Cobalt Stike Beacon Detected – 120[.]79[.]70[.]83:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Month: March 2023
Cobalt Stike Beacon Detected – 20[.]189[.]26[.]53:8406
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
XWiki Platform information disclosure | CVE-2023-26473
NAME__________XWiki Platform information disclosurePlatforms Affected:Risk Level:6.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________XWiki Platform could allow a remote authenticated attacker to obtain sensitive information, caused...
Huawei FLMG-10 buffer overflow | CVE-2022-48330
NAME__________Huawei FLMG-10 buffer overflowPlatforms Affected:Huawei FLMG-10 10.0.1.0(H100SP22C00)Risk Level:7.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Huawei Sound Box Product FLMG-10 is vulnerable to a buffer overflow,...
XWiki Platform security bypass | CVE-2023-26478
NAME__________XWiki Platform security bypassPlatforms Affected:Risk Level:6.5Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________XWiki Platform could allow a remote authenticated attacker to bypass security restrictions, caused...
XWiki Platform denial of service | CVE-2023-26470
NAME__________XWiki Platform denial of servicePlatforms Affected:Risk Level:5.7Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________XWiki Platform is vulnerable to a denial of service, caused by...
phpseclib denial of service | CVE-2023-27560
NAME__________phpseclib denial of servicePlatforms Affected:Risk Level:5.3Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________phpseclib is vulnerable to a denial of service, caused by an infinite...
SonicWall SonicOS SSLVPN security bypass | CVE-2023-1101
NAME__________SonicWall SonicOS SSLVPN security bypassPlatforms Affected:Risk Level:4.3Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________SonicWall SonicOS SSLVPN could allow a remote authenticated attacker to bypass security...
Trusted Computing Group Trusted Platform Module information disclosure | US-CERT VU#782720
NAME__________Trusted Computing Group Trusted Platform Module information disclosurePlatforms Affected:Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Trusted...
XWiki Platform security bypass | CVE-2023-26056
NAME__________XWiki Platform security bypassPlatforms Affected:Risk Level:5.4Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION__________XWiki Platform could allow a remote authenticated attacker to bypass security restrictions, caused...
SonicWall SonicOS denial of service | CVE-2023-0656
NAME__________SonicWall SonicOS denial of servicePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________SonicWall SonicOS is vulnerable to a denial of service, caused by...
XWiki Platform denial of service | CVE-2023-26479
NAME__________XWiki Platform denial of servicePlatforms Affected:Risk Level:6.5Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________XWiki Platform is vulnerable to a denial of service, caused by...
Cisco IP Phone 6800, 7800, and 8800 Series denial of service | CVE-2023-20079
NAME__________Cisco IP Phone 6800, 7800, and 8800 Series denial of servicePlatforms Affected:Cisco IP Phone 6800 Series Cisco IP Phone 7800...
XWiki Platform information disclosure | CVE-2023-26476
NAME__________XWiki Platform information disclosurePlatforms Affected:Risk Level:7.5Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________XWiki Platform could allow a remote attacker to obtain sensitive information, caused by...
Malware Analysis – djvu – 5ebfd0177d61d9610cc24b6be9c49c66
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, discovery, persistence, ransomware, spyware, stealerMD5: 5ebfd0177d61d9610cc24b6be9c49c66SHA1: f34c66aa7cda54430371517f2ece087ad6be9445ANALYSIS DATE: 2023-03-04T03:28:28ZTTPS: T1082, T1005, T1081, T1012, T1222,...
Malware Analysis – djvu – ba3e0e669fc055a64099226e0c0511a1
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, discovery, persistence, ransomware, spyware, stealerMD5: ba3e0e669fc055a64099226e0c0511a1SHA1: 024b3a04e8550cc8ff077266424807a4e319a6d4ANALYSIS DATE: 2023-03-04T05:36:51ZTTPS: T1005, T1081, T1222, T1012, T1082,...
Malware Analysis – djvu – 5fe8008a41050b88736ade3c433ee806
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, discovery, persistence, ransomware, spyware, stealerMD5: 5fe8008a41050b88736ade3c433ee806SHA1: e878270e7ef197c97c0f4dbd4f2a774ca8d327a9ANALYSIS DATE: 2023-03-04T03:32:39ZTTPS: T1082, T1005, T1081, T1012, T1222,...
Malware Analysis – djvu – 5f99c9df93b9b66259189cf52450f603
Score: 10 MALWARE FAMILY: djvuTAGS:family:djvu, family:vidar, discovery, persistence, ransomware, spyware, stealerMD5: 5f99c9df93b9b66259189cf52450f603SHA1: 616758355836f3577da9be51d30001caf7d3b440ANALYSIS DATE: 2023-03-04T03:44:20ZTTPS: T1012, T1082, T1222, T1005, T1081,...
GunAction.com – 565,470 breached accounts
HIBP In December 2022, the online firearms auction website GunAuction.com suffered a data breach which was later discovered left unprotected...
Microsoft Exchange Online outage blocks access to mailboxes worldwide
Microsoft is investigating an ongoing outage blocking Exchange Online customers worldwide from accessing their mailboxes or sending/receiving emails. Affected users...
Iron Tiger hackers create Linux version of their custom malware
The APT27 hacking group, aka "Iron Tiger," has prepared a new Linux version of its SysUpdate custom remote access malware,...
GitHub’s secret scanning alerts now available for all public repos
GitHub has announced that its secret scanning alerts service is now generally available to all public repositories and can be...
Cisco patches critical Web UI RCE flaw in multiple IP phones
Cisco has addressed a critical security vulnerability found in the Web UI of multiple IP Phone models that unauthenticated and...
British retail chain WH Smith says data stolen in cyberattack
British retailer WH Smith has suffered a data breach that exposed information belonging to current and former employees. The company operates...
