Month: March 2023

The Week in Ransomware – March 10th 2023 – Police Take Action

March 12, 2023

This week's biggest news was the coordinated, international law enforcement operation between Europol, the FBI, the Netherlands, Germany, and Ukraine...

CISA warns of actively exploited Plex bug after LastPass breach

March 12, 2023

CISA has added an almost three-year-old high-severity remote code execution (RCE) vulnerability in the Plex Media Server to its catalog...

SEIKO EPSON printers/network interface Web Config cross-site scripting | CVE-2023-27520

March 12, 2023

NAME__________SEIKO EPSON printers/network interface Web Config cross-site scriptingPlatforms Affected:SEIKO EPSON Web ConfigRisk Level:4.8Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________SEIKO EPSON printers/network interface Web Config...

Crossplane denial of service | CVE-2023-27484

March 12, 2023

NAME__________Crossplane denial of servicePlatforms Affected:Crossplane Crossplane 1.11.1 Crossplane Crossplane 1.10.2 Crossplane Crossplane 1.9.1Risk Level:6.2Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Crossplane is vulnerable to...

Oracle Database Vault SQL injection |

March 12, 2023

NAME__________Oracle Database Vault SQL injectionPlatforms Affected:Oracle Database Server 19cRisk Level:5.4Exploitability:UnprovenConsequences:Data Manipulation DESCRIPTION__________Oracle Database Vault is vulnerable to SQL injection. A...

SEIKO EPSON printers/network interface Web Config cross-site request forgery | CVE-2023-23572

March 12, 2023

NAME__________SEIKO EPSON printers/network interface Web Config cross-site request forgeryPlatforms Affected:SEIKO EPSON Web ConfigRisk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________SEIKO EPSON printers/network interface Web...

Fortinet FortiManager, Fortinet FortiAnalyzer, Fortinet FortiPortal, and Fortinet FortiSwitch information disclosure | CVE-2022-27490

March 12, 2023

NAME__________Fortinet FortiManager, Fortinet FortiAnalyzer, Fortinet FortiPortal, and Fortinet FortiSwitch information disclosurePlatforms Affected:Risk Level:5.4Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Fortinet FortiManager, Fortinet FortiAnalyzer, Fortinet FortiPortal,...

Daily Vulnerability Trends: Sun Mar 12 2023

March 12, 2023

Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2023-25690Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow...

Shopper+ – 878,290 breached accounts

March 12, 2023

HIBP In March 2023, "Canada's online shopping mall" Shopper+ disclosed a data breach discovered on a public hacking forum. The...

HDB Financial Services – 1,658,750 breached accounts

March 12, 2023

HIBP In March 2023, the Indian non-bank lending unit HDB Financial Services suffered a data breach that disclosed over 70M...

Malware Analysis – djvu – e0a5572580480d3379b920a897a36c61

March 12, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, discovery, persistence, ransomware, spyware, stealerMD5: e0a5572580480d3379b920a897a36c61SHA1: 9234dd4da1e0d31d0199664ea78c9cc14aefbee5ANALYSIS DATE: 2023-03-11T21:11:44ZTTPS: T1012, T1082, T1060, T1112,...

Malware Analysis – djvu – 9afdd4346dfb9c65a40d20f7c4812fed

March 12, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, discovery, persistence, ransomware, spyware, stealerMD5: 9afdd4346dfb9c65a40d20f7c4812fedSHA1: 8962acde456e5f1705f35decb2580713a45f3e46ANALYSIS DATE: 2023-03-11T21:13:45ZTTPS: T1005, T1081, T1012, T1082,...

Malware Analysis – banker – 177f323985be212c7eb379585119ecc2

March 12, 2023

Score: 8 MALWARE FAMILY: bankerTAGS:banker, evasion, ransomwareMD5: 177f323985be212c7eb379585119ecc2SHA1: c9224711a8d504a13e40f506eac01fc810845e8eANALYSIS DATE: 2023-03-11T21:23:58ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...

Malware Analysis – djvu – ddf6d8dd27744ee84b53ddc102613c99

March 12, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, discovery, persistence, ransomware, spyware, stealerMD5: ddf6d8dd27744ee84b53ddc102613c99SHA1: 2c847787379b8d6ebc93d3be41e5ae52f785167bANALYSIS DATE: 2023-03-11T21:32:25ZTTPS: T1005, T1081, T1012, T1060,...

Malware Analysis – amadey – 069304440a4fab3ef3f25b90650280aa

March 12, 2023

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:smokeloader, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, botnet:pub1, botnet:sprg, backdoor, discovery, ransomware, stealer, trojanMD5: 069304440a4fab3ef3f25b90650280aaSHA1: c38e163e0fc8f9e00e07c1ecde813084659ad714ANALYSIS DATE: 2023-03-11T21:31:50ZTTPS:...

Malware Analysis – djvu – c3d8c8e1ef1f3dedb48408aef01071db

March 12, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, discovery, persistence, ransomware, spyware, stealerMD5: c3d8c8e1ef1f3dedb48408aef01071dbSHA1: 48055804773eafaa0f2e66a7a2311d62a40994d7ANALYSIS DATE: 2023-03-11T21:30:12ZTTPS: T1222, T1060, T1112, T1012,...

