Day: November 21, 2021

Microsoft Edge Security Advisory

Number: AV21-596Date: 22 November 2021 On 19 November 2021 Microsoft published a Security Update to address vulnerabilities in the following product: Microsoft Edge – versions prior to 96.0.1054.29 The Cyber Centre encourages users and administrators to review the provided web link and apply the necessary update. Microsoft Edge Stable Channel Release Noteshttps://docs.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security#november-19-2021 Note to Readers …

Microsoft Edge Security Advisory Read More »

Dell Security Advisory

Number: AV21-595Date: 22 November 2021 On 19 and 22 November 2021 Dell published Security Advisories to address vulnerabilities in the following products: Dell EMC Streaming Data Platform – versions prior to 1.3 Dell EMC VNXe1600 – versions prior to 3.1.16.10.220572 Exploitation of some of these vulnerabilities may result in information disclosure, unauthorized data modification and …

Dell Security Advisory Read More »

[webapps] Aimeos Laravel ecommerce platform 2021.10 LTS – 'sort' SQL injection

# Exploit Title: Aimeos Laravel ecommerce platform 2021.10 LTS – ‘sort’ SQL injection # Date: 20/11/2021 # Exploit Author: Ilker Burak ADIYAMAN # Vendor Homepage: https://aimeos.org # Software Link: https://aimeos.org/laravel-ecommerce-package # Version: Aimeos 2021.10 LTS # Tested on: MacOSX *Description:* The Aimeos E-Commerce framework Laravel application is vulnerable to SQL injection via the ‘sort’ parameter …

[webapps] Aimeos Laravel ecommerce platform 2021.10 LTS – 'sort' SQL injection Read More »

[dos] Modbus Slave 7.3.1 – Buffer Overflow (DoS)

# Exploit Title: Modbus Slave 7.3.1 – Buffer Overflow (DoS) # Discovered by: Yehia Elghaly # Discovered Date: 2021-11-19 # Vendor Homepage: https://www.modbustools.com/ # Software Link : https://www.modbustools.com/download/ModbusSlaveSetup32Bit.exe # Tested Version: 7.3.1 < 7.4.2 # Vulnerability Type: Buffer Overflow (DoS) Local # Tested on OS: Windows XP SP3 – Windows 7 Professional x86 SP1 – …

[dos] Modbus Slave 7.3.1 – Buffer Overflow (DoS) Read More »

[dos] Pinkie 2.15 – TFTP Remote Buffer Overflow (PoC)

# Exploit Title: Pinkie 2.15 – TFTP Remote Buffer Overflow (PoC) # Discovered by: Yehia Elghaly # Discovered Date: 2021-11-19 # Vendor Homepage: http://www.ipuptime.net/ # Software Link : http://ipuptime.net/PinkieSetup.zip # Tested Version: 2.15 # Vulnerability Type: Buffer Overflow (DoS) Remote # Tested on OS: Windows XP SP3 – Windows 7 Professional x86 SP1 – Windows …

[dos] Pinkie 2.15 – TFTP Remote Buffer Overflow (PoC) Read More »

Picky PPID Spoofing

Parent Process ID (PPID) Spoofing is one of the techniques employed by malware authors to blend in the target system. This is done by making the malicious process look like it was spawned by another process. This helps evade detections that are based on anomalous parent-child process relationships. When I started learning and implementing this …

Picky PPID Spoofing Read More »

Stacs – Static Token And Credential Scanner

Static Token And Credential Scanner What is it? STACS is a YARA powered static credential scanner which suports binary file formats, analysis of nested archives, composable rulesets and ignore lists, and SARIF reporting. What does STACS support? Currently, STACS supports recursive unpacking of tarballs, gzips, bzips, zips, and xz files. As STACS works on detected …

Stacs – Static Token And Credential Scanner Read More »

Blacksmith Attack Bypasses Existing DDR4 Memory Defenses

Security Researchers from ComSec group have demonstrated that it is possible to trigger the Rowhammer exploit and target the associated DRAMs used in commercially available devices. Blacksmith (tracked as CVE-2021-42114) is a fuzzing-based technique, and unlike previous DRAM exploits, it works well for non-uniform hammering patterns as well. Researchers from ComSec group have demonstrated that …

Blacksmith Attack Bypasses Existing DDR4 Memory Defenses Read More »

Experts found 11 malicious Python packages in the PyPI repository

Researchers discovered 11 malicious Python packages in the PyPI repository that can steal Discord access tokens, passwords, and conduct attacks. JFrog researchers have discovered 11 malicious Python packages in the Python Package Index (PyPI) repository that can steal Discord access tokens, passwords, and even carry out dependency confusion attacks. Below is the list of malicious …

Experts found 11 malicious Python packages in the PyPI repository Read More »

COVID-19 and Cybercrime - Europol Threat Assessment

Security The conditions brought forth by the global pandemic have set a rapid pace of transformation in the cyberworld. With accelerated digitalization, came the threat of heightened cyberattacks. The conditions brought forth by the global pandemic have set a rapid pace of transformation in the cyberworld. With accelerated digitalization, came the threat of heightened cyberattacks. …

COVID-19 and Cybercrime - Europol Threat Assessment Read More »

A New ‘SharkBot’ Android Banking Malware Hits Targets in U.S., UK and Italy

A new Android banking trojan, first detected at the end of October 2021, is targeting international banks from the US, the United Kingdom, and Italy and five different cryptocurrency services. So far twenty-two instances have been reported, and more are expected. Security Week Read more about : Top Identity Theft Protection and Credit Monitoring Services …

A New ‘SharkBot’ Android Banking Malware Hits Targets in U.S., UK and Italy Read More »

Latest Research Links Ghostwriter Disinformation Campaign to Belarus

Security Researchers from Mandiant Threat Intelligence have claimed with high confidence that the Ghostwriter (UNC1151) disinformation campaign is associated with the government of Belarus. Researchers from Mandiant Threat Intelligence have claimed with high confidence that the Ghostwriter (UNC1151) disinformation campaign is associated with the government of Belarus. Read more

Latest Research Links Ghostwriter Disinformation Campaign to Belarus

Security Researchers from Mandiant Threat Intelligence have claimed with high confidence that the Ghostwriter (UNC1151) disinformation campaign is associated with the government of Belarus. Researchers from Mandiant Threat Intelligence have claimed with high confidence that the Ghostwriter (UNC1151) disinformation campaign is associated with the government of Belarus. Read more

Latest Research Links Ghostwriter Disinformation Campaign to Belarus

Security Researchers from Mandiant Threat Intelligence have claimed with high confidence that the Ghostwriter (UNC1151) disinformation campaign is associated with the government of Belarus. Researchers from Mandiant Threat Intelligence have claimed with high confidence that the Ghostwriter (UNC1151) disinformation campaign is associated with the government of Belarus. Read more

Latest Research Links Ghostwriter Disinformation Campaign to Belarus

Security Researchers from Mandiant Threat Intelligence have claimed with high confidence that the Ghostwriter (UNC1151) disinformation campaign is associated with the government of Belarus. Researchers from Mandiant Threat Intelligence have claimed with high confidence that the Ghostwriter (UNC1151) disinformation campaign is associated with the government of Belarus. Read more