What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-06-23 21:30:46 | CISOS de plus en plus préoccupés par les menaces mobiles CISOs Increasingly Concerned About Mobile Threats (lien direct) |
> Un nouvel avertissement de Verizon de la montée en puissance des smirs, des messages texte et des escroqueries par texte et du FBI signalent 10,3 milliards de dollars de fraude sur Internet l'année dernière, les CISO sont de plus en plus préoccupés par les menaces mobiles ciblant les employés et l'impact sur leur organisation.La montée en puissance du smirage, des messages texte de spam et des escroqueries par texte.Dans une enquête récente [& # 8230;]
Le post CISOS de plus en plus préoccupé par les menaces mobiles : //slashnext.com "> slashnext .
>A new warning from Verizon about the rise of smishing, spam text messages and text scams and the FBI reporting $10.3 billion in internet fraud last year, CISOs are increasingly concerned about mobile threats targeting employees and the impact to their organization. The rise of smishing, spam text messages and text scams. In recent survey […] The post CISOs Increasingly Concerned About Mobile Threats first appeared on SlashNext. |
Spam | APT 15 | ★★ |
 |
2023-06-21 21:35:00 | L'APT15 chinois de 20 ans trouve une nouvelle vie dans les attaques du ministère des Affaires étrangères 20-Year-Old Chinese APT15 Finds New Life in Foreign Ministry Attacks (lien direct) |
Le célèbre APT15 a utilisé des outils de logiciels malveillants communs et une porte dérobée "graphique" personnalisée de troisième génération pour poursuivre ses exploits de collecte d'informations, cette fois contre les ministères étrangères.
The notorious APT15 used common malware tools and a third-generation custom "Graphican" backdoor to continue its information gathering exploits, this time against foreign ministries. |
Malware | APT 15 APT 15 | ★★ |
|
2023-06-21 18:00:00 | Emerging Ransomware Group 8base Doxxes PMBS Globalement Emerging Ransomware Group 8Base Doxxes SMBs Globally (lien direct) |
Une menace dont vous n'avez jamais entendu parler est d'utiliser des attaques à double extorsion dans les magasins mom-and-pop à travers le monde.
A threat you\'ve never heard of is using double extortion attacks on mom-and-pop shops around the globe. |
Ransomware Threat | APT 17 | ★★ |
 |
2023-06-21 17:13:00 | Le groupe de piratage expérimenté en Chine a un nouvel outil de porte dérobée, disent les chercheurs Experienced China-based hacking group has new backdoor tool, researchers say (lien direct) |
Le groupe de cyber-espionnage chinois connu sous le nom de nickel ou APT15 a utilisé une porte dérobée auparavant invisible pour attaquer mercredi des ministères des affaires étrangères en Amérique centrale et du Sud.Dans la campagne qui s'est déroulée de la fin de 2022 au début de 2023, les pirates ont ciblé un département des finances du gouvernement et une société anonyme ainsi que les affaires étrangères
The Chinese cyber-espionage group known as Nickel or APT15 used a previously unseen backdoor to attack ministries of foreign affairs in Central and South America, researchers reported Wednesday. In the campaign that ran from late 2022 into early 2023, hackers targeted a government finance department and an unnamed corporation as well as the foreign affairs |
APT 15 APT 15 | ★★ | |
 |
2023-06-21 06:00:00 | Les pirates chinois APT15 refont surface avec de nouveaux logiciels malveillants graphiques Chinese APT15 hackers resurface with new Graphican malware (lien direct) |
Le groupe de piratage chinois parrainé par l'État suivi comme APT15 a été observé à l'aide d'une nouvelle porte dédominale nommée \\ 'graphican \' dans une nouvelle campagne entre la fin 2022 et le début de 2023. [...]
The Chinese state-sponsored hacking group tracked as APT15 has been observed using a novel backdoor named \'Graphican\' in a new campaign between late 2022 and early 2023. [...] |
Malware | APT 15 APT 15 | ★★★ |
 |
2023-06-20 08:37:46 | Quelques clés d\'analyse de la performance des DSI (lien direct) | Avec quelques exemples à l'appui, dont celui de la SNCF, le Cigref fournit des pistes pour l'évaluation de la performance des DSI. | APT 15 | ★★★ | |
 |
2023-05-30 22:00:00 | Rat Seroxen à vendre SeroXen RAT for sale (lien direct) |
This blog was jointly written with Alejandro Prada and Ofer Caspi.
