Blog News Vulnerebility Blog -  

Úvod  APT blog  Attack blog  BigBrother blog  BotNet blog  Bug blog  Cyber blog  Cryptocurrency blog  Exploit blog  Hacking blog  Hardware blog  ICS blog  Incident blog  IoT blog  Malware blog  Phishing blog  Ransomware blog  Safety blog  Security blog  Social blog  Spam blog  Vulnerebility blog


 


Datum

Název

Info

Blog

Companies

21.12.18Microsoft issues emergency fix for Internet Explorer zero-dayDetails are sparse about a security hole that Microsoft said is being exploited in targeted attacksVulnerebility blogEset
20.12.18Microsoft Patches Out-of-Band Internet Explorer Scripting Engine Vulnerability After Exploitation Detected in the WildMicrosoft released an out-of-band (OOB) patch on Wednesday related to a vulnerability in the scripting engine of Internet Explorer. This particular vulnerability is believed to be actively exploited in the wild and should be patched immediately.Vulnerebility blogCisco Talos
20.12.18Threat Actors Rapidly Adopt New ThinkPHP RCE Exploit to Spread IoT Malware and Deploy Remote ShellsF5 researchers have observed multiple new campaigns leveraging a very recent exploit against ThinkPHP, a popular PHP framework in China. Within days of its discovery, the vulnerability had already been exploited in the wild by multiple threat actors. With this vulnerability, we see a pattern similar to those we have seen in other RCE vulnerabilities, such as Apache Struts 2 – CVE-2017-5638 mentioned last year, where attackers rushed to capitalize on the time it takes organizations to patch and profit from it.Vulnerebility blogF5 Labs
20.12.18On VBScriptVulnerabilities in the VBScript scripting engine are a well known way to attack Microsoft Windows. In order to reduce this attack surface, in Windows 10 Fall Creators Update, Microsoft disabled VBScript execution in Internet Explorer in the Internet Zone and the Restricted Sites Zone by default.Vulnerebility blogProject Zero
20.12.18Searching statically-linked vulnerable library functions in executable codeSoftware supply chains are increasingly complicated, and it can be hard to detect statically-linked copies of vulnerable third-party libraries in executables. This blog post discusses the technical details of an Apache-licensed open-source library to detect code from other open-source libraries in executables, along with some real-world findings of forked open-source libraries in real-world software.Vulnerebility blogProject Zero
15.12.18How threat actors are using SMB vulnerabilitiesSome of the most devastating ransomware and Trojan malware variants depend on vulnerabilities in the Windows Server Message Block (SMB) to propagate through an organization’s network. Windows SMB is a protocol used by PCs for file and printer sharing, as well as for access to remote services.Vulnerebility blogMalwarebytes
14.12.18Adventures in Video Conferencing Part 5: Where Do We Go from Here?Overall, our video conferencing research found a total of 11 bugs in WebRTC, FaceTime and WhatsApp. The majority of these were found through less than 15 minutes of mutation fuzzing RTP. We were surprised to find remote bugs so easily in code that is so widely distributed. There are several properties of video conferencing that likely led to the frequency and shallowness of these issues.Vulnerebility blogProject Zero
12.12.18Adventures in Video Conferencing Part 4: What Didn't Work Out with WhatsAppNot every attempt to find bugs is successful. When looking at WhatsApp, we spent a lot of time reviewing call signalling hoping to find a remote, interaction-less vulnerability. No such bugs were found. We are sharing our work with the hopes of saving other researchers the time it took to go down this very long road. Or maybe it will give others ideas for vulnerabilities we didn’t find.Vulnerebility blogProject Zero
12.12.1850 CVEs in 50 Days: Fuzzing Adobe ReaderThe year 2017 was an inflection point in the vulnerability landscape. The number of new vulnerabilities reported that year was around 14,000, which is over twice the number from the year before (see table below). The probable reason for this is the increased popularity of automatic vulnerability finding tools, also known as “fuzzers”.Vulnerebility blogCheckpoint
12.12.18Vulnerability Spotlight: Adobe Acrobat Reader DC text field remote code execution vulnerabilityAdobe Acrobat Reader DC contains a vulnerability that could allow an attacker to remotely execute code on the victim’s machine. If the attacker tricks the user into opening a specially crafted PDF with specific JavaScript, they could cause heap corruption. The user could also trigger this bug if they open a specially crafted email attachment.Vulnerebility blogCisco Talos
12.12.18Microsoft Patch Tuesday — December 2018: Vulnerability disclosures and Snort coverageMicrosoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 38 vulnerabilities, nine of which are rated “critical” and 29 that are considered “important.” There are no “moderate” or “low” vulnerabilities in this release.Vulnerebility blogCisco Talos
5.12.18Humble Bundle alerts customers to subscription reveal bugYou’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information.Vulnerebility blogMalwarebytes
5.12.18Adventures in Video Conferencing Part 1: The Wild World of WebRTCOver the past five years, video conferencing support in websites and applications has exploded. Facebook, WhatsApp, FaceTime and Signal are just a few of the many ways that users can make audio and video calls across networks.Vulnerebility blogProject Zero
4.12.18Vulnerability Spotlight: Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection VulnerabilityToday, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense system_advanced_misc.php powerd_normal_mode. pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more.Vulnerebility blogCisco Talos
2.12.18Wireshark update 2.6.5 availableWireshark version 2.6.5 is available: release notes.Vulnerebility blogSANS
21.11.18Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Atlantis Word ProcessorToday, Cisco Talos is disclosing three remote code execution vulnerabilities in the Atlantis Word Processor. Atlantis Word Processor is a traditional word processor that provides a number of basic features for users, in line with what is in other similar types of software. Vulnerebility blogCisco Talos

19.11.18

Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPNCisco Talos is disclosing multiple vulnerabilities in the TP-Link TL-R600VPN router. TP-Link produces a number of different types of small and home office (SOHO) routers. Talos discovered several bugs in this particular router model that could lead to remote code execution.Vulnerebility blogCisco Talos

15.11.18

FLARE VM Update

FLARE VM has gone through many major changes to better support our users’ needs.

