Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2024-07-31 15:00:00 |
Ewelink Product Security Update Advisory (CVE-2024-7205) (lien direct) |
Aperçu & # 160;Ewelink a publié une mise à jour pour aborder une vulnérabilité dans leur produit.Il est conseillé aux utilisateurs de versions affectées de mettre à jour la dernière version.& # 160;Produits affectés & # 160;CVE-2024-7205 Ewelink Cloud Service HomePage Module Versions: 2.0.0 (inclusive) ~ 2.19.0 (exclusive) & # 160;& # 160;Vulnérabilités résolues & # 160;Vulnérabilité dans le module de page d'accueil de l'Ewelink [& # 8230;]
Overview eWeLink has released an update to address a vulnerability in their product. Users of affected versions are advised to update to the latest version. Affected Products CVE-2024-7205 eWeLink Cloud Service homepage module versions: 2.0.0 (inclusive) ~ 2.19.0 (exclusive) Resolved Vulnerabilities Vulnerability in the homepage module of the eWeLink […] |
Cloud
Vulnerability
|
|
★★★
|
|
2024-07-31 15:00:00 |
VMware Product Security Update Advisory (CVE-2024-37085) (lien direct) |
Aperçu & # 160;VMware a publié des mises à jour pour corriger les vulnérabilités de leurs produits.Il est conseillé aux utilisateurs de versions affectées de mettre à jour la dernière version.& # 160;Produits affectés & # 160;CVE-2024-37085 VMWare ESXi Version: 8.0 VMware ESXi Version: 7.0 VMware Cloud Foundation Version: 5.x VMware Cloud Foundation Version: 4.x & # 160;Vulnérabilités résolues & # 160;Vulnérabilité de contournement d'authentification (CVE-2024-37085) [& # 8230;]
Overview VMware has released updates to fix vulnerabilities in their products. Users of affected versions are advised to update to the latest version. Affected Products CVE-2024-37085 VMware ESXi version: 8.0 VMware ESXi version: 7.0 VMware Cloud Foundation version: 5.X VMware Cloud Foundation version: 4.X Resolved Vulnerabilities Authentication bypass vulnerability (CVE-2024-37085) […] |
Cloud
Vulnerability
|
|
★★★
|
|
2024-06-11 00:44:51 |
Attaques aptes utilisant le stockage cloud APT Attacks Using Cloud Storage (lien direct) |
Ahnlab Security Intelligence Center (ASEC) a partagé des cas d'attaques dans lesquels les acteurs de la menace utilisent des services de cloud telsEn tant que Google Drive, OneDrive et Dropbox pour collecter des informations utilisateur ou distribuer des logiciels malveillants.[1] [2] [3] & # 160; Les acteurs de la menace télécharge principalement des scripts malveillants, des souches de logiciels malveillants de rat et des documents de leurre sur les serveurs cloud pour effectuer des attaques.Les fichiers téléchargés fonctionnent systématiquement et effectuent divers comportements malveillants.Le processus du premier fichier de distribution à l'exécution des logiciels malveillants de rat est le suivant: dans tel ...
AhnLab SEcurity intelligence Center (ASEC) has been sharing cases of attacks in which threat actors utilize cloud services such as Google Drive, OneDrive, and Dropbox to collect user information or distribute malware. [1][2][3] The threat actors mainly upload malicious scripts, RAT malware strains, and decoy documents onto the cloud servers to perform attacks. The uploaded files work systematically and perform various malicious behaviors. The process from the first distribution file to the execution of RAT malware is as follows: In such...
|
Threat
Malware
Cloud
|
|
★★
|
|
2023-03-28 01:05:56 |
Emotet est distribué via onenote [Emotet Being Distributed via OneNote] (lien direct) |
Ahnlab Security Emergency Response Center (ASEC) a récemment découvert la distribution d'Emotet distribuée via OneNote.Un e-mail de phishing de lance comme ci-dessous avec un fichier OneNote invite le lecteur à ouvrir la pièce jointe qui contient un fichier de script malveillant (fichier JS).Lors de l'exécution du fichier OneNote, il ordonne à l'utilisateur de cliquer sur le bouton pour se connecter au cloud pour ouvrir le document.Ceci & # 8216; Suivant & # 8217;Le bouton est inséré avec un script malveillant nommé output1.js.Comme indiqué ci-dessous, le ...
AhnLab Security Emergency response Center (ASEC) has recently discovered the distribution of Emotet being distributed via OneNote. A spear phishing email as below attached with a OneNote file prompts the reader to open the attachment which contains a malicious script file (JS file). Upon running the OneNote file, it directs the user to click the button to connect to the cloud to open the document. This ‘Next’ button is inserted with a malicious script named output1.js. As shown below, the...
|
Cloud
|
|
★
|
|
2023-03-08 23:30:00 |
CHM Malware Disguised as Security Email from a Korean Financial Company: Redeyes (Scarcruft) (lien direct) |
The ASEC (AhnLab Security Emergency response Center) analysis team has discovered that the CHM malware, which is assumed to have been created by the RedEyes threat group (also known as APT37, ScarCruft), is being distributed to Korean users. The team has confirmed that the command used in the “2.3. Persistence” stage of the RedEyes group’s M2RAT malware attack, which was reported back in February, has the same format as the command used in this attack. This information, as well as...
|
Threat
Malware
Cloud
|
APT 37
|
★★
|
|
2023-02-21 01:00:00 |
HWP Malware Using the Steganography Technique: RedEyes (ScarCruft) (lien direct) |
In January, the ASEC (AhnLab Security Emergency response Center) analysis team discovered that the RedEyes threat group (also known as APT37, ScarCruft) had been distributing malware by exploiting the HWP EPS (Encapsulated PostScript) vulnerability (CVE-2017-8291). This report will share the RedEyes group’s latest activity in Korea. 1. Overview The RedEyes group is known for targeting specific individuals and not corporations, stealing not only personal PC information but also the mobile phone data of their targets. A distinct characteristic of the...
|
Threat
Malware
Cloud
Vulnerability
|
APT 37
|
★★★
|