Executive summary
SeroXen is a new Remote Access Trojan (RAT) that showed up in late 2022 and is becoming more popular in 2023. Advertised as a legitimate tool that gives access to your computers undetected, it is being sold for only $30 for a monthly license or $60 for a lifetime bundle, making it accessible.
Key takeaways:
SeroXen is a fileless RAT, performing well at evading detections on static and dynamic analysis.
The malware combines several open-source projects to improve its capabilities. It is a combination of Quasar RAT, r77-rootkit and the command line NirCmd.
Hundreds of samples have shown up since its creation, being most popular in the gaming community. It is only a matter of time before it is used to target companies instead of individual users.
Analysis
Quasar RAT is a legitimate open-source remote administration tool. It is offered on github page to provide user support or employee monitoring. It has been historically associated with malicious activity performed by threat actors, APT groups (like in this Mandiant report from 2017), or government attacks (in this report by Unit42 in 2017).
It was first released in July 2014 as “xRAT” and renamed to “Quasar” in August 2015. Since then, there have been released updates to the code until v1.4.1 in March 2023, which is the most current version. As an open-source RAT tool with updates 9 years after its creation, it is no surprise that it continues to be a common tool used by itself or combined with other payloads by threat actors up to this day.
In a review of the most recent samples, a new Quasar variant was observed by Alien Labs in the wild: SeroXen. This new RAT is a modified branch of the open-source version, adding some modifications features to the original RAT. They’re selling it for monthly or lifetime fee. Figure 1 contains some of the features advertised on their website.
Figure 1. SeroXen features announced on its website.
This new RAT first showed up on a Twitter account, established in September 2022. The person advertising the RAT appeared to be an English-speaking teenager. The same Twitter handle published a review of the RAT on YouTube. The video approached the review from an attacking/Red Team point of view, encouraging people to buy the tool because it is worth the money. They were claiming to be a reseller of the tool.
In December 2022, a specific domain was registered to market/sell the tool, seroxen[.]com. The RAT was distributed via a monthly license for $30 USD or a lifetime license of $60 USD. It was around that time that the malware was first observed in the wild, appearing with 0 detections on VirusTotal.
After a few months, on the 1st of February, the YouTuber CyberSec Zaado published a video alerting the community about the capabilities of the RAT from a defensive perspective. In late February, the RAT was advertised on social media platforms such as TikTok, Twitter, YouTube, and several cracking forums, including hackforums. There were some conversations on gaming forums complaining about being infected by malware after downloading some video games. The artifacts described by the users matched with SeroXen RAT.
The threat actor updated the domain name to seroxen[.]net by the end of March. This domain name was registered on March 27th |
Malware Tool Threat | Uber APT 10 | ★★ |
|
2023-05-29 09:42:08 | RSE et projets IT : le Cigref pousse un outil de scoring (lien direct) | À partir d'un modèle émanant d'Enedis, le Cigref propose un outil d'évaluation a priori des projets informatiques. | APT 15 | ★★★ | |
 |
2023-05-17 07:28:14 | Release: Harita Group (510 GB) (lien direct) | Courriels du conglomérat indonésien impliqué dans le nickel, le charbon et l'exploitation minière de bauxite, les fonderies de ferronickel, les raffineries d'alumine, l'exploitation forestière et les plantations d'huile de palme.
