Mispadu Banking Trojan Exploits SmartScreen Flaw

One more malware family makes use of CVE-2023-36025

Recent research uncovers a new sample of Mispadu malware that uses a SmartScreen bypass flaw to integrate itself into the system. This banking trojan from 2019 uses the vulnerability discovered in late 2023 to target mainly LATAM users. Mispadu Trojan Uses SmartScreen Bypass The extensive research regarding Mispadu malware done by Unit 42, among other… Continue reading Mispadu Banking Trojan Exploits SmartScreen Flaw

Critical Vulnerability Uncovered in Apple iOS and macOS Exploited

Another Apple security vulnerability has been found

The Cybersecurity and Infrastructure Security Agency has identified a security flaw in Apple operating systems, particularly iOS and macOS. It has been added to the agency’s Known Exploited Vulnerabilities catalog. The vulnerability can allow attackers to bypass Pointer Authentication and gain unauthorized read and write access to the system. Critical Apple Operating Systems Vulnerabilities Exploited… Continue reading Critical Vulnerability Uncovered in Apple iOS and macOS Exploited

GitLab Vulnerability CVE-2024-0402 Exposes File Overwrite Risk

Critical flaw in GitLab allows workspace creation to overwrite files - amazing opportunity for hackers

In a new security update, GitLab has issued a patch for a critical vulnerability. This flaw could allow unauthorized users to overwrite files, potentially leading to data corruption or executing arbitrary code. This vulnerability impacts GitLab CE/EE across several versions. New GitLab Critical Vulnerability Discovered A critical vulnerability identified as CVE-2024-0402, rated as high as… Continue reading GitLab Vulnerability CVE-2024-0402 Exposes File Overwrite Risk

4 Junos OS Vulnerabilities Fixed, Update Now

Developers of Junos OS released a patch for 4 vulnerabilities in the software

In the latest security bulletin, Juniper Networks announced the release of fixes for a selection of vulnerabilities in their Junos OS. Among the fixed flaws is a high-severity one that got the CVSS score of 8.8. However, the fix is currently available only for this and another, less severe vulnerability. Junos OS Vulnerabilities Allow for… Continue reading 4 Junos OS Vulnerabilities Fixed, Update Now

Panda Security Driver Vulnerabilities Uncovered in APT Simulation

Penetration testing uncovered another attack with the use of a vulnerable antivirus driver

Security researchers discovered critical security driver vulnerabilities in Panda Security software. This chain of flaws abuses legitimate drivers to disable EDR products. Despite having relatively low CVSS scores, they may be rather efficient in real-world attacks. Panda Security Driver Vulnerabilities Uncovered Researchers have unearthed three critical vulnerabilities in a security driver extensively utilized across various… Continue reading Panda Security Driver Vulnerabilities Uncovered in APT Simulation

Kasseika Ransomware Exploits Vulnerable Antivirus Drivers

Kasseika ransomware uses a vulnerable antivirus driver to stop security solutions in the attacked system

A new ransomware called “Kasseika” uses Bring Your Own Vulnerable Driver tactics to disable antivirus software before encrypting files. Kasseika was likely built by former members of the BlackMatter group or experienced ransomware actors who purchased its code. Kasseika Ransomware Deploys BYOVD Attacks A new ransomware operation known as “Kasseika” has recently been discovered. This… Continue reading Kasseika Ransomware Exploits Vulnerable Antivirus Drivers

GoAnywhere MFT Auth Bypass Vulnerability Discovered

Fortra insists on installing updates to fix the severe vulnerability in GoAnywhere

The fest of vulnerabilities in enterprise software continues with an auth bypass flaw in Fortra’s GoAnywhere MFT. Rated at CVSS 9.8, this flaw allows an adversary to create an administrator account without gaining any access to the system. Fortra recommends updating the MFT solution to the versions beyond the ones susceptible to the flaw. GoAnywhere… Continue reading GoAnywhere MFT Auth Bypass Vulnerability Discovered

Confluence RCE Vulnerability Under Massive Exploitation

Experts have discovered a vulnerability with maximum CVSS that lures hackers like honey for bees.

Researchers are seeing attempts to exploit a critical vulnerability in outdated Atlassian Confluence servers. The flaw allows attackers to execute code remotely, with most attempts from Russian IP addresses. Typically for remote code execution vulnerabilities, this one received a high severity rating by CVSS scale. RCE Vulnerability in Confluence Exploited in the Wild According to… Continue reading Confluence RCE Vulnerability Under Massive Exploitation

Over 178,000 SonicWall Firewalls are Vulnerable to DoS and RCE

SonicWall's series 6 and 7 NGFWs have two unauthenticated DoS vulnerabilities with potential for remote code execution.

Recent research uncovers a significant portion of SonicWall firewall instances being susceptible to attacks. In particular, two vulnerabilities are able to cause remote code execution (RCE) and DoS attacks. Unfortunately, no official patches are available at the moment, forcing clients to seek a workaround. Uncovering the Flaws The vulnerabilities in question are primarily two stack-based… Continue reading Over 178,000 SonicWall Firewalls are Vulnerable to DoS and RCE

GitLab Zero-Click Account Hijack Vulnerability Revealed

GitHub developers release a fix to the critical account hijack vulnerability

On January 11, 2024, GitLab released an update with the official warning regarding the critical security violation fix. The vulnerability allows the user to send the account password reset form to an unverified email address, effectively granting a stranger access to the repository. Almost all 16.x versions of their software package is susceptible to the… Continue reading GitLab Zero-Click Account Hijack Vulnerability Revealed