Security News

"Severely lacking".

Daily Dave - 20 January, 2021 - 11:15

Posted by Dave Aitel via Dailydave on Jan 20

Recently I read this post from Maddie Stone of Google's Project Zero:
https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-review-of-0.html
. In particular, it has a bolded line of "*As a community, our ability to
detect 0-days being used in the wild is severely lacking to the point that
we can’t draw significant conclusions due to the lack of (and biases in)
the data we have collected.*" which is the most...

Backdoor.Win32.NetBull.11.a / Remote Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/80e98fdf726a3e727f3414bdbf2e86bb.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NetBull.11.a
Vulnerability: Remote Buffer Overflow
Description: Netbull listens on both TCP ports 23444 and 23445,
sending a large string of junk chars causes stack corruption
overwriting EDX register.
Type: PE32
MD5:...

Email-Worm.Win32.Agent.gi / Remote Stack Buffer Overflow - (UDP Datagram)

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/74e65773735f977185f6a09f1472ea46.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Email-Worm.Win32.Agent.gi
Vulnerability: Remote Stack Buffer Overflow - (UDP Datagram)
Description: Creates a service "Microsoft ASPI Manager" and listens on
TCP ports 80, 81 and UDP 53. The service process is a dropped
executable named...

Constructor.Win32.SMWG.c / Insecure Permissions

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/47e819a6ce3d5e93819f4842cfbe23d6.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Constructor.Win32.SMWG.c
Vulnerability: Insecure Permissions
Description: Description: SMWG - P2P VBS.sucke.gen worm generator by
sevenC / N0:7 outputs its malicious VBS script granting change (C)
permissions to authenticated users group.
Type:...

Constructor.Win32.SMWG.a / Insecure Permissions

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/07cd532823d6ab05d6e5e3a56f7afbfd.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Constructor.Win32.SMWG.a
Vulnerability: Insecure Permissions
Description: Win32.SMWG VBS.sucke.gen worm generator by sevenC / N0:7
outputs its malicious VBS script granting change (C) permissions to
authenticated users group.

Type: PE32
MD5:...

Newfuture Trojan V.1.0 BETA 1 / Insecure Permissions

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/4f9376824718ff23a6238c877f73ff73.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Newfuture Trojan V.1.0 BETA 1
Vulnerability: Insecure Permissions
Description: Newfuture by Wider is a remote access client and has a
(Fast_sms) server component, it is written in spanish. On installation
it grants (C) change privileges to...

Backdoor.Win32.Mnets / Remote Stack Buffer Overflow - (UDP Datagram Proto)

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/1e42493dcef54a62bc28e0a1338c1142.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Mnets
Vulnerability: Remote Stack Buffer Overflow - (UDP Datagram Proto)
Description: The backdoor listens for commands on UDP ports 2222 and
4444. Sending a mere 323 bytes we can overwrite the instruction
pointer (EIP), potentially...

Backdoor.Win32.Whgrx / Remote Host Header Stack Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/eb6fd418cd3b52132ffb029b52839edf.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Whgrx
Vulnerability: Remote Host Header Stack Buffer Overflow
Description: The specimen listens on datagram UDP port 65000, by
sending a specially crafted HTTP PUT request and specifying a large
string of characters for the HOST...

Backdoor.Win32.Latinus.b / Remote Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/9adffcc98cd658a7f9c5419480013f72.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Latinus.b
Vulnerability: Remote Buffer Overflow
Description: Malware listens on both TCP ports 11831 and 29559, by
sending an HTTP OPTIONS request with about 8945 bytes we trigger
buffer overflow and overwriting stack registers....

Backdoor.Win32.Nucleroot.t - MaskPE 1.6 / File Based Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 20211
Original source:
https://malvuln.com/advisory/170d3ccf9f036c552aef6690bf419b2e.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Nucleroot.t - MaskPE 1.6
Vulnerability: File Based Buffer Overflow
Description: Description: MaskPE by yzkzero is a tool for implanting
backdoors in existing PE files. The Backdoor tool doesnt properly check the
files it loads and...

