XWorm is not a brand-new malware family[1]. It's a common RAT (Remote Access Tool) re-use regularly in new campaigns. Yesterday, I found a sample that behaves like a dropper and runs the malware using the Process
Continue ReadingCategory: Dynamic Threat Feeds
ISC Stormcast For Thursday, July 25th, 2024 https://isc.sans.edu/podcastdetail/9068, (Thu, Jul 25th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingISC Releases Security Advisories for BIND 9
The Internet Systems Consortium (ISC) released security advisories to address vulnerabilities affecting multiple versions of ISC’s Berkeley Internet Name Domain (BIND) 9. A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service
Continue Reading“Mouse Logger” Malicious Python Script, (Wed, Jul 24th)
Keylogging is a pretty common feature of many malware families because recording the key pressed on a keyboard may reveal a lot of interesting information like usernames, passwords, etc. Back from SANSFIRE, I looked at my backlog
Continue ReadingISC Stormcast For Wednesday, July 24th, 2024 https://isc.sans.edu/podcastdetail/9066, (Wed, Jul 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingWhose Voice Is It Anyway? AI-Powered Voice Spoofing for Next-Gen Vishing Attacks
Written by: Emily Astranova, Pascal Issa Executive Summary AI-powered voice cloning can now mimic human speech with uncanny precision, creating for more realistic phishing schemes. According to news reports, scammers have leveraged voice cloning and
Continue ReadingNew Exploit Variation Against D-Link NAS Devices (CVE-2024-3273), (Tue, Jul 23rd)
In April, an OS command injection vulnerability in various D-Link NAS devices was made public [1]. The vulnerability, %%CVE:2024-3273%% was exploited soon after it became public. Many of the affected devices are no longer supported. We
Continue ReadingHitachi Energy AFS/AFR Series Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: AFS650, AFS660, AFS665, AFS670, AFS675, AFS677, AFR677 Vulnerabilities: Type Confusion, Use After Free, Double Free, Observable Discrepancy 2. RISK
Continue ReadingCISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2012-4792 Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 Twilio Authy Information Disclosure Vulnerability These types of vulnerabilities are frequent attack
Continue ReadingNational Instruments LabVIEW
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: LabVIEW Vulnerabilities: Out-of-Bounds Read, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation
Continue Reading