Archive | Security Bulletins RSS feed for this section

Maldoc XLS Invoice with Excel 4 Macros, (Sun, Apr 5th)

This week I got an email claiming to be a YellowPages invoice with an XLS attachment containing an Excel 4.0 macro which has similarity to [1][2]. Using Didier‘s oledump.py tool, I checked the spreadsheet using plugin plugin_biff with option -x which show Excel 4 macros: Next step will be to check for any embeded URL […]

Comments Off on Maldoc XLS Invoice with Excel 4 Macros, (Sun, Apr 5th) Continue Reading →

CVE-2020-11498

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go. A user can also use Nebula to execute arbitrary code in the user’s own context, e.g., for user-level persistence or to bypass security controls. NOTE: the vendor […]

Comments Off on CVE-2020-11498 Continue Reading →

Very Large Sample as Evasion Technique?, (Thu, Mar 26th)

Security controls have a major requirement: they can’t (or at least they try to not) interfere with normal operations of the protected system. It is known that antivirus products do not scan very large files (or just the first x bytes) for performance reasons. Can we consider a very big file as a technique to […]

Comments Off on Very Large Sample as Evasion Technique?, (Thu, Mar 26th) Continue Reading →

Recent Dridex activity, (Wed, Mar 25th)

Introduction This week, I’ve seen a lot of malicious spam (malspam) pushing Dridex malware.  Today’s diary, provides a quick rundown on the types of malspam I’ve seen, and it also covers what an infected Windows host looks like. The malspam I’ve seen at least 3 different themes used during the first two days of this […]

Comments Off on Recent Dridex activity, (Wed, Mar 25th) Continue Reading →

SANS CyberCast Hallway Talk: Microsoft Windows Type 1 Font Parsing 0-Day https://www.youtube.com/watch?v=VSnVbrgnXJs, (Tue, Mar 24th)

— Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute Twitter| (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Comments Off on SANS CyberCast Hallway Talk: Microsoft Windows Type 1 Font Parsing 0-Day https://www.youtube.com/watch?v=VSnVbrgnXJs, (Tue, Mar 24th) Continue Reading →

Another Critical COVID-19 Shortage: Digital Security, (Tue, Mar 24th)

Following is a guest cross-post from John Scott-Railton, a Senior Researcher at The Citizen Lab. His work focuses on technological threats to civil society. We all know about global shortages of ventilators, protective equipment, and pharmaceuticals. But as work moves home, it will be much less secure, harder to defend, and easier to snoop on. […]

Comments Off on Another Critical COVID-19 Shortage: Digital Security, (Tue, Mar 24th) Continue Reading →

Windows Zeroday Actively Exploited: Type 1 Font Parsing Remote Code Execution Vulnerability, (Mon, Mar 23rd)

Microsoft announced limited exploitation of a zeroday remote code execution vulnerability in the type 1 font parser. There are two RCE vulnerabilities in Windows Adobe Type Manager Library on Windows system, when parsing Adobe Type 1 PostScript format. There are multiple attack vectors, like documents. Microsoft is working on a patch. Following mitigation actions can […]

Comments Off on Windows Zeroday Actively Exploited: Type 1 Font Parsing Remote Code Execution Vulnerability, (Mon, Mar 23rd) Continue Reading →

CVE-2020-3922 (lisomail)

LisoMail, by ArmorX, allows SQL Injections, attackers can access the database without authentication via a URL parameter manipulation.

Comments Off on CVE-2020-3922 (lisomail) Continue Reading →

CVE-2019-14881 (moodle)

A vulnerability was found in moodle 3.7 to 3.7.2 and before 3.7.3, where there is blind XSS reflected in some locations where user email is displayed.

Comments Off on CVE-2019-14881 (moodle) Continue Reading →

CVE-2019-14882 (moodle)

A vulnerability was found in Moodle 3.7 to 3.7.3, 3.6 to 3.6.7, 3.5 to 3.5.9 and earlier where an open redirect existed in the Lesson edit page.

Comments Off on CVE-2019-14882 (moodle) Continue Reading →