Blog News Vulnerebility Blog -
Úvod APT blog Attack blog BigBrother blog BotNet blog Bug blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog Hardware blog ICS blog Incident blog IoT blog Malware blog Phishing blog Ransomware blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
|21.12.18||Microsoft issues emergency fix for Internet Explorer zero-day||Details are sparse about a security hole that Microsoft said is being exploited in targeted attacks||Vulnerebility blog||Eset|
|20.12.18||Microsoft Patches Out-of-Band Internet Explorer Scripting Engine Vulnerability After Exploitation Detected in the Wild||Microsoft released an out-of-band (OOB) patch on Wednesday related to a vulnerability in the scripting engine of Internet Explorer. This particular vulnerability is believed to be actively exploited in the wild and should be patched immediately.||Vulnerebility blog||Cisco Talos|
|20.12.18||Threat Actors Rapidly Adopt New ThinkPHP RCE Exploit to Spread IoT Malware and Deploy Remote Shells||F5 researchers have observed multiple new campaigns leveraging a very recent exploit against ThinkPHP, a popular PHP framework in China. Within days of its discovery, the vulnerability had already been exploited in the wild by multiple threat actors. With this vulnerability, we see a pattern similar to those we have seen in other RCE vulnerabilities, such as Apache Struts 2 – CVE-2017-5638 mentioned last year, where attackers rushed to capitalize on the time it takes organizations to patch and profit from it.||Vulnerebility blog||F5 Labs|
|20.12.18||On VBScript||Vulnerabilities in the VBScript scripting engine are a well known way to attack Microsoft Windows. In order to reduce this attack surface, in Windows 10 Fall Creators Update, Microsoft disabled VBScript execution in Internet Explorer in the Internet Zone and the Restricted Sites Zone by default.||Vulnerebility blog||Project Zero|
|20.12.18||Searching statically-linked vulnerable library functions in executable code||Software supply chains are increasingly complicated, and it can be hard to detect statically-linked copies of vulnerable third-party libraries in executables. This blog post discusses the technical details of an Apache-licensed open-source library to detect code from other open-source libraries in executables, along with some real-world findings of forked open-source libraries in real-world software.||Vulnerebility blog||Project Zero|
|15.12.18||How threat actors are using SMB vulnerabilities||Some of the most devastating ransomware and Trojan malware variants depend on vulnerabilities in the Windows Server Message Block (SMB) to propagate through an organization’s network. Windows SMB is a protocol used by PCs for file and printer sharing, as well as for access to remote services.||Vulnerebility blog||Malwarebytes|
|14.12.18||Adventures in Video Conferencing Part 5: Where Do We Go from Here?||Overall, our video conferencing research found a total of 11 bugs in WebRTC, FaceTime and WhatsApp. The majority of these were found through less than 15 minutes of mutation fuzzing RTP. We were surprised to find remote bugs so easily in code that is so widely distributed. There are several properties of video conferencing that likely led to the frequency and shallowness of these issues.||Vulnerebility blog||Project Zero|
|12.12.18||Adventures in Video Conferencing Part 4: What Didn't Work Out with WhatsApp||Not every attempt to find bugs is successful. When looking at WhatsApp, we spent a lot of time reviewing call signalling hoping to find a remote, interaction-less vulnerability. No such bugs were found. We are sharing our work with the hopes of saving other researchers the time it took to go down this very long road. Or maybe it will give others ideas for vulnerabilities we didn’t find.||Vulnerebility blog||Project Zero|
|12.12.18||50 CVEs in 50 Days: Fuzzing Adobe Reader||The year 2017 was an inflection point in the vulnerability landscape. The number of new vulnerabilities reported that year was around 14,000, which is over twice the number from the year before (see table below). The probable reason for this is the increased popularity of automatic vulnerability finding tools, also known as “fuzzers”.||Vulnerebility blog||Checkpoint|
|12.12.18||Microsoft Patch Tuesday — December 2018: Vulnerability disclosures and Snort coverage||Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 38 vulnerabilities, nine of which are rated “critical” and 29 that are considered “important.” There are no “moderate” or “low” vulnerabilities in this release.||Vulnerebility blog||Cisco Talos|
|5.12.18||Humble Bundle alerts customers to subscription reveal bug||You’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information.||Vulnerebility blog||Malwarebytes|
|5.12.18||Adventures in Video Conferencing Part 1: The Wild World of WebRTC||Over the past five years, video conferencing support in websites and applications has exploded. Facebook, WhatsApp, FaceTime and Signal are just a few of the many ways that users can make audio and video calls across networks.||Vulnerebility blog||Project Zero|
|4.12.18||Vulnerability Spotlight: Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection Vulnerability||Today, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense system_advanced_misc.php powerd_normal_mode. pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.||Vulnerebility blog||Cisco Talos|
|2.12.18||Wireshark update 2.6.5 available||Wireshark version 2.6.5 is available: release notes.||Vulnerebility blog||SANS|
|21.11.18||Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Atlantis Word Processor||Today, Cisco Talos is disclosing three remote code execution vulnerabilities in the Atlantis Word Processor. Atlantis Word Processor is a traditional word processor that provides a number of basic features for users, in line with what is in other similar types of software.||Vulnerebility blog||Cisco Talos|
|Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN||Cisco Talos is disclosing multiple vulnerabilities in the TP-Link TL-R600VPN router. TP-Link produces a number of different types of small and home office (SOHO) routers. Talos discovered several bugs in this particular router model that could lead to remote code execution.||Vulnerebility blog||Cisco Talos|
FLARE VM has gone through many major changes to better support our users’ needs.
