A few months ago, I wrote a diary[1] about a Python script that replaced the Exodus[2] Wallet app with a rogue one on macOS. Infostealers are everywhere these days. They target mainly browsers (cookies, credentials) and classic
Continue ReadingBlog
ISC Stormcast For Wednesday, September 18th, 2024 https://isc.sans.edu/podcastdetail/9142, (Wed, Sep 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingCISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2014-0497 Adobe Flash Player Integer Underflow Vulnerability CVE-2013-0643 Adobe Flash Player Incorrect Default Permissions Vulnerability CVE-2013-0648 Adobe Flash Player Code Execution
Continue ReadingYokogawa Dual-redundant Platform for Computer (PC2CKM)
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: Dual-redundant Platform for Computer (PC2CKM) Vulnerability: Unchecked Return Value 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an
Continue ReadingMillbeck Communications Proroute H685t-w
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Millbeck Communications Equipment: Proroute H685t-w Vulnerabilities: Command Injection, Cross-site Scripting 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker
Continue ReadingCISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems (ICS) advisories on September 17, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-261-01 Siemens SIMATIC S7-200 SMART Devices ICSA-24-261-02 Millbeck Communications Proroute
Continue ReadingSiemens SIMATIC S7-200 SMART Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories
Continue Reading“Marko Polo” Navigates Uncharted Waters With Infostealer Empire
Unmasking "Marko Polo": A Growing Cybercriminal ThreatIn an evolving digital landscape, cybercriminals have become increasingly innovative, and few exemplify this more than the "Marko Polo" group. As uncovered by Insikt Group, Marko Polo operates a vast
Continue ReadingCISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities
Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting (XSS) continue
Continue ReadingAn Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader
Written by: Marco Galli, Diana Ion, Yash Gupta, Adrian Hernandez, Ana Martinez Gomez, Jon Daniels, Christopher Gardner Introduction In June 2024, Mandiant Managed Defense identified a cyber espionage group suspected to have a North Korea nexus,
Continue Reading