Vulnerebility blog

FireEye

14.11.18Microsoft Patch Tuesday – November 18This month the vendor has patched 62 vulnerabilities, 13 of which are rated Critical.Vulnerebility blogSymantec
8.11.18

DJI Drone Vulnerability

Besides from consumers, though, it has also taken a large share of the corporate market, with customers coming from the critical infrastructure, manufacturing, agricultural, construction, emergency-management sectors and more. With so many customers worldwide, both consumer and corporate, DJI drones can obtain data and images from a wide range of viewpoints and across a large spectrum of subject matter.Vulnerebility blogCheckpoint
25.10.18FLARE Script Series: Reverse Engineering WebAssembly Modules Using the idawasm IDA Pro PluginWe introduce idawasm, an IDA Pro plugin that provides a loader and processor modules for WebAssembly modulesVulnerebility blogFireEye

12.8.18

Faxploit: Sending Fax Back to the Dark Ages

Research By: Eyal Itkin and Yaniv Balmas Fax, the brilliant technology that lifted mankind out the dark ages of mail delivery when only the postal service and carrier pigeons were used to deliver..

Vulnerebility blog

Checkpoint

7.8.18

FakesApp: A Vulnerability in WhatsApp

Research By: Dikla Barda, Roman Zaikin and Oded Vanunu As of early 18, the Facebook-owned messaging application, WhatsApp, has over 1.5 billion users with over one billion groups and 65 billion messages sent...

Vulnerebility blog

Checkpoint

30.7.18

Scriptable Remote Debugging with Windbg and IDA ProRequired Background: Basic experience with virtual machines, i.e. creating a VM and installing an OS. The most technically involved it gets is setting up a working SSH server on one of the VMsVulnerebility blog

Checkpoint

30.7.18

Remote Code Execution Vulnerability on LG SmartphonesResearch by: Slava Makkaveev Background A few months ago, Check Point Research discovered two vulnerabilities that reside in the default keyboard on all mainstream LG smartphone models (termed by LG as ‘LGEIME’). These...Vulnerebility blogCheckpoint

30.7.18

MMap Vulnerabilities – Linux KernelBy: Eyal Itkin As part of our efforts in identifying vulnerabilities in different products, from time to time we also review the Linux Kernel, mainly searching for vulnerabilities in different drivers. In thisVulnerebility blog

Checkpoint

30.7.18

NTLM Credentials Theft via PDF FilesJust a few days after it was reported that malicious actors can exploit a vulnerability in MS outlook using OLE to steal a Windows user’s NTLM hashes, the Check Point research team can.Vulnerebility blogCheckpoint

30.7.18

Uncovering Drupalgeddon 2By Eyal Shalev, Rotem Reiss and Eran Vaknin Abstract Two weeks ago, a highly critical (25/25 NIST rank) vulnerability, nicknamed Drupalgeddon 2 (SA-CORE-18-002 / CVE-18-7600), was disclosed by the Drupal security team. This vulnerabilityVulnerebility blog

Checkpoint

30.7.18

Many Formulas, One Calc – Exploiting a New Office Equation VulnerabilityBy: Omer Gull and Netanel Ben Simon Background A few weeks ago, a vulnerability in the Office Equation 3.0 process (EQNEDT32.EXE) was discovered by Embedi. For a couple of reasons this event raised.Vulnerebility blogCheckpoint
30.7.18Huawei Home Routers in Botnet RecruitmentA Zero-Day vulnerability (CVE-2017-17215) in the Huawei home router HG532 has been discovered by Check Point Researchers, and hundreds of thousands of attempts to exploit it have already been found in the wild..Vulnerebility blog

Checkpoint

30.7.18

“The Next WannaCry” Vulnerability is Here

This Tuesday, Microsoft released a security patch including 48 fixes, 25 of which are defined as “critical”. While Microsoft updates happen every month, this one reveals an especially dangerous vulnerability – CVE-2017-8620. Behind this dull.

Vulnerebility blog

Checkpoint

30.7.18

CrashOverride

On June 20th Check Point published an IPS signature providing virtual patching for the Siemens SIPROTEC DoS vulnerability. This IPS signature can help protect against a new malware, CrashOverride, also known as Industroyer–..

Vulnerebility blog

Checkpoint

30.7.18

Check Point Discloses Vulnerability that Allowed Hackers to Take over Hundreds of Millions of WhatsApp & Telegram Accounts

One of the most concerning revelations arising from the recent WikiLeaks publication is the possibility that government organizations can compromise WhatsApp, Telegram and other end-to-end encrypted chat applications. While this has yet to

Vulnerebility blog

Checkpoint

18

Announcing the Fifth Annual Flare-On Challenge

The FireEye Labs Advanced Reverse Engineering (FLARE) team’s annual reverse engineering challenge will start at 8:00 p.m. ET on Aug. 24, 18.

Vulnerebility blog

FireEye

18

BIOS Boots What? Finding Evil in Boot Code at Scale!

This post details the challenges FireEye faced examining boot records at scale and our solution to find evil boot records in large enterprise networks.

Vulnerebility blog

FireEye