Malware Analysis – djvu – 445bb3a7b52a9bd70494d39aed213729

March 12, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, discovery, persistence, ransomware, spyware, stealerMD5: 445bb3a7b52a9bd70494d39aed213729SHA1: 9875a852eef9900ba1d83dc5713468b340c12049ANALYSIS DATE: 2023-03-11T22:45:37ZTTPS: T1222, T1012, T1082, T1005,...

Malware Analysis – evasion – 408a23e5fe991be0faca775f141b0267

March 12, 2023

Score: 6 MALWARE FAMILY: evasionTAGS:evasion, ransomwareMD5: 408a23e5fe991be0faca775f141b0267SHA1: 53b74fce9918d4d0d70d945830c52973d1e0c898ANALYSIS DATE: 2023-03-11T22:35:02ZTTPS: ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more known...

Malware Analysis – djvu – 6ce6587f733dac1590182b577d1414af

March 12, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, discovery, persistence, ransomware, spyware, stealerMD5: 6ce6587f733dac1590182b577d1414afSHA1: 404db30d6206526ee0962cfe01f85f1e2cd841e4ANALYSIS DATE: 2023-03-11T22:43:57ZTTPS: T1012, T1082, T1005, T1081,...

Malware Analysis – amadey – a118a1e07e15162e77cce97c0f921e6a

March 12, 2023

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:laplas, family:pseudomanuscrypt, family:smokeloader, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, botnet:pub1, botnet:sprg, backdoor, clipper, discovery, loader, persistence, ransomware, stealer,...

Malware Analysis – cerber – 10d74de972a374bb9b35944901556f5f

March 12, 2023

Score: 10 MALWARE FAMILY: cerberTAGS:family:cerber, discovery, evasion, ransomwareMD5: 10d74de972a374bb9b35944901556f5fSHA1: 593f11e2aa70a1508d5e58ea65bec0ae04b68d64ANALYSIS DATE: 2023-03-11T23:55:16ZTTPS: T1046, T1012, T1120, T1082, T1018, T1031, T1491, T1112...

Malware Analysis – amadey – 224597975b6add35631168fb06f9b20e

March 12, 2023

Score: 10 MALWARE FAMILY: amadeyTAGS:family:amadey, family:djvu, family:laplas, family:smokeloader, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, botnet:pub1, botnet:sprg, backdoor, clipper, discovery, ransomware, stealer, trojanMD5: 224597975b6add35631168fb06f9b20eSHA1: b52b85a40b55aeb58a4543ce94caa734333c950cANALYSIS...

Malware Analysis – djvu – 918b9b4d245035565fd159b7202ed708

March 12, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, discovery, persistence, ransomware, spyware, stealerMD5: 918b9b4d245035565fd159b7202ed708SHA1: fecbb56a0a4debd0092039ff427ea7f18a93cf93ANALYSIS DATE: 2023-03-11T23:25:16ZTTPS: T1222, T1012, T1082, T1005,...

Malware Analysis – djvu – c9fb256d422f8bbea2b3f1ed7f4a87c1

March 12, 2023

Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, botnet:694f12963bedb0c6040fb3c74aac71e5, discovery, persistence, ransomware, spyware, stealerMD5: c9fb256d422f8bbea2b3f1ed7f4a87c1SHA1: 5c8b864d64fa017390fb12a054c7606b2b781e4cANALYSIS DATE: 2023-03-11T23:25:44ZTTPS: T1053, T1012, T1082, T1005,...

Month: March 2023

The Week in Ransomware – March 10th 2023 – Police Take Action

CISA warns of actively exploited Plex bug after LastPass breach

SEIKO EPSON printers/network interface Web Config cross-site scripting | CVE-2023-27520

Crossplane denial of service | CVE-2023-27484

Oracle Database Vault SQL injection |

SEIKO EPSON printers/network interface Web Config cross-site request forgery | CVE-2023-23572

Fortinet FortiManager, Fortinet FortiAnalyzer, Fortinet FortiPortal, and Fortinet FortiSwitch information disclosure | CVE-2022-27490

Daily Vulnerability Trends: Sun Mar 12 2023

Shopper+ – 878,290 breached accounts

HDB Financial Services – 1,658,750 breached accounts

Malware Analysis – djvu – e0a5572580480d3379b920a897a36c61

Malware Analysis – djvu – 9afdd4346dfb9c65a40d20f7c4812fed

Malware Analysis – banker – 177f323985be212c7eb379585119ecc2

Malware Analysis – djvu – ddf6d8dd27744ee84b53ddc102613c99

Malware Analysis – amadey – 069304440a4fab3ef3f25b90650280aa

Malware Analysis – djvu – c3d8c8e1ef1f3dedb48408aef01071db

Malware Analysis – djvu – 445bb3a7b52a9bd70494d39aed213729

Malware Analysis – evasion – 408a23e5fe991be0faca775f141b0267

Malware Analysis – djvu – 6ce6587f733dac1590182b577d1414af

Malware Analysis – amadey – a118a1e07e15162e77cce97c0f921e6a

Malware Analysis – cerber – 10d74de972a374bb9b35944901556f5f

Malware Analysis – amadey – 224597975b6add35631168fb06f9b20e

Malware Analysis – djvu – 918b9b4d245035565fd159b7202ed708

Malware Analysis – djvu – c9fb256d422f8bbea2b3f1ed7f4a87c1

CVE Alert: CVE-2024-11362

CVE Alert: CVE-2024-10874

CVE Alert: CVE-2024-10961

CVE Alert: CVE-2024-10886

CVE Alert: CVE-2024-10869

You may have missed