Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

New campaign uses government, union-themed lures to deliver Cobalt Strike beacons

By Chetan Raghuprasad and Vanja Svajcer. Cisco Talos discovered a malicious campaign in August 2022 delivering Cobalt Strike beacons that could be used in later, follow-on attacks. Lure themes in the phishing documents in this campaign are related to the job details of a government organization in the United States and a trade union in New Zealand. The attack involves a multistage and modular infection chain with fileless, malicious scripts. Cisco Talos recently discovered a malicious campaign with a modularised attack technique to deliver Cobalt Strike beacons on infected endpoints. The initial vector of this attack is a phishing email with a malicious Microsoft Word document attachment containing an exploit that attempts to exploit the vulnerability CVE-2017-0199, a remote code execution issue in Microsoft Office. If a victim opens the maldoc, it downloads a malicious Word document template hosted on an attacker-controlled Bitbucket repository. Talos discovered two attack met...

TALOS
#vulnerability#web#mac#windows#microsoft#ubuntu#linux#cisco#git#rce#botnet#alibaba#auth#bitbucket#ssl
Hackers Using PowerPoint Mouseover Trick to Infect System with Malware

The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique "is designed to be triggered when the user starts the presentation mode and moves the mouse," cybersecurity firm Cluster25 said in a technical report. "The code execution runs a

Critical WhatsApp Bugs Could Have Let Attackers Hack Devices Remotely

WhatsApp has released security updates to address two flaws in its messaging app for Android and iOS that could lead to remote code execution on vulnerable devices. One of them concerns CVE-2022-36934 (CVSS score: 9.8), a critical integer overflow vulnerability in WhatsApp that results in the execution of arbitrary code simply by establishing a video call. The issue impacts the WhatsApp and

CVE-2022-40497: Fix arbitrary code execution flaw in Active Response by vikman90 · Pull Request #14801 · wazuh/wazuh

Wazuh v3.6.1 - v3.13.5, v4.0.0 - v4.2.7, and v4.3.0 - v4.3.7 were discovered to contain an authenticated remote code execution (RCE) vulnerability via the Active Response endpoint.

CVE-2022-23006: NVD - CVE-2022-23006

A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can only be exploited by chaining it with another issue. If an attacker is able to carry out a remote code execution attack, they can gain access to the vulnerable file, due to the presence of insecure functions in code. User interaction is required for exploitation. Exploiting the vulnerability could result in exposure of information, ability to modify files, memory access errors, or system crashes.

CVE-2022-38932: Buffer overflow causing RCE in readelf · Issue #243 · klange/toaruos

readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file.

CVE-2022-40878: Offensive Security’s Exploit Database Archive

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).

CVE-2022-39256: Release C1 CMS 6.13 · Orckestra/C1-CMS-Foundation

Orckestra C1 CMS is a .NET based Web Content Management System. A vulnerability in versions prior to 6.13 allows remote attackers to execute arbitrary code on affected installations of Orckestra C1 CMS. Authentication is required to exploit this vulnerability. The authenticated user may perform the actions unknowingly by visiting a specially crafted site. This issue is patched in C1 CMS v6.13. There are no known workarounds.

Flaw in some ManageEngine apps is being actively exploited, says CISA

Categories: Exploits and vulnerabilities Categories: News The critical CVE-2022-35405 flaw affects several Zoho ManageEngine products. Federal and private organizations must patch now! (Read more...) The post Flaw in some ManageEngine apps is being actively exploited, says CISA appeared first on Malwarebytes Labs.