Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla

First discovered in 2014, Agent Tesla is an advanced keylogger with features like clipboard logging, screen keylogging, screen capturing, and extracting stored passwords from different web browsers. Recently, Zscaler ThreatLabz detected a threat campaign where threat actors leverage CVE-2017-11882 XLAM Read More …

A Log4Shell Retrospective – Overblown and Exaggerated

Two years ago, CVE-2021-44228 sent the security industry into a panic. The vulnerability, better known as Log4Shell, had security professionals working overtime through the holidays hunting down vulnerable log4j libraries. At the time, there was fear and confusion around what Read More …

Coverage Advisory for CVE-2023-50164: Apache Struts Path Traversal and File Upload Vulnerability

CVE-2023-50164 is a path traversal flaw that allows a remote attacker to upload malicious files to vulnerable servers. After successful exploitation, an attacker can achieve Remote Code Execution (RCE) on the target server. An attacker exploiting such a vulnerability can Read More …

Critical RCE vulnerability discovered in Perforce Helix Core Server

Microsoft discovered, responsibly disclosed, and helped remediate four vulnerabilities that could be remotely exploited by unauthenticated attackers in Perforce Helix Core Server (“Perforce Server”), a source code management platform largely used in the videogame industry and by multiple organizations spanning Read More …

Microsoft patches 34 vulnerabilities, including one zero-day

December’s Patch Tuesday is a relatively quiet one on the Microsoft front. Redmond has patched 34 vulnerabilities with only four rated as critical. One vulnerability, a previously disclosed unpatched vulnerability in AMD central processing units (CPUs), was shifted by AMD Read More …

Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally

The US Federal Bureau of Investigation (FBI) and partners assess Russian Foreign Intelligence Service (SVR) cyber actors – also known as Advanced Persistent Threat 29 (APT 29), the Dukes, CozyBear, and NOBELIUM/Midnight Blizzard – are exploiting CVE-2023-42793 a at a Read More …

The sound of you typing on your keyboard could reveal your password

As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on Read More …

Analyzing AsyncRAT’s code injection into aspnet_compiler.exe across multiple incident response cases

During their recent investigations, the Trend Micro Managed XDR (MxDR) team handled various cases involving AsyncRAT, a Remote Access Tool (RAT) with multiple capabilities,  such as keylogging and remote desktop control, that make it a substantial threat to victims. This Read More …

Android phones can be taken over remotely – update when you can

Takeover a device remotely without the device owner needing to do anything. Updates for these vulnerabilities and more are included in Google’s Android security bulletin for December. In total, there are patches for 94 vulnerabilities, including five rated as “Critical.” Read More …