Security News

Backdoor.Win32.MiniBlackLash / Remote DoS

Full Disclosure - 1 February, 2021 - 15:30

Posted by malvuln on Feb 01

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/57dee3430d4531a2699f6520819a2ece.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.MiniBlackLash
Vulnerability: Remote DoS
Description: MiniBlackLash listens on both TCP port 6711 and UDP port
60000. Sending a large HTTP request string of junk chars to UDP port
60000 will crash this backdoor.
Type: PE32
MD5:...

Backdoor.Win32.Mhtserv.b / Missing Authentication

Full Disclosure - 1 February, 2021 - 15:30

Posted by malvuln on Feb 01

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/0ba104d752eb63194c356c309196c710.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Mhtserv.b
Vulnerability: Missing Authentication
Description: Mhtserv.b listens on TCP port 1043, apparently there is
no authentication required to access this backdoor. Accessing the
backdoor using telnet you are greeted with a...

Backdoor.Win32.Zhangpo / Remote DoS

Full Disclosure - 1 February, 2021 - 15:30

Posted by malvuln on Feb 01

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/052d18e119f9a2910ed18a137231a041.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zhangpo
Vulnerability: Remote DoS
Description: Zhangpo listens on TCP port 9689, sending a special
character as a long string HTTP payload will DoS the backdoor.
Type: PE32
MD5: 052d18e119f9a2910ed18a137231a041
Vuln ID:...

Backdoor.Win32.Zetronic / Remote DoS

Full Disclosure - 1 February, 2021 - 15:30

Posted by malvuln on Feb 01

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/caf26a74ca39662e2c3d37e55a242daf.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Zetronic
Vulnerability: Remote DoS
Description: Zetronic listens on UDP port 2090, sending a large
datagram packet of junk results in denial of service of the backdoor.
Type: PE32
MD5: caf26a74ca39662e2c3d37e55a242daf
Vuln ID:...

Constructor.Win32.SpyNet.a / Remote Password Leak

Full Disclosure - 1 February, 2021 - 15:30

Posted by malvuln on Feb 01

iscovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/1717731c32830a31e84b74641a4fdec7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Constructor.Win32.SpyNet.a
Vulnerability: Remote Password Leak
Description: Spy-Net [RAT] v0.7, constructs new backdoor servers and
lets you specify a password, default is abcd1234. The password is by
default marked hidden but is leaked when telnet...

Backdoor.Win32.Wollf.14 / Missing Authentication

Full Disclosure - 1 February, 2021 - 15:30

Posted by malvuln on Feb 01

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ccd3e54eb76b3349db57481a0fe68b35.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Wollf.14
Vulnerability: Missing Authentication
Description: Wollf.14 listens on TCP port 7614 and creates a service "wrm"
running as SYSTEM. The backdoor then allows casual intruders to take
control of the infected system...

Backdoor.Win32.DarkKomet.apbb / Insecure Permissions

Full Disclosure - 1 February, 2021 - 15:30

Posted by malvuln on Feb 01

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/d6c930e0ac1df934151d1890f6441fe2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.DarkKomet.apbb
Vulnerability: Insecure Permissions
Description: DarkKomet creates an insecure dir named "Windupdt" under
c:\ drive, this allows unprivilged users to take over the infected
system, as it grants change (C)...

Cross-Site Scripting Vulnerability in Chamilo LMS 1.11.14

Full Disclosure - 1 February, 2021 - 15:28

Posted by Daniel Bishtawi via Fulldisclosure on Feb 01

Hello,

We are informing you about a Cross-Site Scripting Vulnerability in Chamilo
LMS 1.11.14.

Information
--------------------
Advisory by Netsparker
Name: Cross-Site Scripting Vulnerability in Chamilo LMS
Affected Software: Chamilo LMS
Affected Versions: 1.11.14
Homepage: https://chamilo.org/en/
Vulnerability: Cross-Site Scripting
Severity: High
Status: Fixed
CVSS Score (3.0): 7.4 (High)
Netsparker Advisory Reference: NS-21-001

Technical...

X41 D-Sec GmbH Security Advisory X41-2021-001: Multiple Vulnerabilities in YARA

Full Disclosure - 1 February, 2021 - 15:26

Posted by X41 D-Sec GmbH Advisories on Feb 01

X41 D-Sec GmbH Security Advisory: X41-2021-001

Multiple Vulnerabilities in YARA
================================
Highest Severity Rating: Medium
Confirmed Affected Versions: YARA v4.0.3 and earlier
Confirmed Patched Versions: YARA v4.0.4
Vendor: VirusTotal (Google Inc.)
Vendor URL: https://virustotal.github.io/yara
Credit: X41 D-Sec GmbH, Luis Merino
Status: Public
Advisory-URL: https://www.x41-dsec.de/lab/advisories/x41-2021-001-yara

Summary...

News Roundups!

Daily Dave - 1 February, 2021 - 08:22

Posted by Dave Aitel via Dailydave on Feb 01

So lately I've been doing little news roundups on the YouTubes....
Yesterday's is here: https://youtu.be/xgiymt_0isY

Neal Stephenson, in his most recent book, *Fall*, had a character that was
an interesting play on the traditional fantasy "giant" in the sense that
she was normal size, but fractally dense. I feel like we are living that
kind of time - in the sense that gravity is really a measure of how much
stuff is happening...

