LiveAction adds new SOC-focused features to ThreatEye NDR platform

Read Time:37 Second

End-to-end network security and performance visibility vendor LiveAction has announced new security operations center (SOC) focused updates to its Network Detection and Response (NDR) platform, ThreatEye. In a press release, the firm stated that the platform features a new user interface (UI) designed to enhance the ability of SOC analysts to correlate findings and policy violations to track incidents.

The platform offers enhanced predicative threat intelligence capabilities that allow SOC analysts to identify and track domains and IP addresses not yet active but registered by threat actors and associated malware campaigns. It also includes packet-based behavioral fingerprinting to identify behavior in encrypted traffic streams and host-based behavioral analysis, LiveAction added.

To read this article in full, please click here

Read More

Backdoor.Win32.Delf.eg / Unauthenticated Remote Command Execution

Read Time:19 Second

Posted by malvuln on Oct 03

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/de6220a8e8fcbbee9763fb10e0ca23d7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Delf.eg
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 7401. Third-party adversarys
who can reach infected systems can issue commands made available by the…

Read More

Backdoor.Win32.NTRC / Weak Hardcoded Credentials

Read Time:19 Second

Posted by malvuln on Oct 03

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/273fd3f33279cc9c0378a49cf63d7a06.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.NTRC
Vulnerability: Weak Hardcoded Credentials
Family: NTRC
Type: PE32
MD5: 273fd3f33279cc9c0378a49cf63d7a06
Vuln ID: MVID-2022-0646
Disclosure: 10/02/2022
Description: The malware listens on TCP port 6767….

Read More

WordPress plugin – WPvivid Backup – CVE-2022-2863.

Read Time:14 Second

Posted by Rodolfo Tavares via Fulldisclosure on Oct 03

=====[ Tempest Security Intelligence – ADV-15/2022
]==========================

WordPress plugin – WPvivid Backup – Version < 0.9.76

Author: Rodolfo Tavares

Tempest Security Intelligence – Recife, Pernambuco – Brazil

=====[ Table of Contents]==================================================
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References

=====[ Vulnerability…

Read More

CVE-2022-3132 (goolytics)

Read Time:11 Second

The Goolytics WordPress plugin before 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

Read More

CVE-2022-3128 (donation_thermometer)

Read Time:14 Second

The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Read More

CVE-2022-3125 (frontend_file_manager)

Read Time:14 Second

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE

Read More

CVE-2022-3124 (frontend_file_manager)

Read Time:14 Second

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server

Read More