Emails from the Indonesian conglomerate involved in nickel, coal, and bauxite mining, ferronickel smelters, alumina refineries, logging, and palm oil plantations. |
APT 15 | ★★ | |
 |
2023-05-05 12:00:43 | Faire l'authentification plus rapidement que jamais: Passkeys vs mots de passe Making authentication faster than ever: passkeys vs. passwords (lien direct) |
Silvia Convento, Senior UX Researcher and Court Jacinic, Senior UX Content DesignerIn recognition of World Password Day 2023, Google announced its next step toward a passwordless future: passkeys. Passkeys are a new, passwordless authentication method that offer a convenient authentication experience for sites and apps, using just a fingerprint, face scan or other screen lock. They are designed to enhance online security for users. Because they are based on the public key cryptographic protocols that underpin security keys, they are resistant to phishing and other online attacks, making them more secure than SMS, app based one-time passwords and other forms of multi-factor authentication (MFA). And since passkeys are standardized, a single implementation enables a passwordless experience across browsers and operating systems. Passkeys can be used in two different ways: on the same device or from a different device. For example, if you need to sign in to a website on an Android device and you have a passkey stored on that same device, then using it only involves unlocking the phone. On the other hand, if you need to sign in to that website on the Chrome browser on your computer, you simply scan a QR code to connect the phone and computer to use the passkey.The technology behind the former (“same device passkey”) is not new: it was originally developed within the FIDO Alliance and first implemented by Google in August 2019 in select flows. Google and other FIDO members have been working together on enhancing the underlying technology of passkeys over the last few years to improve their usability and convenience. This technology behind passkeys allows users to log in to their account using any form of device-based user verification, such as biometrics or a PIN code. A credential is only registered once on a user\'s personal device, and then the device proves possession of the registered credential to the remote server by asking the user to use their device\'s screen lock. The user\'s biometric, or other screen lock data, is never sent to Google\'s servers - it stays securely stored on the device, and only cryptographic proof that the user has correctly provided it is sent to Google. Passkeys are also created and stored on your devices and are not sent to websites or apps. If you create a passkey on one device the Google Password Manager can make it available on your other devices that are signed into the same system account.Learn more on how passkey works under the hoo | APT 38 APT 15 APT 10 Guam | ★★ | |
 |
2023-04-26 16:11:23 | Microsoft reconnaît Katie Nickels pour son impact sur la communauté de la sécurité Microsoft recognizes Katie Nickels for her impact on the security community (lien direct) |
Microsoft a décerné au directeur des opérations de renseignement de Red Canary \\ son prix de la sécurité du Changemaker de Security lors de ses prix d'excellence en matière de sécurité 2023.
Microsoft has awarded Red Canary\'s Director of Intelligence Operations its Security Changemaker award at its 2023 Security Excellence Awards. |
APT 15 | ★★ | |
|
2023-04-12 23:37:00 | Une attaque de ransomwares qui a forcé un comté de New York à retour à la plume et au papier a commencé en 2021, dit officiel Ransomware attack that forced a New York county back to pen and paper began in 2021, official says (lien direct) |
Le comté de Suffolk de New York a conclu une enquête sur une attaque de ransomware déstabilisatrice qui a forcé les travailleurs du gouvernement à s'appuyer sur des télécopies et des archives papier, découvrant des déficiences marquantes dans les pratiques de cybersécurité du greffier du comté.Steven Bellone du comté de Suffolk [a tenu une conférence de presse] (https://www.facebook.com/stevebellone/videos/550329996987344/) mercredi pour dévoiler les résultats de l'enquête médico-légale sur le septembre
New York\'s Suffolk County has concluded an investigation into a destabilizing ransomware attack that forced government workers to rely on fax machines and paper records, discovering stark deficiencies in the county clerk\'s cybersecurity practices. Suffolk County Executive Steven Bellone [held a press conference](https://www.facebook.com/SteveBellone/videos/550329996987344/) Wednesday to unveil the findings of the forensic investigation into the September |
