Category: داغ

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of shortcomings is as follows – CVE-2022-47986 (CVSS score: 9.8) – IBM Aspera Faspex Code Execution Vulnerability CVE-2022-41223 (CVSS score: 6.8) – Mitel MiVoice Connect Code Injection Vulnerability CVE-2022-40765 (CVSS score: 6.8) – Mitel MiVoice Connect Command Injection Vulnerability CVE-2022-47986 is described as a YAML deserialization flaw in the file transfer solution that could allow a remote attacker to execute code on the…

Read More

Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices. Tracked as CVE-2023-20032 (CVSS score: 9.8), the issue relates to a case of remote code execution residing in the HFS+ file parser component. The flaw affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. Google security engineer Simon Scannell has been credited with discovering and reporting the bug. “This vulnerability is due to a missing buffer size check…

Read More

E-commerce industries in South Korea and the U.S. are at the receiving end of an ongoing GuLoader malware campaign, cybersecurity firm Trellix disclosed late last month. The malspam activity is notable for transitioning away from malware-laced Microsoft Word documents to NSIS executable files for loading the malware. Other countries targeted as part of the campaign include Germany, Saudi Arabia, Taiwan and Japan.   NSIS, short for Nullsoft Scriptable Install System, is a script-driven open source tool used to develop installers for the Windows operating system. While attack chains in 2021…

Read More

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could lead to a denial-of-service (DoS) condition. “A remote attacker could exploit these vulnerabilities to potentially cause denial-of-service conditions and system failures,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an advisory released Friday.   The open source software is used by major financial firms, national and international carriers, internet service providers (ISPs), retailers, manufacturers, educational institutions, and government entities,…

Read More

A new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer on compromised Windows systems. “The info-stealer malware steals sensitive information like system info, crypto wallet and browser histories, cookies, and credentials of crypto wallets from victim machines,” Uptycs security researcher Karthickkumar Kathiresan said in a report.   Details of the campaign were first disclosed by Milan-based IT services firm SI.net last month. The multi-stage infection sequence commences with an invoice-themed phishing email containing a link that, when clicked, downloads a password-protected ZIP…

Read More

Cisco has warned of two security vulnerabilities affecting end-of-life (EoL) Small Business RV016, RV042, RV042G, and RV082 routers that it said will not be fixed, even as it acknowledged the public availability of proof-of-concept (PoC) exploit. The issues are rooted in the router’s web-based management interface, enabling a remote adversary to sidestep authentication or execute malicious commands on the underlying operating system.     The most severe of the two is CVE-2023-20025 (CVSS score: 9.0), which is the result of improper validation of user input within incoming HTTP packets. A…

Read More

Read More

A Rust variant of a ransomware strain known as Agenda has been observed in the wild, making it the latest malware to adopt the cross-platform programming language after BlackCat, Hive, Luna, and RansomExx. Agenda, attributed to an operator named Qilin, is a ransomware-as-a-service (RaaS) group that has been linked to a spate of attacks primarily targeting manufacturing and IT industries across different countries.   A previous version of the ransomware, written in Go and customized for each victim, singled out healthcare and education sectors in countries like Indonesia, Saudi Arabia, South…

Read More

The Vice Society ransomware actors have switched to yet another custom ransomware payload in their recent attacks aimed at a variety of sectors. “This ransomware variant, dubbed ‘PolyVice,’ implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms,” SentinelOne researcher Antonio Cocomazzi said in an analysis. Vice Society, which is tracked by Microsoft under the moniker DEV-0832, is an intrusion, exfiltration, and extortion hacking group that first appeared on the threat landscape in May 2021. Unlike other ransomware gangs, the cybercrime actor does not use file-encrypting malware developed in-house. Instead, it’s known…

Read More

Fortinet on Monday issued emergency patches for a severe security flaw affecting its FortiOS SSL-VPN product that it said is being actively exploited in the wild. Tracked as CVE-2022-42475 (CVSS score: 9.3), the critical bug relates to a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to execute arbitrary code via specially crafted requests.     The company said it’s “aware of an instance where this vulnerability was exploited in the wild,” urging customers to move quickly to apply the updates. The following products are impacted by the issue –…

Read More