Security News

APPLE-SA-2021-03-26-3 watchOS 7.3.3

Full Disclosure - 26 March, 2021 - 15:04

Posted by Apple Product Security via Fulldisclosure on Mar 26

APPLE-SA-2021-03-26-3 watchOS 7.3.3

watchOS 7.3.3 addresses the following issue.
Information about the security content is also available at
https://support.apple.com/HT212258.

WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting. Apple is aware of a report that this
issue may have been actively exploited.
Description: This issue was addressed by...

APPLE-SA-2021-03-26-2 iOS 12.5.2

Full Disclosure - 26 March, 2021 - 15:04

Posted by Apple Product Security via Fulldisclosure on Mar 26

APPLE-SA-2021-03-26-2 iOS 12.5.2

iOS 12.5.2 addresses the following issue. Information about
the security content is also available at
https://support.apple.com/HT212257.

WebKit
Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad
mini 2, iPad mini 3, and iPod touch (6th generation)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting. Apple is aware of a report that this
issue may have...

APPLE-SA-2021-03-26-1 iOS 14.4.2 and iPadOS 14.4.2

Full Disclosure - 26 March, 2021 - 15:04

Posted by Apple Product Security via Fulldisclosure on Mar 26

APPLE-SA-2021-03-26-1 iOS 14.4.2 and iPadOS 14.4.2

iOS 14.4.2 and iPadOS 14.4.2 addresses the following issue.
Information about the security content is also available at
https://support.apple.com/HT212256.

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to...

Backdoor.Win32.Delf.zs / Unauthenticated Remote Command Execution

Full Disclosure - 26 March, 2021 - 15:04

Posted by malvuln on Mar 26

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/911e96073cfe807289366343aa8d97ac.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.zs
Vulnerability: Unauthenticated Remote Command Execution
Description: Backdoor Delf.zs c0ded By Eb0La, is used to build backdoors
that listen on TCP port 2005. Upon building it drops an executable named...

Backdoor.Win32.Kwak.12 / Remote Command Execution

Full Disclosure - 26 March, 2021 - 04:57

Posted by malvuln on Mar 26

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c25393545e5ead3a35996ef9a887bd34.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kwak.12
Vulnerability: Remote Command Execution
Description: The backdoor runs an FTP server that listens on TCP port
37885. The malware is packed using UPX which is trivial to unpack by using
upx -d command, after observe various...

Backdoor.Win32.Kwak.12 / Authentication Bypass

Full Disclosure - 26 March, 2021 - 04:57

Posted by malvuln on Mar 26

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c25393545e5ead3a35996ef9a887bd34_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kwak.12
Vulnerability: Authentication Bypass
Description: The backdoor runs an FTP server that listens on TCP port
37885. The program acts like a typical FTP server and prompts for logon.
However, anyone can seemingly use any...

Backdoor.Win32.Kwak.12 / Port Bounce Scan

Full Disclosure - 26 March, 2021 - 04:57

Posted by malvuln on Mar 26

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c25393545e5ead3a35996ef9a887bd34_D.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kwak.12
Vulnerability: Port Bounce Scan
Description: The backdoor runs an FTP server that listens on TCP port
37885. Third-party adversaries can abuse the server as a man-in-the-middle
machine allowing PORT Command bounce scan...

Backdoor.Win32.Kwak.12 / Remote Denial of Service

Full Disclosure - 26 March, 2021 - 04:57

Posted by malvuln on Mar 26

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c25393545e5ead3a35996ef9a887bd34_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kwak.12
Vulnerability: Remote Denial of Service
Description: The backdoor runs an FTP server that listens on TCP port
37885. Attackers who can reach the infected host can send a payload of
around 6500 bytes using socket program to...

CVE-2021-3275 : Unauthenticated Stored Cross-site Scripting in Multiple TP-Link Devices

Full Disclosure - 26 March, 2021 - 04:57

Posted by Smriti Gaba on Mar 26

==============================================================
Unauthenticated Stored Cross-site Scripting in Multiple TP-Link Devices
==============================================================

Overview
========

Title:- Unauthenticated Stored Cross-site Scripting in TP-Link Devices.
CVE-ID :- CVE-2021-3275
Author: Smriti Gaba, Kaustubh Padwad
Vendor: TP-LINK (https://www.tp-link.com)
Products:
1. DSL and DSL Gateway
2. Access Points
3. WIFI...

