Security
Headlines
HeadlinesLatestCVEs

Tag

#php

ModernLoader delivers multiple stealers, cryptominers and RATs

By Vanja Svajcer Cisco Talos recently observed three separate, but related, campaigns between March and June 2022 delivering a variety of threats, including the ModernLoader bot, RedLine information-stealer and cryptocurrency-mining malware to victims. The actors use PowerShell, .NET assemblies, and HTA and VBS files to spread across a targeted network, eventually dropping other pieces of malware, such as the SystemBC trojan and DCRAT, to enable various stages of their operations. The attackers' use of a variety of off-the-shelf tools makes it difficult to attribute this activity to a specific adversary. The final payload appears to be ModernLoader, which acts as a remote access trojan (RAT) by collecting system information and deploying various modules. In the earlier campaigns from March, we also observed the attackers delivering the cryptocurrency mining malware XMRig. The March campaigns appeared to be targeting Eastern European users, as the constructor utility we analyzed had...

TALOS
Open in Source
#web#mac#windows#google#microsoft#amazon#cisco#js#git#wordpress#intel#php#auth#sap
CVE-2022-36712: bug_report/SQLi-4.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/studentdetails.php.

CVE-2022-36711: bug_report/SQLi-5.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/bookdetails.php.

CVE-2022-36713: bug_report/SQLi-8.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /librarian/lab.php.

CVE-2022-36714: bug_report/SQLi-7.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /staff/lab.php.

CVE-2022-36709: bug_report/SQLi-6.md at main · k0xx11/bug_report

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/edit_book_details.php.

CVE-2022-1115: heap-buffer-overflow in magick at quantum-private.h PushShortPixel · Issue #4974 · ImageMagick/ImageMagick

A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.

CVE-2022-1204: security - CVE-2022-1204: Linux kernel: UAF caused by binding operation when ax25 device is detaching

A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.

CVE-2022-1199: security - CVE-2022-1199 kernel: Null pointer dereference and use-after-free in ax25_release()

A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.