Posted by malvuln on May 07

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/46bfd4f1d581d7c0121d2b19a005d3df.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Satana
Vulnerability: Code Execution
Description: Satana searches for and loads a DLL named “wow64log.dll” in
WindowsSystem32. Therefore, we can drop our own DLL to intercept and
terminate the malware pre-encryption….

Read More

Posted by malvuln on May 07

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/20f0c736a966142de88dee06a2e4a5b1.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Conti
Vulnerability: Code Execution
Description: Conti looks for and executes DLLs in its current directory.
Therefore, we can potentially hijack a vuln DLL execute our own code,
control and terminate the malware pre-encryption….

Read More

Posted by malvuln on May 07

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/8ed9a60127aee45336102bf12059a850.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Petya
Vulnerability: Code Execution
Description: Petya looks for and loads a DLL named “wow64log.dll” in
WindowsSystem32. Therefore, we can drop our own DLL to intercept and
terminate the malware pre-encryption. The…

Read More

Posted by malvuln on May 07

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/2aea3b217e6a3d08ef684594192cafc8.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Ransom.Cryakl
Vulnerability: Code Execution
Description: Cryakl looks for and loads a DLL named “wow64log.dll” in
WindowsSystem32. Therefore, we can drop our own DLL to intercept and
terminate the malware pre-encryption. The…

Read More

Posted by malvuln on May 07

Discovery / credits: Malvuln – (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/6152709e741c4d5a5d793d35817b4c3d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Trojan-Ransom.Radamant
Vulnerability: Code Execution
Description: Radamant tries to load a DLL named “PROPSYS.dll” and execute a
hidden PE file “DirectX.exe” from the AppDataRoaming directory. Therefore,
we can…

Read More

It was discovered that ecdsautils, a collection of ECDSA elliptic curve
cryptography CLI tools verified some cryptographic signatures incorrectly:
A signature consisting only of zeroes was always considered valid,
making it trivial to forge signatures.

Read More

FEDORA-EPEL-2022-8c2d65f5e3

Packages in this update:

et-6.2.1-2.el8

Update description:

Several security and stability improvements

Read More

FEDORA-2022-e3a794b591

Packages in this update:

et-6.2.1-2.fc36

Update description:

Several security and stability improvements

Read More

FEDORA-2022-185b91b741

Packages in this update:

et-6.2.1-2.fc35

Update description:

Several security and stability improvements

Read More

FEDORA-2022-80b92b2a04

Packages in this update:

et-6.2.1-2.fc34

Update description:

Several security and stability improvements

Read More