|14.11.18||Microsoft Patch Tuesday – November 18||This month the vendor has patched 62 vulnerabilities, 13 of which are rated Critical.||Vulnerebility blog||Symantec|
DJI Drone Vulnerability
|Besides from consumers, though, it has also taken a large share of the corporate market, with customers coming from the critical infrastructure, manufacturing, agricultural, construction, emergency-management sectors and more. With so many customers worldwide, both consumer and corporate, DJI drones can obtain data and images from a wide range of viewpoints and across a large spectrum of subject matter.||Vulnerebility blog||Checkpoint|
|25.10.18||FLARE Script Series: Reverse Engineering WebAssembly Modules Using the idawasm IDA Pro Plugin||We introduce idawasm, an IDA Pro plugin that provides a loader and processor modules for WebAssembly modules||Vulnerebility blog||FireEye|
Faxploit: Sending Fax Back to the Dark Ages
Research By: Eyal Itkin and Yaniv Balmas Fax, the brilliant technology that lifted mankind out the dark ages of mail delivery when only the postal service and carrier pigeons were used to deliver..
Research By: Dikla Barda, Roman Zaikin and Oded Vanunu As of early 18, the Facebook-owned messaging application, WhatsApp, has over 1.5 billion users with over one billion groups and 65 billion messages sent...
|Scriptable Remote Debugging with Windbg and IDA Pro||Required Background: Basic experience with virtual machines, i.e. creating a VM and installing an OS. The most technically involved it gets is setting up a working SSH server on one of the VMs||Vulnerebility blog|
|Remote Code Execution Vulnerability on LG Smartphones||Research by: Slava Makkaveev Background A few months ago, Check Point Research discovered two vulnerabilities that reside in the default keyboard on all mainstream LG smartphone models (termed by LG as ‘LGEIME’). These...||Vulnerebility blog||Checkpoint|
|MMap Vulnerabilities – Linux Kernel||By: Eyal Itkin As part of our efforts in identifying vulnerabilities in different products, from time to time we also review the Linux Kernel, mainly searching for vulnerabilities in different drivers. In this||Vulnerebility blog|
|NTLM Credentials Theft via PDF Files||Just a few days after it was reported that malicious actors can exploit a vulnerability in MS outlook using OLE to steal a Windows user’s NTLM hashes, the Check Point research team can.||Vulnerebility blog||Checkpoint|
|Uncovering Drupalgeddon 2||By Eyal Shalev, Rotem Reiss and Eran Vaknin Abstract Two weeks ago, a highly critical (25/25 NIST rank) vulnerability, nicknamed Drupalgeddon 2 (SA-CORE-18-002 / CVE-18-7600), was disclosed by the Drupal security team. This vulnerability||Vulnerebility blog|
|Many Formulas, One Calc – Exploiting a New Office Equation Vulnerability||By: Omer Gull and Netanel Ben Simon Background A few weeks ago, a vulnerability in the Office Equation 3.0 process (EQNEDT32.EXE) was discovered by Embedi. For a couple of reasons this event raised.||Vulnerebility blog||Checkpoint|
|30.7.18||Huawei Home Routers in Botnet Recruitment||A Zero-Day vulnerability (CVE-2017-17215) in the Huawei home router HG532 has been discovered by Check Point Researchers, and hundreds of thousands of attempts to exploit it have already been found in the wild..||Vulnerebility blog|
This Tuesday, Microsoft released a security patch including 48 fixes, 25 of which are defined as “critical”. While Microsoft updates happen every month, this one reveals an especially dangerous vulnerability – CVE-2017-8620. Behind this dull.
On June 20th Check Point published an IPS signature providing virtual patching for the Siemens SIPROTEC DoS vulnerability. This IPS signature can help protect against a new malware, CrashOverride, also known as Industroyer–..
One of the most concerning revelations arising from the recent WikiLeaks publication is the possibility that government organizations can compromise WhatsApp, Telegram and other end-to-end encrypted chat applications. While this has yet to
The FireEye Labs Advanced Reverse Engineering (FLARE) team’s annual reverse engineering challenge will start at 8:00 p.m. ET on Aug. 24, 18.
This post details the challenges FireEye faced examining boot records at scale and our solution to find evil boot records in large enterprise networks.