Backdoor.Win32.BluanWeb / Unauthenticated Remote Command Execution

Read Time:18 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/30903ccbc6747c0da5a2775884b78def_C.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BluanWeb
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware “BlueAngel For WebServer” by “leonshoh” listens on
TCP port 80. The malware provides an HTML web-interface that exposes…

Read More

Backdoor.Win32.BluanWeb / Information Disclosure

Read Time:19 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/30903ccbc6747c0da5a2775884b78def_B.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BluanWeb
Vulnerability: Information Disclosure
Description: The malware “BlueAngel For WebServer” by “leonshoh” listens on
TCP port 80. The malware provides an HTML web-interface that exposes the
entire system…

Read More

Backdoor.Win32.BluanWeb / Unauthenticated Remote Code Execution

Read Time:18 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/30903ccbc6747c0da5a2775884b78def.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BluanWeb
Vulnerability: Unauthenticated Remote Code Execution
Description: The malware “BlueAngel For WebServer” by “leonshoh” listens on
TCP port 80. The malware provides an HTML web-interface that exposes the…

Read More

Backdoor.Win32.FTP.Nuclear.10 / Hardcoded Credentials

Read Time:20 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/9c23dad9ba11305fecf38bed46b0cec2.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.FTP.Nuclear.10
Vulnerability: Hardcoded Credentials
Description: The malware builds backdoor files and uses UPX packer. When
building server.exe the provided credentials are then stored within the PE
file. Unpacking the malware…

Read More

Backdoor.Win32.BNLite / Remote Stack Buffer Overflow

Read Time:21 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/0d1f873f6816debd244e1e77509f6ba7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BNLite
Vulnerability: Remote Stack Buffer Overflow
Description: BioNet Lite Server 4.0a listens on TCP port 5000. Third-party
attackers who can reach an infected system can trigger a buffer overflow
overwriting the ECX, EDX and AX…

Read More

Backdoor.Win32.Augudor.a / Unauthenticated Remote File Write – RCE

Read Time:21 Second

Posted by malvuln on Mar 09

Discovery / credits: Malvuln – malvuln.com (c) 2022
Original source:
https://malvuln.com/advisory/bf1b1a2f4be78d6b62ed7c316c77a9a1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Augudor.a
Vulnerability: Unauthenticated Remote File Write – RCE
Description: Augudor.a drops an empty file named “zy.exe” and listens on
TCP port 1011. Attackers who can reach the infected host can write any
binary file…

Read More

New Release: UFONet v1.8 – “DarK-PhAnT0m!”…

Read Time:24 Second

Posted by psy on Mar 09

Hi Community,

I am glad to present a new release of this tool:

https://ufonet.03c8.net

———

“UFONet is a free software, P2P and cryptographic -disruptive toolkit-
that allows to perform DoS and DDoS attacks; on the Layer 7 (APP/HTTP)
through the exploitation of Open Redirect vectors on third-party
websites to act as a botnet and on the Layer3 (Network) abusing the
protocol.”

“It also works as an encrypted DarkNET to…

Read More

Mr. Post – Outlook Add-in – Data Theft Risk

Read Time:23 Second

Posted by Jonathan Gregson via Fulldisclosure on Mar 09

Mr. Post is an Outlook add-in used for inspecting emails for threats. Its tagline states “One click to visualize email.
Unveil scam, phishing, ransom and BEC (Business Email Compromise).” The add-in is featured prominently in the Outlook
Add-in store, including those on iOS and Android. It’s possible that users in your org use this add-in. You can find it
in Microsoft AppSource here:…

Read More

China-aligned APT renews cyberattack on European diplomats, as war rages

Read Time:37 Second

Proofpoint cybersecurity researchers have identified ramped-up activities by China-aligned APT (advanced persistent threat) actor TA416, targeting European diplomatic entities as the war between Russia and Ukraine intensifies. 

TA416 (aka RedDelta ) is known to have been targeting Europe for several years using web bugs to profile target accounts, according to a research report by Proofpoint.

Also known as tracking pixels, web bugs hyperlink a malicious object within the body of an email which, when activated, attempts to retrieve a benign image file from the hacker server. This provides a “sign of life” confirmation to the bad actor establishing that the target account is valid and inclined to open malicious emails with social engineering content. 

To read this article in full, please click here

Read More