Tag
#windows
A sophisticated cyber-espionage attack against high-value targets attending a maritime technology conference in Pakistan this weekend has been in the works since last year.
Avast researchers also discovered and reported two zero-day vulnerabilities, and observed the spread of information-stealing malware, remote access trojans, and botnets.
A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution.
Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files using `StaticHandler` on Windows Operating Systems and Windows File Systems, if the mount point is a wildcard (`*`) then an attacker can exfiltrate any class path resource. When computing the relative path to locate the resource, in case of wildcards, the code: `return "/" + rest;` from `Utils.java` returns the user input (without validation) as the segment to lookup. Even though checks are performed to avoid escaping the sandbox, given that the input was not sanitized `\` are not properly handled and an attacker can build a path that is valid within the classpath. This issue only affects users deploying in windows environments and upgrading is the advised remediation path. There are no known workarounds for this vulnerability.
SOUND4 LinkAndShare Transmitter version 1.1.2 suffers from a format string memory leak and stack buffer overflow vulnerability because it fails to properly sanitize user supplied input when calling the getenv() function from MSVCR120.DLL resulting in a crash overflowing the memory stack and leaking sensitive information. The attacker can abuse the username environment variable to trigger and potentially execute code on the affected system.
This Metasploit module exploits an unauthenticated remote code execution vulnerability that affects Zoho ManageEngine Endpoint Central and MSP versions 10.1.2228.10 and below (CVE-2022-47966). Due to a dependency to an outdated library (Apache Santuario version 1.4.1), it is possible to execute arbitrary code by providing a crafted samlResponse XML to the Endpoint Central SAML endpoint. Note that the target is only vulnerable if it is configured with SAML-based SSO, and the service should be active.
The Microsoft Windows kernel suffers from a use-after-free vulnerability due to a dangling registry link node under paged pool memory pressure.
Categories: Business Application Block helps organizations easily thwart unwanted applications from launching on Windows endpoints. (Read more...) The post Introducing Malwarebytes Application Block: How to block unauthorized software from executing on Windows endpoints appeared first on Malwarebytes Labs.
A previously unknown threat actor dubbed NewsPenguin has been linked to a phishing campaign targeting Pakistani entities by leveraging the upcoming international maritime expo as a lure. "The attacker sent out targeted phishing emails with a weaponized document attached that purports to be an exhibitor manual for PIMEC-23," the BlackBerry Research and Intelligence Team said. PIMEC, short for
Categories: News Tags: ryuk Tags: ransomware Tags: guilty Tags: encrypt Tags: ransom Tags: cryptocurrency Tags: bitcoin We take a look at a guilty plea made in relation to Ryuk ransomware proceeds, and how you can best protect yourself from the threat of ransomware. (Read more...) The post Ryuk ransomware laundering leads to guilty plea appeared first on Malwarebytes Labs.