Threat: Backdoor.Win32.GateHell.21
Vulnerability: Authentication Bypass
Description: The malware runs an FTP server on TCP ports
5301,5432,5300,5299,5298,5297,5296 and 5295. Third-party attackers who can
reach infected systems can logon using any…
Threat: Backdoor.Win32.Delf.zn
Vulnerability: Insecure Credential Storage
Description: The default credentials for the backdoor are stored in
cleartext within the “Firefly.ini” file.
Family: Delf
Type: PE32
MD5: 9acdbfc9f7c1f6e589485b30aa91bfd2…
Threat: Backdoor.Win32.Psychward.03.a
Vulnerability: Weak Hardcoded Password
Description: The malware listens on TCP port 13013. Authentication is
required, however the password “m4sturb4t10n” is weak and hardcoded in
cleartext within the PE…
Threat: Backdoor.Win32.Hupigon.haqj
Vulnerability: Insecure Service Path
Description: The malware creates a service with an unquoted path. Third
party attackers who can place an arbitrary executable under c: drive can
potentially undermine the integrity…
Threat: Trojan.Win32.TScash.c
Vulnerability: Insecure Permissions
Description: The malware writes a PE file with insecure permissions to c
drive granting change (C) permissions to the authenticated user group.
Standard users can rename the executable…
Threat: Backdoor.Win32.Loselove
Vulnerability: Denial of Service
Description: The malware listens on UDP ports 9329, 8329, 8322, 8131 and
8130. Attackers can send a large junk payload to UDP port 8131 causing it
to crash.
Family: Loselove
Type: PE32
MD5:…
This release addresses CVE-2022-24765. Per the release announcement:
On multi-user machines, Git users might find themselves unexpectedly in a Git worktree, e.g. when another user created a repository in C:.git, in a mounted network drive or in a scratch space. Merely having a Git-aware prompt that runs git status (or git diff) and navigating to a directory which is supposedly not a Git worktree, or opening such a directory in an editor or IDE such as VS Code or Atom, will potentially run commands defined by that other user.
A broad “escape hatch” is available in cases where all the repositories you may enter are considered safe, regardless of their ownership. Quoting another release announcement:
* can be used as the value for the safe.directory variable to signal that the user considers that any directory is safe.