Backdoor.Win32.Nucleroot.bi - MaskPE 2.0 / File Based Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/25e0570cc803cd77abc2268b41237937.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Nucleroot.bi - MaskPE 2.0
Vulnerability: File Based Buffer Overflow
Description: MaskPE by yzkzero is a tool for implanting backdoors in
existing PE files. The Backdoor tool doesnt properly check the files
it loads and falls victim...

Backdoor.Win32.Ncx.bt / Remote Stack Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ad5c01b3e6d0254adfe0898c6d16f927.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Ncx.bt
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 42, sending a single HTTP
GET request with a packet size of 10140 bytes, will trigger the buffer
overflow overwriting both EIP and...

BACKDOOR.WIN32.KETCH.A / Remote SEH Stack Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/1149c42fd8cf3ca7d00ef55a6337befe.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Ketch.a
Vulnerability: Remote SEH Stack Buffer Overflow
Description: Ketch makes HTTP request to port 80 for a file named
script.dat, upon processing the server response of 1,612 bytes or more
we can trigger SEH buffer overflow.
Our...

Backdoor.Win32.Ketch.i / SEH Remote Stack Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:17

Posted by malvuln on Jan 19

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/ee314e1b913a09ec86c63d7186d8f0b8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Ketch.i
Vulnerability: SEH Remote Stack Buffer Overflow
Description: Ketch makes HTTP request to port 80 for a file named
script.dat, upon processing the server response of 1,612 bytes or more
we can trigger SEH buffer overflow.
Our...

BACKDOOR.WIN32.KURBADUR.A / Remote Stack Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:16

Posted by malvuln on Jan 19

Discovery / credits: malvuln - Malvuln.com (c) 2021
Original source:
https://malvuln.com/advisory/821d3d5a9b15dc3388fe17f233cce296.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Kurbadur.a
Vulnerability: Remote Stack Buffer Overflow
Description: The malware listens on TCP port 21220, by sending
incrementing HTTP TRACE requests with an increasing payload size, we
trigger buffer overflow overwriting EIP.
Upon...

Re: Trovent Security Advisory 2010-01 [updated] / CVE-2020-28208: Rocket.Chat email address enumeration vulnerability

Full Disclosure - 19 January, 2021 - 12:16

Posted by Stefan Pietsch on Jan 19

# Trovent Security Advisory 2010-01 #
#####################################

Email address enumeration in reset password
###########################################

Overview
########

Advisory ID: TRSA-2010-01
Advisory version: 1.2
Advisory status: Public
Advisory URL: https://trovent.io/security-advisory-2010-01
Affected product: Web application Rocket.Chat
Affected version: <= 3.9.1
Vendor: Rocket.Chat Technologies Corp.,...

Re: Backdoor.Win32.NinjaSpy.c / Remote Stack Buffer Overflow

Full Disclosure - 19 January, 2021 - 12:14

Posted by network.mp4 via Fulldisclosure on Jan 19

Matthew Fernandez <matthew.fernandez () gmail com> at Fri, 8 Jan 2021 07:53:44 -0800:

I personally think that those malware vulnerabilities are a great way to detect malware, however, they may be used a
lot to infect vulnerable computers with even more malware. But it's still a backdoor and those are great for education
about how such backdoors can be prevented, as list subscribers can see what mistakes did the programmer do and...

Re: Backdoor.Win32.Xtreme.yvp / Insecure Permissions EoP

Full Disclosure - 19 January, 2021 - 12:14

Posted by network.mp4 via Fulldisclosure on Jan 19

bo0od <bo0od () riseup net> at Fri, 8 Jan 2021 10:31:06 +0000:

No, the backdoor is referring to a specific Windows malware program that has a vulnerability that can be abused as a
backdoor. There is no proof that this malware was made by Microsoft and the email does not suggest that.

Regards!

Bugtraq: Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

Security Focus Vulnerabilities - 16 January, 2021 - 20:45
Cisco Unified Contact Center Express Privilege Escalation Vulnerability (CVE-2019-1888)

Bugtraq: [SECURITY] [DSA 4633-1] curl security update

Security Focus Vulnerabilities - 16 January, 2021 - 20:45
[SECURITY] [DSA 4633-1] curl security update
Syndicate content