Ransomware | APT 15 | ★★ |
|
2023-02-22 16:34:23 | Gestion de crise cyber : l\'approche du Cigref en 7 chiffres (lien direct) | Communication, remédiation, gestion des équipes... Voici quelques-unes des recommandations que le Cigref fournit en matière de gestion de crise cyber. | APT 15 | ★★★ | |
|
2023-02-20 16:33:54 | Métiers IT : " la technologie a besoin de femmes " (lien direct) | Femmes@Numérique, Cigref et d'autres formulent 14 propositions issues des Assises nationales de la féminisation des métiers et filières numérique. | APT 15 | ★★ | |
 |
2023-02-17 17:00:00 | EU Cybersecurity Agency Warns Against Chinese APTs (lien direct) | The document directly mentions APT27, APT30, APT31, Ke3chang, Gallium and Mustang Panda | APT 30 APT 27 APT 15 APT 25 APT 31 | ★★ | |
 |
2023-02-17 08:29:11 | Fortinet enrichit son offre de services et de formations pour aider les équipes SOC à mieux anticiper et déjouer les cybermenaces (lien direct) | Fortinet enrichit son offre de services et de formations pour aider les équipes SOC à mieux anticiper et déjouer les cybermenaces L'approche pluridisciplinaire de Fortinet reflète l'engagement de l'éditeur à pallier le déficit de compétences en cybersécurité - Formations des Instituts privés et public | APT 15 | ★★ | |
 |
2023-02-08 14:15:09 | CVE-2022-41620 (lien direct) | Cross-Site Request Forgery (CSRF) vulnerability in SeoSamba for WordPress Webmasters plugin | Vulnerability | APT 19 | |
 |
2023-01-24 16:30:00 | Anomali Cyber Watch: Roaming Mantis Changes DNS on Wi-Fi Routers, Hook Android Banking Trojan Has Device Take-Over Capabilities, Ke3chang Targeted Iran with Updated Turian Backdoor (lien direct) | The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Banking trojans, DNS hijacking, China, Infostealers, Malvertising, Phishing, and Smishing. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious activity.
Figure 1 - IOC Summary Charts. These charts summarize the IOCs attached to this magazine and provide a glimpse of the threats discussed.
Trending Cyber News and Threat Intelligence
Roaming Mantis Implements New DNS Changer in Its Malicious Mobile App in 2022
(published: January 19, 2023)
In December 2022, a financially-motivated group dubbed Roaming Mantis (Shaoye) continued targeting mobile users with malicious landing pages. iOS users were redirected to phishing pages, while Android users were provided with malicious APK files detected as XLoader (Wroba, Moqhao). Japan, Austria, France, and Germany were the most targeted for XLoader downloads (in that order). All but one targeted country had smishing as an initial vector. In South Korea, Roaming Mantis implemented a new DNS changer function. XLoader-infected Android devices were targeting specific Wi-Fi routers used mostly in South Korea. The malware would compromise routers with default credentials and change the DNS settings to serve malicious landing pages from legitimate domains.
Analyst Comment: The XLoader DNS changer function is especially dangerous in the context of free/public Wi-Fi that serve many devices. Install anti-virus software for your mobile device. Users should be cautious when receiving messages with a link or unwarranted prompts to install software.
MITRE ATT&CK: [MITRE ATT&CK] T1078.001 - Valid Accounts: Default Accounts | [MITRE ATT&CK] T1584 - Compromise Infrastructure
Tags: actor:Roaming Mantis, actor:Shaoye, file-type:APK, detection:Wroba, detection:Moqhao, detection:XLoader, malware-type:Trojan-Dropper, DNS changer, Wi-Fi routers, ipTIME, EFM Networks, Title router, DNS hijacking, Malicious app, Smishing, South Korea, target-country:KR, Japan, target-country:JP, Austria, target-country:AT, France, target-country:FR, Germany, target-country:DE, VK, Mobile, Android
Hook: a New Ermac Fork with RAT Capabilities
(published: January 19, 2023)
ThreatFabric researchers analyzed a new Android banking trojan named Hook. It is a rebranded development of the Ermac malware that was based on the Android banker Cerberus. Hook added new capabilities in targeting banking and cryptocurrency-related applications. The malware also added capabilities of a remote access trojan and a spyware. Its device take-over capabilities include being able to remotely view and interact with the screen of the infected device, manipulate files on the devices file system, simulate clicks, fill text boxes, and perform gestures. Hook can start the social messaging application WhatsApp, extract all the messages present, and send new ones.
