Archive | Security Bulletins RSS feed for this section

Very Large Sample as Evasion Technique?, (Thu, Mar 26th)

Security controls have a major requirement: they can’t (or at least they try to not) interfere with normal operations of the protected system. It is known that antivirus products do not scan very large files (or just the first x bytes) for performance reasons. Can we consider a very big file as a technique to […]

Leave a comment Continue Reading →

Recent Dridex activity, (Wed, Mar 25th)

Introduction This week, I’ve seen a lot of malicious spam (malspam) pushing Dridex malware.  Today’s diary, provides a quick rundown on the types of malspam I’ve seen, and it also covers what an infected Windows host looks like. The malspam I’ve seen at least 3 different themes used during the first two days of this […]

Leave a comment Continue Reading →

SANS CyberCast Hallway Talk: Microsoft Windows Type 1 Font Parsing 0-Day https://www.youtube.com/watch?v=VSnVbrgnXJs, (Tue, Mar 24th)

— Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute Twitter| (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Leave a comment Continue Reading →

Another Critical COVID-19 Shortage: Digital Security, (Tue, Mar 24th)

Following is a guest cross-post from John Scott-Railton, a Senior Researcher at The Citizen Lab. His work focuses on technological threats to civil society. We all know about global shortages of ventilators, protective equipment, and pharmaceuticals. But as work moves home, it will be much less secure, harder to defend, and easier to snoop on. […]

Leave a comment Continue Reading →

Windows Zeroday Actively Exploited: Type 1 Font Parsing Remote Code Execution Vulnerability, (Mon, Mar 23rd)

Microsoft announced limited exploitation of a zeroday remote code execution vulnerability in the type 1 font parser. There are two RCE vulnerabilities in Windows Adobe Type Manager Library on Windows system, when parsing Adobe Type 1 PostScript format. There are multiple attack vectors, like documents. Microsoft is working on a patch. Following mitigation actions can […]

Leave a comment Continue Reading →

CVE-2020-3922 (lisomail)

LisoMail, by ArmorX, allows SQL Injections, attackers can access the database without authentication via a URL parameter manipulation.

Leave a comment Continue Reading →

CVE-2019-14881 (moodle)

A vulnerability was found in moodle 3.7 to 3.7.2 and before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed.

Leave a comment Continue Reading →

CVE-2019-14882 (moodle)

A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page.

Leave a comment Continue Reading →

CVE-2020-9443 (zulip_desktop)

Zulip Desktop before 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.

Leave a comment Continue Reading →

CVE-2019-14884 (moodle)

A vulnerability was found in Moodle 3.7 before 3.73, 3.6 before 3.6.7 and 3.5 before 3.5.9, where a reflected XSS possible from some fatal error messages.

Leave a comment Continue Reading →