Summary: Microsoft has discovered and disclosed two significant vulnerabilities in Rockwell Automation’s PanelView Plus devices, which could be remotely exploited by unauthenticated attackers to execute remote code and initiate denial-of-service (DoS) attacks.

Threat Actor: Unauthenticated attackers | unauthenticated attackers Victim: Rockwell Automation’s PanelView Plus devices | Rockwell Automation’s PanelView Plus devices

Key Point :

Microsoft has discovered and disclosed two significant vulnerabilities in Rockwell Automation’s PanelView Plus devices.…
Read More

Summary: The Android Security Bulletin provides information about security vulnerabilities affecting Android devices and the necessary security patches to address these issues.

Threat Actor: N/A

Victim: Android device users

Key Point:

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2024-07-05 or later address all of these issues.…
Read More

Summary: This content provides information about a vulnerability in PTC’s Creo Elements/Direct License Server that allows unauthenticated remote attackers to execute arbitrary OS commands.

Threat Actor: Unauthenticated remote attackers

Victim: PTC’s Creo Elements/Direct License Server

Key Point :

The vulnerability affects versions 20.7.0.0 and prior of Creo Elements/Direct License Server.…
Read More

Summary: This article discusses the concept of polyglot files, which are files that can be interpreted as multiple file types simultaneously, and the potential security implications they pose.

Threat Actor: N/A Victim: N/A

Key Point :

Polyglot files are designed to exploit the way different file formats are interpreted by different software, allowing them to bypass security measures and potentially execute malicious code.…
Read More

Summary: The content discusses the archiving of the ‘node-ip’ project’s GitHub repository by its developer, Fedor Indutny, due to receiving debatable or bogus CVE reports for the project.

Threat Actor: N/A

Victim: Fedor Indutny | Fedor Indutny

Key Point :

The ‘node-ip’ project’s GitHub repository was archived by its developer, Fedor Indutny, after receiving debatable or bogus CVE reports for the project.…
Read More
2024-06-30

Introduction

A few days ago, we came across a peculiar file. It looked like some kind of builder, and a quick glance at the settings piqued our interest. It appeared to be a ShadowPad builder, probably created around 2021.

ShadowPad builders became a topic of conversation around the time of the i-Soon leak, but we had never seen the actual builder ourselves.…

Read More

On May 20, 2024, while everyone was happily celebrating the holiday, the tireless XLab CTIA(Cyber Threat Insight Analysis) system captured a suspicious ELF file around 2 PM, located at /usr/bin/geomi. This file was packed with a modified UPX, had a magic number of 0x30219101, and was uploaded from Russia to VirusTotal, where it was not detected as malicious by any antivirus engine.…

Read More

On June 17, 2024, we discovered an ELF sample written in C language with a detection rate of 0 on VT. This sample was packed with a modified upx packer. After unpacking, another modified upx-packed elf file was obtained which was written in CGO mode. After analysis, it was found that this is a new tool from the “8220” mining gang, which is used to install other malware, mainly to install the Tsunami DDoS botnet and the PwnRig mining program.…

Read More

Summary: A popular dependency manager for Apple apps, CocoaPods, has been found to have serious vulnerabilities, making it a prime target for hackers.

Threat Actor: Hackers targeting the CocoaPods platform.

Victim: Apple app developers using the CocoaPods platform.

Key Point:

CocoaPods is a widely used platform by Apple app developers to add and manage external libraries.…
Read More

Summary: Fake IT support sites are promoting malicious PowerShell “fixes” for the 0x80070643 error on Windows devices, infecting them with information-stealing malware.

Threat Actor: Unknown | Unknown Victim: Windows users | Windows users

Key Point :

Fake IT support sites are promoting malicious PowerShell “fixes” for the 0x80070643 error on Windows devices.…
Read More

Summary: The Qualys Threat Research Unit has discovered a Remote Unauthenticated Code Execution vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems, which allows unauthenticated remote code execution as root and presents a significant security risk.

Threat Actor: N/A

Victim: OpenSSH server instances

Key Point:

The vulnerability is a signal handler race condition in OpenSSH’s server (sshd) that affects sshd in its default configuration.…
Read More

Summary: This article discusses multiple critical vulnerabilities in Emerson devices that expose them to cyberattacks.

Threat Actor: N/A Victim: Emerson devices

Key Point :

Multiple critical vulnerabilities have been discovered in Emerson devices, putting them at risk of cyberattacks.

Endpoint Security , Governance & Risk Management , Internet of Things Security

Critical-Severity Flaws Expose Emerson Devices to Cyberattacks Prajeet Nair (@prajeetspeaks) • June 28, 2024    

Image: Shutterstock

Multiple critical vulnerabilities in Emerson gas chromatographs could allow malicious actors access to sensitive data, cause denial-of-service conditions and execute arbitrary commands.…

Read More

Summary: Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.

Threat Actor: N/A

Victim: Juniper Networks

Key Point :

Juniper Networks has released an emergency update to address an authentication bypass vulnerability in their Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.…
Read More

We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner.

SummaryWater Sigbin continues to exploit CVE-2017-3506 and CVE-2023-21839 to deploy  cryptocurrency miners via a PowerShell script. The threat actor employs fileless execution techniques, using DLL reflective and process injection, allowing the malware code to run solely in memory and avoid disk-based detection mechanisms.…
Read More

Summary: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three known exploited vulnerabilities to its catalog, including a code injection flaw in GeoServer and a use-after-free vulnerability in the Linux Kernel.

Threat Actor: N/A Victim: N/A

Key Point :

The GeoServer flaw (CVE-2022-24816) allows for remote code execution through code injection in the Jai-Ext open source project.…
Read More