Analyst Comment: Users should take their mobile device security seriously whether they use it for social messaging or actually provide access to their banking accounts and/or cryptocurrency holdings. Similar to its predecessors, Hook will likely be used by many threat actors (malware-as-as-service model). It means the need to protect from a wide range of attacks: smishing, prompts to install malicious apps, excessive |
Malware Tool Threat Guideline | APT 15 APT 25 | ★★★ |
 |
2023-01-23 20:14:17 | Blast from the Past: How Attackers Compromised Zimbra With a Patched Vulnerability (lien direct) | Last year, I worked on a vulnerability in Zimbra (CVE-2022-41352 - my AttackerKB analysis for Rapid7) that turned out to be a new(-ish) exploit path for a really old bug in cpio - CVE-2015-1194. But that was patched in 2019, so what happened? (I posted this as a tweet-thread awhile back, but I decided to flesh it out and make it into a full blog post!) cpio is an archive tool commonly used for system-level stuff (firmware images and such). It can also extract other format, like .tar, which we'll use since it's more familiar. cpio has a flag (--no-absolute-filenames), off by default, that purports to prevent writing files outside of the target directory. That's handy when, for example, extracting untrusted files with Amavis (like Zimbra does). The problem is, symbolic links can point to absolute paths, and therefore, even with --no-absolute-filenames, there was no safe way to extract an untrusted archive (outside of using a chroot environment or something similar, which they really ought to do). Much later, in 2019, the cpio team released cpio version 2.13, which includes a patch for CVE-2015-1194, with unit tests and everything. Some (not all) modern OSes include the patched version of cpio, which should be the end of the story, but it's not! I'm currently writing this on Fedora 35, so let's try exploiting it. We can confirm that the version of cpio installed with the OS is, indeed, the fixed version: ron@fedora ~ $ cpio --version cpio (GNU cpio) 2.13 Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later . This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Written by Phil Nelson, David MacKenzie, John Oleynick, and Sergey Poznyakoff. That means that we shouldn't be able to use symlinks to write outside of the target directory, so let's create a .tar file that includes a symlink and a file written through that symlink (this is largely copied from this mailing list post: ron@fedora ~ $ mkdir cpiotest ron@fedora ~ $ cd cpiotest ron@fedora ~/cpiotest $ ln -s /tmp/ ./demo ron@fedora ~/cpiotest $ echo 'hello' > demo/imafile ron@fedora ~/cpiotest $ tar -cvf demo.tar demo demo/imafile demo demo/imafile ron@fedora ~/cpiotest $ | Tool Vulnerability | APT 17 | ★★★★ |
 |
2023-01-19 04:27:00 | Chinese hackers targeted Iranian government entities for months: Report (lien direct) | Chinese advanced persistent threat actor, Playful Taurus, targeted several Iranian government entities between July and December 2022, according to a Palo Alto Networks report. The Chinese threat actor also known as APT15, KeChang, NICKEL, BackdoorDiplomacy, and Vixen Panda, was observed attempting to connect government domains to malware infrastructure previously associated with the APT group, according to the report.“Playful Taurus continues to evolve their tactics and their tooling. Recent upgrades to the Turian backdoor and new C2 infrastructure suggest that these actors continue to see success during their cyber espionage campaigns,” Palo Alto Networks said in a blog. To read this article in full, please click here | Malware Threat | APT 15 APT 25 | ★★★ |
|
2023-01-18 18:00:00 | Chinese APT Group Vixen Panda Targets Iranian Government Entities (lien direct) | The claims come from cybersecurity researchers at Palo Alto Networks' Unit 42 | APT 15 APT 25 | ★★★ | |
|
2023-01-09 10:58:20 | Low-code : Enedis, Pierre Fabre et la STIME témoignent (lien direct) | Pierre Fabre, STIME, Enedis : trois retex agrémentent le dernier rapport du Cigref sur le développement low code / no code. | APT 15 | ★★ | |
|
2023-01-09 09:34:59 | Low-code : le Cigref pose la question des coûts (lien direct) | La question des coûts émaille la réflexion du Cigref à propos des solutions de développement low code et no code. | APT 15 | ★★ | |
 |
