BeatRev - POC For Frustrating/Defeating Malware Analysts

BeatRev Version 2 Disclaimer/Liability The work that follows is a POC to enable malware to "key" itself to a particular victim in order to frustrate efforts of malware analysts. I assume no responsibility for malicious use of any ideas or code contained within this project. I provide this researc...

FBI Warns Investors to Take Precautions with Decentralized Financial Platforms

The U.S. Federal Bureau of Investigation FBI on Monday warned of cyber criminals increasingly exploiting flaws in decentralized finance DeFi platforms to plunder cryptocurrency. "The FBI has observed cyber criminals exploiting vulnerabilities in the smart contracts governing DeFi platforms to ste...

Le-yan Personnel and Salary Management System 信任管理问题漏洞

Le-yan Personnel and Salary Management System is a personnel and salary management system from Le-yan, a Chinese company. A security vulnerability exists in the Le-yan Personnel and Salary Management System, which originates from having hard-coded database accounts and passwords in the site sourc...

New Golang-based 'Agenda Ransomware' Can Be Customized For Each Victim

A new ransomware strain written in Golang dubbed "Agenda" has been spotted in the wild, targeting healthcare and education entities in Indonesia, Saudi Arabia, South Africa, and Thailand. "Agenda can reboot systems in safe mode, attempts to stop many server-specific processes and services, and ha...

LastPass Security Breach – Hackers Steal Company’s Source Code

By Deeba Ahmed In an advisory, password manager and vault app LastPass confirmed the stealing of its internal source code and technical documents. This is a post from HackRead.com Read the original post: LastPass Security Breach - Hackers Steal Companys Source Code...

Source code of password manager LastPass stolen by attacker

In a security incident notice from LastPass the company informed the public know that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account. There is no evidence that this incident involved any access to customer dat...

Hackers Breach LastPass Developer System to Steal Source Code

Password management service LastPass confirmed a security incident that resulted in the theft of certain source code and technical information. The security breach is said to have occurred two weeks ago, targeting its development environment. No customer data or encrypted passwords were accessed,...

podman: Security regression of CVE-2020-14370 due to source code management issue

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive...

CVE-2022-35460

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x61731f...

CVE-2022-35448

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b55af...

CVE-2022-35461

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0a32...

CVE-2022-35466

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0473...

CVE-2022-35456

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x617087...

CVE-2022-35473

OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7...

CVE-2022-35469

OTFCC v0.10.4 was discovered to contain a segmentation violation via /x8664-linux-gnu/libc.so.6+0xbb384...

CVE-2022-35483

OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x5266a8...

CVE-2022-35481

OTFCC v0.10.4 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S...

CVE-2022-35471

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41b0...

CVE-2022-35454

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b05aa...

Integer overflow

A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumbextract.cc may lead to program crash or memory corruption...