Google Blocks Dozens of Malicious Domains Operated by Hack-for-Hire Groups

Google's Threat Analysis Group TAG on Thursday disclosed it had acted to block as many as 36 malicious domains operated by hack-for-hire groups from India, Russia, and the U.A.E. In a manner analogous to the surveillanceware ecosystem, hack-for-hire firms equip their clients with capabilities to...

GHSA-4466-8JM4-448P Deserialization of Untrusted Data in Jenkins

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an XStream: Java crash when trying to instantiate void/Void...

OSV-2022-331 Stack-buffer-overflow in void unwindstack::Symbols::BuildRemapTable<Elf64_Sym>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46546 Crash type: Stack-buffer-overflow READ Crash state: void unwindstack::Symbols::BuildRemapTable bool unwindstack::Symbols::GetName unwindstack::ElfInterfaceImpl::GetFunctionName...

Solaris/SPARC - setuid(0) + chmod (/bin/ksh) + exit(0) Shellcode

/ sparcsolarischmod.c - Solaris/SPARC chmod shellcode Copyright c 2022 Marco Ivaldi Solaris/SPARC setuid/chmod/exit shellcode. Tested on: SunOS 5.10 GenericVirtual sun4u sparc SUNW,SPARC-Enterprise / char sc = / Solaris/SPARC chmod shellcode 12 + 32 + 20 = 64 bytes / / setuid0 / "\x90\x08\x3f\xff...

Defend Against Cyber Espionage Attacks

Explore Trend Micro’s latest research into Void Balaur, a prolific cybermercenary group, to learn how to defend against attacks launched by this growing group of threat actors...

A week in security (Nov 8 – Nov 14)

Last week on Malwarebytes Labs Multiple video games break after domain name snafu How to remove adware on an Android phone Smart TV adverts put a wrinkle in your programming Are cybercriminals turning away from the US and targeting Europe instead? Patch now! Microsoft plugs actively exploited...

This Week in Security News - November 12, 2021

This week, learn about the prolific cybermercenaries, Void Balaur, and their recent attacks. Also, read on the 80-country agreement to mobilize safeguards against cyberattacks...

Cyber-Mercenary Group Void Balaur Attacks High-Profile Targets for Cash

Russian-language group Void Balaur, also tracked under the name Rockethack, has been identified as a prolific cyber-mercenary group, available for hire to break into the email and social-media accounts of high-profile, high-stakes targets around the world. After monitoring Void Balaur for more th...

Researchers Uncover Hacker-for-Hire Group That's Active Since 2015

A new cyber mercenary hacker-for-hire group dubbed "Void Balaur" has been linked to a string of cyberespionage and data theft activities targeting thousands of entities as well as human rights activists, politicians, and government officials around the world at least since 2015 for financial gain...

Void Balaur and the Rise of the Cybermercenary Industry

One of the most prolific cybermercenaries is Void Balaur, a Russian-speaking threat actor group that has launched attacks against different sectors and industries all over the world...

OSV-2021-972 UNKNOWN READ in void mc_chroma<unsigned short>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36056 Crash type: UNKNOWN READ Crash state: void mcchroma generateinterpredictionsamples decodepredictionunit...

Void Aural Rec Monitor Information Disclosure Vulnerability

Void Aural Rec Monitor is an application from the Spanish company Void. Void Aural Rec Monitor in version 9.0.0.1 suffers from an information disclosure vulnerability that originates from the svc-login.php password being stored in an unencrypted source code text file, which can be exploited to ga...

CVE-2021-25899

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1...

CVE-2021-25898

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server...

CVE-2021-25899

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1...

Code injection

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server...

CVE-2021-25899

Void Aural Rec Monitor 9.0.0.1 contains a SQL injection in svc-login.php (param1) exploitable via blind time-based requests. An unauthenticated attacker can trigger the vulnerability to potentially read data, modify data, and perform unauthorized administrative actions. No exploit details are pro...

CVE-2021-25899

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable parameter is param1...

CVE-2021-25898

The CVE-2021-25898 entry relates to Void Aural Rec Monitor 9.0.0.1, where passwords are stored in unencrypted source-code text files within svc-login.php. This creates an information-disclosure risk because the credential value is used to authenticate a high-privileged user when accessing the ser...

Void Aural Rec Monitor SQL注入漏洞

Void Aural Rec Monitor is an application from the Spanish company Void. Aural Rec Monitor version 9.0.0.1 suffers from a SQL injection vulnerability, which originates in svc-login.php, where an unauthenticated attacker sends a crafted HTTP request to perform a blind time-based SQL injection...