Re: Fully Automated CONOPs Exercise

Daily Dave - 28 January, 2021 - 12:01

Posted by Pukhraj Singh via Dailydave on Jan 28

Folks like Joe Slowik
<https://www.youtube.com/watch?v=n7XqxRXwFZ4&ab_channel=CYBERWARCON>, Grugq
<https://www.blackhat.com/docs/webcast/12142017-the-triple-a-threat.pdf>and you
<https://cybersecpolitics.blogspot.com/2016/09/the-stern-stewart-summit-germany-and.html>(Dave)
have tried to articulate the CONOPS for worms since long. In their current
forms, worms look like IO packages in full-spectrum missions. Ignoring...

Re: Fully Automated CONOPs Exercise

Daily Dave - 28 January, 2021 - 11:06

Posted by Dave Aitel via Dailydave on Jan 28

I mean, the goal of the question is to start putting some meat on the idea
of what "harm" is and how that is reflected both from a policy and
technical perspective. But also: It's useful to put some real definitions
around what is required to make people comfortable with fully-automated
techniques.

I don't think the idea that we are going to come up with and enforce norms
is as useful as figuring out what the norms really are...

Re: Fully Automated CONOPs Exercise

Daily Dave - 28 January, 2021 - 10:13

Posted by Dave Dittrich via Dailydave on Jan 28

Did any of them mention international humanitarian law, specifically
discrimination, respecting territory of neutral ("green") actors and
their infrastructure, and avoiding harm to neutral third parties and
non-combatants? The problem with most worms is the inability to
accurately discriminate targets and resulting harm. This is an area
where technical experts need to be balanced with operators and policy
makers to ensure that...

Fully Automated CONOPs Exercise

Daily Dave - 27 January, 2021 - 23:49

Posted by Dave Aitel via Dailydave on Jan 27

So one of my new fav questions to ask policy teams is what they would do if
they were told to switch their offensive team entirely to worms. Nothing
else. Just worms. What needs to change to make that happen - from op tempo
to supply chain to personnel to policy and technological investment.

And how would their defensive team need to change strategically if they
were facing such an offensive team.

It's a fun thing to see people wrap their...

APPLE-SA-2021-01-26-4 Xcode 12.4

Full Disclosure - 26 January, 2021 - 17:00

Posted by Apple Product Security via Fulldisclosure on Jan 26

APPLE-SA-2021-01-26-4 Xcode 12.4

Xcode 12.4 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212153.

Xcode IDE
Available for: macOS Catalina 10.15.4 and later
Impact: A malicious application may be able to access
arbitrary files on the host device while running an app
that uses on-demand resources with Xcode
Description: A path handling issue was addressed with
improved...

APPLE-SA-2021-01-26-3 watchOS 7.3

Full Disclosure - 26 January, 2021 - 17:00

Posted by Apple Product Security via Fulldisclosure on Jan 26

APPLE-SA-2021-01-26-3 watchOS 7.3

watchOS 7.3 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212148.

Kernel
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to elevate privileges.
Apple is aware of a report that this issue may have been actively
exploited.
Description: A race condition was addressed with improved locking....

APPLE-SA-2021-01-26-2 tvOS 14.4

Full Disclosure - 26 January, 2021 - 17:00

Posted by Apple Product Security via Fulldisclosure on Jan 26

APPLE-SA-2021-01-26-2 tvOS 14.4

tvOS 14.4 addresses the following issues. Information about the
security content is also available at
https://support.apple.com/HT212149.

Kernel
Available for: Apple TV 4K and Apple TV HD
Impact: A malicious application may be able to elevate privileges.
Apple is aware of a report that this issue may have been actively
exploited.
Description: A race condition was addressed with improved locking.
CVE-2021-1782: an...

APPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4

Full Disclosure - 26 January, 2021 - 17:00

Posted by Apple Product Security via Fulldisclosure on Jan 26

APPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4

iOS 14.4 and iPadOS 14.4 addresses the following issues. Information
about the security content is also available at
https://support.apple.com/HT212146.

Kernel
Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4
and later, and iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges.
Apple is aware of a report that this issue may have been...

Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)

Full Disclosure - 26 January, 2021 - 14:00

Posted by Qualys Security Advisory on Jan 26

Qualys Security Advisory

Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)

========================================================================
Contents
========================================================================

Summary
Analysis
Exploitation
Acknowledgments
Timeline

========================================================================
Summary...

[REVIVE-SA-2021-002] Revive Adserver Vulnerabilities

Full Disclosure - 26 January, 2021 - 13:00

Posted by Matteo Beccati via Fulldisclosure on Jan 26

========================================================================
Revive Adserver Security Advisory REVIVE-SA-2021-002
------------------------------------------------------------------------
https://www.revive-adserver.com/security/revive-sa-2021-002
------------------------------------------------------------------------
CVE-IDs: CVE-2021-22874, CVE-2021-22875
Date: 2020-01-26
Risk...
Syndicate content