BACKDOOR.WIN32.DARKKOMET.GOZU / Insecure Permissions

Full Disclosure - 25 March, 2021 - 01:33

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/00199eb3fd1a0aa6771b7f12fad895a0.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.DarkKomet.gozu
Vulnerability: Insecure Permissions
Description: Creates a hidden dir named "AQIpWUAQIpWU" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...

Worm.Win32.Ngrbot.acno / Insecure Permissions

Full Disclosure - 25 March, 2021 - 01:32

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/0b3c2053a7c09aa25ba81f2bdebbb873.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Worm.Win32.Ngrbot.acno
Vulnerability: Insecure Permissions
Description: Creates a dir named "ffffd76" under c:\ drive and grants
change (C) permissions to the authenticated user group. Standard users can
rename the executables dropped by...

Worm.Win32.Recyl.dp / Insecure Permissions

Full Disclosure - 25 March, 2021 - 01:32

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/e4737fb6c231bfb84d1a55ec2fb61641.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Worm.Win32.Recyl.dp
Vulnerability: Insecure Permissions
Description: creates a dir named "RECYCLER" under c:\ drive and grants
change (C) permissions to the authenticated user group. Standard users can
rename the executables dropped by...

Worm.Win32.Ngrbot.abpr / Insecure Permissions

Full Disclosure - 25 March, 2021 - 01:32

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ed1e47f62fa93f2fd2f4fbcfdd0f1c10.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Worm.Win32.Ngrbot.abpr
Vulnerability: Insecure Permissions
Description: Ngrbot.abpr creates a dir named "Win.Msi" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename several of the...

Trojan-Dropper.Win32.Dycler.yhb / Insecure Permissions

Full Disclosure - 25 March, 2021 - 01:32

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/04a5a52f12d2a130bb88f98c3bc14aa8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Dycler.yhb
Vulnerability: Insecure Permissions
Description: Dycler.yhb creates a dir named "RECYCLER" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...

Worm.Win32.Detnat.c / Insecure Permissions

Full Disclosure - 25 March, 2021 - 01:32

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/8df7527bd3446b89298c9c750394e0b6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Worm.Win32.Detnat.c
Vulnerability: Insecure Permissions
Description: Detnat.c creates a dir named "Recycled" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...

Virus.Win32.Sality.gen / Insecure Permissions

Full Disclosure - 25 March, 2021 - 01:32

Posted by malvuln on Mar 24

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/423a5a63bed721e479c156b309bb58fd.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Virus.Win32.Sality.gen
Vulnerability: Insecure Permissions
Description: Sality.gen creates a dir named "z_Drivers" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...

Trojan-Dropper.Win32.Demp.rft / Insecure Permissions

Full Disclosure - 23 March, 2021 - 13:39

Posted by malvuln on Mar 23

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/db01783710e0c5aff92156a0e76deade.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Demp.rft
Vulnerability: Insecure Permissions
Description: The specimen creates a dir named "tmp" under c:\ drive and
grants change (C) permissions to the authenticated user group. Standard
users can rename the...

Trojan-Dropper.Win32.Delf.da / Remote Stack Buffer Overflow (UDP Datagram)

Full Disclosure - 23 March, 2021 - 13:39

Posted by malvuln on Mar 23

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/a2f1adfd7a35fd0e0207a24be169b4c1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Delf.da
Vulnerability: Remote Stack Buffer Overflow (UDP Datagram)
Description: Delf.da malware listens on UDP port 37031. Adversaries who can
reach the infected system can send a payload of just 999 bytes and trigger
a...

HEUR.Trojan.Win32.Generic / Insecure Permissions

Full Disclosure - 23 March, 2021 - 13:39

Posted by malvuln on Mar 23

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/c60f00700bd73ca369195bd32a3f16a3.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: HEUR.Trojan.Win32.Generic
Vulnerability: Insecure Permissions
Description: The specimen creates a dir named "RECYCLER" under c:\ drive
and grants change (C) permissions to the authenticated user group. Within
the RECYCLER dir exists an...

Trojan-Dropper.Win32.Dycler.vrp / Insecure Permissions

Full Disclosure - 23 March, 2021 - 13:39

Posted by malvuln on Mar 23

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/06cbbff745c60c46e0996928c00ef28f.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Dropper.Win32.Dycler.vrp
Vulnerability: Insecure Permissions
Description: Dycler.vrp creates an insecure dir named "Drivers" under c:\
drive and grants change (C) permissions to the authenticated user group.
Standard users can...
Syndicate content