2023-01-01 08:00:00 | Comment enlever un watermark d\'une photo ? (lien direct) | Quand on a un site web, il faut l’illustrer. La plupart des webmasters se contentent de pomper des photos depuis Google Images. Pour ma part, j’utilisais jusqu’à présent une banque d’images, mais également des photos libres de droits sur différents sites comme Unsplash. Mais depuis quelques mois, je reçois des … Suite | APT 19 | ★★★ | |
|
2022-12-17 13:15:09 | CVE-2022-4584 (lien direct) | A vulnerability was found in Axiomatic Bento4. It has been rated as critical. Affected by this issue is some unknown functionality of the component mp42aac. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-216170 is the identifier assigned to this vulnerability. | Vulnerability Guideline | APT 17 | |
|
2022-12-09 16:00:00 | Cobalt Mirage Affiliate Uses GitHub to Relay Drokbk Malware Instructions (lien direct) | Secureworks said the malicious code is written in .NET and comprises a dropper and a payload | Malware | APT 15 | ★★★ |
|
2022-12-09 11:17:25 | Un groupe soutenu par l\'Iran utilise Github pour relayer les instructions de logiciels malveillants (lien direct) | Un groupe soutenu par l'Iran utilise Github pour relayer les instructions de logiciels malveillants Un sous-groupe du groupe iranien Cobalt Mirage, Cluster B, cible les organisations américaines avec un malware Drokbk personnalisé - Malwares | Malware | APT 15 | ★★ |
 |
2022-12-09 04:00:00 | Drokbk Malware Uses GitHub as Dead Drop Resolver (lien direct) | Type: BlogsDrokbk Malware Uses GitHub as Dead Drop ResolverA subgroup of the Iranian COBALT MIRAGE threat group leverages Drokbk for persistence.A subgroup of the Iranian COBALT MIRAGE threat group leverages Drokbk for persistence. | Malware Threat | APT 15 | ★★ |
|
2022-12-08 15:27:58 | Machine learning : un peu de TensorFlow dans Google Sheets (lien direct) | Google greffe à son tableur un module complémentaire expérimental qui repose sur une bibliothèque associée à TensorFlow. | APT 15 | ★★ | |
|
2022-12-07 20:15:11 | CVE-2022-46770 (lien direct) | qubes-mirage-firewall (aka Mirage firewall for QubesOS) 0.8.x through 0.8.3 allows guest OS users to cause a denial of service (CPU consumption and loss of forwarding) via a crafted multicast UDP packet (IP address range of 224.0.0.0 through 239.255.255.255). | APT 15 | ||
|
2022-11-29 08:46:30 | RSE : quel positionnement pour les DSI ? (lien direct) | Crédit Agricole, Docaposte et Enedis sont quelques-unes des entreprises que le Cigref met en lumière dans un rapport " RSE et IT ". | General Information | APT 15 | ★★★ |
|
2022-11-13 10:15:10 | CVE-2022-3974 (lien direct) | A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is the function AP4_StdcFileByteStream::ReadPartial of the file Ap4StdCFileByteStream.cpp of the component mp4info. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213553 was assigned to this vulnerability. | Vulnerability Guideline | APT 17 | |
|
2022-11-07 08:46:21 | Crise énergétique : les pistes du Cigref pour les directions numériques (lien direct) | Le Cigref formule une dizaine de mesures déployables en cas de pic de demande sur le réseau électrique. | APT 15 | ||
|
2022-11-02 13:15:16 | CVE-2022-3810 (lien direct) | A vulnerability was found in Axiomatic Bento4. It has been classified as problematic. This affects the function AP4_File::AP4_File of the file Mp42Hevc.cpp of the component mp42hevc. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212667. | Vulnerability Guideline | APT 17 | |
|
2022-11-02 13:15:16 | CVE-2022-3809 (lien direct) | A vulnerability was found in Axiomatic Bento4 and classified as problematic. Affected by this issue is the function ParseCommandLine of the file Mp4Tag/Mp4Tag.cpp of the component mp4tag. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212666 is the identifier assigned to this vulnerability. | Vulnerability Guideline | APT 17 | |
|
2022-11-01 22:15:12 | CVE-2022-3812 (lien direct) | A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is the function AP4_ContainerAtom::AP4_ContainerAtom of the component mp4encrypt. The manipulation leads to memory leak. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212678 is the identifier assigned to this vulnerability. | Vulnerability Guideline | APT 17 | |
|
2022-11-01 22:15:12 | CVE-2022-3816 (lien direct) | A vulnerability, which was classified as problematic, was found in Axiomatic Bento4. Affected is an unknown function of the component mp4decrypt. The manipulation leads to memory leak. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212682 is the identifier assigned to this vulnerability. | Guideline | APT 17 | |
