What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2024-04-30 08:33:11 | Découvrez le côté obscur des DLL (Dynamic Link Library) (lien direct) | >En bref :Le chargement latéral de DLL (Dynamic Link Library) est une technique permettant d'exécuter des charges virales malveillantes dans une DLL masquée en exploitant le processus d'exécution d'une application légitime.Des groupes de malware, tels que les groupes APT chinois et les malwares Darkgate, exploitent sur le terrain une vulnérabilité de chargement latéral de DLL Zero-Day [...] | Malware Vulnerability Threat | ||
|
2023-02-06 09:04:22 | A BOLDMOVE by the Chinese Hackers: Exploiting Fortinet Systems (lien direct) | >By Nilaa MaharjanContentsKey FindingsWhich Products and Versions are Affected?Making a BOLD statementBoldly going where no malware has gone beforeDetecting BOLDMOVE using LogpointInvestigation and response with LogpointRemediation and mitigation best practicesFinal ThoughtsTL;DRFortinet disclosed a zero-day vulnerability in its FortiOS SSL-VPN products in December 2022, which was discovered to have been exploited by ransomware gangs.The vulnerability, a [...] | Ransomware Malware Vulnerability | ★★ | |
|
2022-11-17 12:36:54 | Text4Shell: Detecting exploitation of CVE-2022-42889 (lien direct) | >-Anish Bogati & Nilaa Maharjan; Security Research Index Remnant of Log4Shell? PoC of CVE-2022-42889 Detecting Text4shell using Logpoint Apply mitigations without delay On Oct. 13, 2022, the Apache Software Foundation released a security advisory for a critical zero-day vulnerability in Apache Common Text from version 1.5 to 1.9. Labeled CVE-2022-42899, Text4shell has a 9.8 severity [...] | Vulnerability | ||
|
2022-06-08 12:15:16 | Detecting Atlassian confluence remote code execution vulnerability (CVE-2022-26134) in Logpoint (lien direct) | >by Bhabesh Raj Rai, Security ResearchOn June 2, 2022, Atlassian released a security advisory for a critical zero-day vulnerability (CVE-2022-26134) that hackers are exploiting in Confluence Server and Data Center. The flaw allows an unauthenticated attacker to execute arbitrary code on a vulnerable Confluence Server or Data Center instance.The advisory stated that all supported versions [...] | Vulnerability | ||
|
2022-05-27 12:42:36 | Detecting high severity AD privilege escalation vulnerability (lien direct) | >by Bhabesh Raj Rai, Security Research In this month's patch Tuesday, Microsoft fixed a high severity privilege escalation vulnerability (CVE-2022-26923) in AD domain services having a CVSS score of 8.8 which is close to critical. This vulnerability allows a lowprivilege authenticated user to acquire a certificate of privileged accounts such as domain controllers from AD [...] | Vulnerability | ||
|
2020-11-04 09:42:42 | Active exploitation of the Oracle WebLogic Server RCE vulnerability (CVE-2020-14882) (lien direct) | By Bhabesh Raj Rai, Associate Security Analytics Engineer The October release of Oracle's quarterly Critical Patch Update (CPU) fixed a total of 402 vulnerabilities across its various product families. More than half of the vulnerabilities were remote exploitable that did not require authentication. One of the vulnerabilities, CVE-2020-14882, is an RCE flaw in the WebLogic [...] | Vulnerability | ||
|
2020-10-07 10:16:15 | Microsoft Exchange Server RCE vulnerability (CVE-2020-0688) (lien direct) | By Bhabesh Raj Rai, Associate Security Analytics Engineer, LogPoint On February 11, 2020, Microsoft released a security advisory for a severe remote code execution vulnerability (CVE-2020-0688), with a CVSS score of 8.8. The vulnerability in Microsoft Exchange Server was due to the server failing to generate a unique cryptographic key at install time. A [...] | Vulnerability | ||
|
