability Management banking analytics system’s simulation model application relates to the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor to create, delet...
Information leakage vulnerability in the virtual simulation experiment platform of Beijing Runier Network Technology Co.
Virtual simulation experimental teaching platform system is an innovative simulation software, which is a product of the deep integration of subject specialties and information technology. There is an information leakage vulnerability in the virtual simulation experiment platform of Beijing Runie...
Acronis: Local Privilege Escalation in anti_ransomware_service.exe via quarantine
antiransomwareservice.exe includes a functionality to quarantine files which will copy the suspected ransomware file from one directory to another using SYSTEM privileges. As any unprivileged user has write permissions in the quarantine folder, it is possible to control this privileged write with...
MITRE ATT&CK APT 29 evaluation proves Microsoft Threat Protection provides deeper end to end view of advanced threats
As attackers use more advanced techniques, it’s even more important that defenders have visibility not just into each of the domains in their environment, but also across them to piece together coordinated, targeted, and advanced attacks. This level of visibility will allow us to get ahead of...
A week in security (April 13 – 19)
Last week on Malwarebytes Labs, we looked at how to avoid Zoom bombing, weighed the risks of surveillance versus pandemics, and dug into a spot of WiFi credential theft. Other cybersecurity news: Malware creeps back into the home: With a pandemic forcing much of the workforce into remote position...
FakeNet Genie: Improving Dynamic Malware Analysis with Cheat Codes for FakeNet-NG
As developers of the network simulation tool FakeNet-NG, reverse engineers on the FireEye FLARE team, and malware analysis instructors, we get to see how different analysts use FakeNet-NG and the challenges they face. We have learned that FakeNet-NG provides many useful features and solutions of...
Invoke-APT29: Adversarial Threat Emulation
MITRE recently conducted its second ATT&CK exercise in their ongoing annual series of Endpoint Security Efficacy testing and evaluation. This test focuses on assessing the behavioral capabilities of multiple endpoint security vendors against a simulated adversary, based closely around...
The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking financial analysis system’s simulation modeling applications allows a perpetrator to disclose protected information.
The vulnerability of the Infrastructure sub-component of the Oracle FLEXCUBE Universal Banking banking analytics system’s simulation model application is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor to disclose sensitive...
CVE-2019-13521
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena...
CVE-2019-13521
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena...
Design/Logic Flaw
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena...
Design/Logic Flaw
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena...
CVE-2019-13519
CVE-2019-13519 affects Rockwell Automation Arena Simulation Software prior to version 16.00.01. The vulnerability is described as a Type Confusion in the handling of arena files, potentially causing limited exposure of information on the targeted workstation. Affected product: Arena Simulation So...
CVE-2019-13519
A maliciously crafted program file opened by an unsuspecting user of Rockwell Automation Arena Simulation Software version 16.00.00 and earlier may result in the limited exposure of information related to the targeted workstation. Rockwell Automation has released version 16.00.01 of Arena...
CVE-2019-13521
The CVE-2019-13521 vulnerability affects Rockwell Automation Arena Simulation Software up to version 16.00.00. A maliciously crafted DOE/ Arena file opened by a user may cause limited exposure of information on the targeted workstation. Rockwell released Arena 16.00.01 to address the issue. The t...