|
2022-11-01 22:15:12 | CVE-2022-3815 (lien direct) | A vulnerability, which was classified as problematic, has been found in Axiomatic Bento4. This issue affects some unknown processing of the component mp4decrypt. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212681 was assigned to this vulnerability. | Guideline | APT 17 | |
|
2022-11-01 22:15:12 | CVE-2022-3817 (lien direct) | A vulnerability has been found in Axiomatic Bento4 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component mp4mux. The manipulation leads to memory leak. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212683. | Vulnerability Guideline | APT 17 | |
|
2022-11-01 22:15:12 | CVE-2022-3814 (lien direct) | A vulnerability classified as problematic was found in Axiomatic Bento4. This vulnerability affects unknown code of the component mp4decrypt. The manipulation leads to memory leak. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212680. | Vulnerability Guideline | APT 17 | |
|
2022-11-01 22:15:12 | CVE-2022-3813 (lien direct) | A vulnerability classified as problematic has been found in Axiomatic Bento4. This affects an unknown part of the component mp4edit. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212679. | Vulnerability Guideline | APT 17 | |
 |
2022-11-01 20:45:00 | Chinese Hackers Using New Stealthy Infection Chain to Deploy LODEINFO Malware (lien direct) | The Chinese state-sponsored threat actor known as Stone Panda has been observed employing a new stealthy infection chain in its attacks aimed at Japanese entities. Targets include media, diplomatic, governmental and public sector organizations and think-tanks in Japan, according to twin reports published by Kaspersky. Stone Panda, also called APT10, Bronze Riverside, Cicada, and Potassium, is a | Malware Threat | APT 10 | |
|
2022-11-01 20:15:22 | CVE-2022-3807 (lien direct) | A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Incomplete Fix CVE-2019-13238. The manipulation leads to resource consumption. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212660. | Vulnerability Guideline | APT 17 | |
|
2022-10-31 21:15:12 | CVE-2022-3785 (lien direct) | A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_DataBuffer::SetDataSize of the component Avcinfo. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212564. | Vulnerability Guideline | APT 17 | |
|
2022-10-31 21:15:12 | CVE-2022-3784 (lien direct) | A vulnerability classified as critical was found in Axiomatic Bento4 5e7bb34. Affected by this vulnerability is the function AP4_Mp4AudioDsiParser::ReadBits of the file Ap4Mp4AudioInfo.cpp of the component mp4hls. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212563. | Vulnerability Guideline | APT 17 | |
|
2022-10-31 11:34:52 | Hacking group abuses antivirus software to launch LODEINFO malware (lien direct) | The Chinese Cicada hacking group, tracked as APT10, was observed abusing security software to install a new version of the LODEINFO malware against Japanese organizations. [...] | Malware | APT 10 | |
 |
2022-10-31 08:00:54 | APT10: Tracking down LODEINFO 2022, part II (lien direct) | In the second part of this report, we discuss improvements made to the LODEINFO backdoor shellcode in 2022. | APT 10 | ||
|
2022-10-31 08:00:52 | APT10: Tracking down LODEINFO 2022, part I (lien direct) | The first part of this report will provide technical analysis of the new infection methods such as SFX files and DOWNIISSA, a new downloader shellcode used to deploy the LODEINFO backdoor. | APT 10 | ||
|
2022-10-26 19:15:27 | CVE-2022-3670 (lien direct) | A vulnerability was found in Axiomatic Bento4. It has been classified as critical. Affected is the function WriteSample of the component mp42hevc. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212010 is the identifier assigned to this vulnerability. | Vulnerability Guideline | APT 17 | |
|
2022-10-26 19:15:26 | CVE-2022-3669 (lien direct) | A vulnerability was found in Axiomatic Bento4 and classified as problematic. This issue affects the function AP4_AvccAtom::Create of the component mp4edit. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212009 was assigned to this vulnerability. | Vulnerability Guideline | APT 17 |
To see everything:
Our RSS (filtrered)