2020-09-21 09:46:04 | Detecting the Zerologon vulnerability in LogPoint (lien direct) | By Bhabesh Raj Rai, Associate Security Analytics Engineer, LogPoint On August 11, 2020, Microsoft released a security advisory for CVE-2020-1472, with a CVSS score of 10, a critical privilege escalation flaw when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). What makes this [...] | Vulnerability | ||
|
2020-07-18 10:38:08 | Detecting Exim exploitation by Sandworm APT with LogPoint (lien direct) | By Ivan Vinogradov, Solution Architect, LogPoint The Sandworm Team, a group of known threat actors, have exploited a vulnerability in the Exim Mail Transfer Agent. Associated with the Russian GRU agency since August 2019, Sandworm introduced the vulnerability CVE-2019-10149 in version 4.87 of the Exim software.Organizations can mitigate the vulnerability by implementing the appropriate patches, [...] | Vulnerability Threat | ||
|
2020-07-17 07:47:49 | Detection of wormable RCE vulnerability in Windows DNS server (lien direct) | by Bhabesh Raj Rai, Associate Security Analytics Engineer, LogPoint For July's Patch Tuesday, Microsoft has released a total of 123 fixes. Among them, 18 are critical and impact Windows Server and Office products. None of the bugs listed on the advisory are being exploited in the wild at the time of release. The highlight of [...] | Vulnerability | ||
|
2020-07-08 07:19:23 | (Déjà vu) Détecter la vulnérabilité CVE-2020-5902 avec LogPoint (lien direct) | by Bhabesh Rai, Associate Security Analytics Engineer, LogPoint On July 1, 2020, BIP-IP released security updates for a remote code execution vulnerability found in undisclosed pages of the Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC). Vulnérabilité TMUI RCE critique An F5 vulnerability, tracked as CVE-2020-5902, could allow attackers to take full [...] | Vulnerability | ||
|
2020-07-08 07:19:23 | (Déjà vu) Detecting the CVE-2020-5902 vulnerability with LogPoint (lien direct) | by Bhabesh Rai, Associate Security Analytics Engineer, LogPoint On July 1, 2020, BIP-IP released security updates for a remote code execution vulnerability found in undisclosed pages of the Traffic Management User Interface (TMUI) of the BIG-IP application delivery controller (ADC). Critical TMUI RCE vulnerability An F5 vulnerability, tracked as CVE-2020-5902, could allow attackers to take full [...] | Vulnerability | ||
|
2020-01-21 14:27:55 | CVE-2020-0601: Using LogPoint to detect ChainOfFools/CurveBall attack (lien direct) | By Kushal Gajurel, Associate Security Analytics Engineer, LogPoint On the first Patch Tuesday of 2020, on January 14, Microsoft addressed a critical vulnerability uncovered by the NSA. The vulnerability CVE-2020-0601 opens up an exploitation where an attacker can spoof certain cryptographic operations on Windows. The vulnerability was discovered in the CryptoAPI subsystem used by Windows [...] | Vulnerability | ||
|
2019-05-17 12:53:04 | May 2019 Patch Tuesday (lien direct) | In May 2019, Patch Tuesday - Microsoft addresses 79 vulnerabilities with 22 labeled as Critical. Out of the 22 Critical vulnerabilities, 18 relates to scripting engines and browsers while 4 are Remote Code Execution in Remote Desktop, Word, GDI+, and DHCP Server. Remote Code Execution Vulnerability The Windows RDP Remote Code Execution Vulnerability aka BlueKeep [...] | Vulnerability | ||
|
2019-02-15 08:20:05 | Abusing Exchange: One API call away from Domain Admin (lien direct) | By Sandeep Sigdel, Lead Architect Security Analytics, LogPoint In organizations using AD and Exchange servers, a vulnerability allows for the Admin on the Exchange server to grant any user Domain Administrative privileges. This is the "golden key to the kingdom." Exploitation of this vulnerability could potentially have catastrophic consequences. In this blog post we research [...] | Vulnerability Guideline |
1
We have: 15 articles.
We have: 15 articles.
To see everything:
Our RSS (filtrered)
