Payment details of some of the victims were successfully stolen by the attackers
Daily Archives: October 3, 2022
LiveAction adds new SOC-focused features to ThreatEye NDR platform
End-to-end network security and performance visibility vendor LiveAction has announced new security operations center (SOC) focused updates to its Network Detection and Response (NDR) platform, ThreatEye. In a press release, the firm stated that the platform features a new user interface (UI) designed to enhance the ability of SOC analysts to correlate findings and policy violations to track incidents.
The platform offers enhanced predicative threat intelligence capabilities that allow SOC analysts to identify and track domains and IP addresses not yet active but registered by threat actors and associated malware campaigns. It also includes packet-based behavioral fingerprinting to identify behavior in encrypted traffic streams and host-based behavioral analysis, LiveAction added.
Backdoor.Win32.Delf.eg / Unauthenticated Remote Command Execution
Posted by malvuln on Oct 03
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/de6220a8e8fcbbee9763fb10e0ca23d7.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Delf.eg
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 7401. Third-party adversarys
who can reach infected systems can issue commands made available by the…
Backdoor.Win32.NTRC / Weak Hardcoded Credentials
Posted by malvuln on Oct 03
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/273fd3f33279cc9c0378a49cf63d7a06.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Backdoor.Win32.NTRC
Vulnerability: Weak Hardcoded Credentials
Family: NTRC
Type: PE32
MD5: 273fd3f33279cc9c0378a49cf63d7a06
Vuln ID: MVID-2022-0646
Disclosure: 10/02/2022
Description: The malware listens on TCP port 6767….
WordPress plugin – WPvivid Backup – CVE-2022-2863.
Posted by Rodolfo Tavares via Fulldisclosure on Oct 03
=====[ Tempest Security Intelligence – ADV-15/2022
]==========================
WordPress plugin – WPvivid Backup – Version < 0.9.76
Author: Rodolfo Tavares
Tempest Security Intelligence – Recife, Pernambuco – Brazil
=====[ Table of Contents]==================================================
* Overview
* Detailed description
* Timeline of disclosure
* Thanks & Acknowledgements
* References
=====[ Vulnerability…
Lazarus Group Exploits Dell Driver Vulnerability to Bypass Windows Security
ESET said the vulnerability was exploited at least twice via a specific user-mode module
CVE-2022-3132 (goolytics)
The Goolytics WordPress plugin before 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-3128 (donation_thermometer)
The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-3125 (frontend_file_manager)
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE
CVE-2022-3124 (frontend_file_manager)
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server