Cobalt Stike Beacon Detected – 104[.]168[.]117[.]95:80
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Experts released PoC exploit code for critical bug CVE-2022-40684 in Fortinet products
Experts released the PoC exploit code for the authentication bypass flaw CVE-2022-40684 in FortiGate firewalls and FortiProxy web proxies. A...
DJI drone tracking data exposed in the US
Over 80,000 drone IDs were exposed in the leak of a database containing information from airspace monitoring devices manufactured by...
Gogs cross-site scripting | CVE-2022-32174
NAME Gogs cross-site scripting Platforms Affected:Gogs Gogs 0.11.53 Gogs Gogs 0.11.66 Gogs Gogs 0.11.79 Gogs Gogs 0.11.86 Gogs Gogs 0.11.91...
Siemens products privilege escalation | CVE-2022-31765
NAME Siemens products privilege escalation Platforms Affected:Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108- 4AM00-2BA2) 7.1.1 Siemens RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2)...
ResIOT IoT Platform and LoRaWAN Network Server cross-site request forgery | CVE-2022-34020
NAME ResIOT IoT Platform and LoRaWAN Network Server cross-site request forgery Platforms Affected:ResIOT ResIOT IoT Platform and LoRaWAN Network Server...
Juniper Networks Paragon Active Assurance cross-site scripting | CVE-2022-22229
NAME Juniper Networks Paragon Active Assurance cross-site scripting Platforms Affected:Juniper Networks Paragon Active Assurance 3.1.0 Juniper Networks Paragon Active Assurance...
Juniper Junos OS Evolved privilege escalation | CVE-2022-22239
NAME Juniper Junos OS Evolved privilege escalation Platforms Affected:Juniper Junos OS EvolvedRisk Level:8.2Exploitability:UnprovenConsequences:Gain Privileges DESCRIPTION Juniper Junos OS Evolved could...
Linux Kernel code execution | CVE-2022-42720
NAME Linux Kernel code execution Platforms Affected:Linux Kernel 5.1 Linux Kernel 5.19.14Risk Level:8Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION Linux Kernel could allow...
Siemens products code execution | CVE-2022-40181
NAME Siemens products code execution Platforms Affected:Siemens Desigo PXM30-1 02.20.126.11-40 Siemens Desigo PXM30.E 02.20.126.11-40 Siemens Desigo PXM40-1 02.20.126.11-40 Siemens Desigo...
Apache Commons Text code execution | CVE-2022-42889
NAME Apache Commons Text code execution Platforms Affected:Apache Commons Text 1.9.0Risk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Apache Commons Text could allow a...
Siemens products denial of service | CVE-2022-31766
NAME Siemens products denial of service Platforms Affected:Siemens RUGGEDCOM RM1224 LTE(4G) EU (6GK6108- 4AM00-2BA2) 7.1.1 Siemens RUGGEDCOM RM1224 LTE(4G) NAM...
Siemens LOGO! 8 BM buffer overflow | CVE-2022-36361
NAME Siemens LOGO! 8 BM buffer overflow Platforms Affected:Siemens LOGO! 8 BMRisk Level:9.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Siemens LOGO! 8 BM is...
Siemens SCALANCE devices cross-site scripting | CVE-2022-40631
NAME Siemens SCALANCE devices cross-site scripting Platforms Affected:Siemens SCALANCE X200-4P IRT Siemens SCALANCE X201-3P IRT Siemens SCALANCE X202-2IRT Siemens SCALANCE...
Juniper Networks Junos OS command execution | CVE-2022-22241
NAME Juniper Networks Junos OS command execution Platforms Affected:Juniper Networks Junos OS 19.2 Juniper Networks Junos OS 19.3 Juniper Networks...
Siemens SIMATIC S7-1200, S7-1500 CPUs and related products information disclosure | CVE-2022-38465
NAME Siemens SIMATIC S7-1200, S7-1500 CPUs and related products information disclosure Platforms Affected:Siemens SIMATIC ET 200SP Open Controller CPU 1515SP...
Palo Alto Networks PAN-OS security bypass | CVE-2022-0030
NAME Palo Alto Networks PAN-OS security bypass Platforms Affected:Palo Alto Networks PAN-OS 8.1Risk Level:8.1Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Palo Alto Networks PAN-OS...
Foresight GC3 Launch Monitor security bypass | CVE-2022-40187
NAME Foresight GC3 Launch Monitor security bypass Platforms Affected:Foresight GC3 Launch Monitor 1.3.15.68Risk Level:9.4Exploitability:UnprovenConsequences:Bypass Security DESCRIPTION Foresight GC3 Launch Monitor...
Linux Kernel code execution | CVE-2022-42719
NAME Linux Kernel code execution Platforms Affected:Linux Kernel 5.2 Linux Kernel 5.19.14Risk Level:8Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION Linux Kernel could allow...
Sony Content Transfer code execution | CVE-2022-41796
NAME Sony Content Transfer code execution Platforms Affected:Sony Content Transfer for Windows 1.3Risk Level:7.8Exploitability:UnprovenConsequences:Gain Access DESCRIPTION Sony Content Transfer could...
Daily Vulnerability Trends: Fri Oct 14 2022
Daily Vulnerability Trends (sourced from VulnMon) CVE NAMECVE DescriptionCVE-2022-41033Windows COM+ Event System Service Elevation of Privilege Vulnerability.CVE-2022-36067vm2 is a sandbox...
Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
Overview On September 10, 2022, a user reported on Zimbra’s official forums that their team detected a security incident originating...
Malware Analysis – discovery – 6905e9e6ec69c8f324f51d755f8a85f0
Score: 8 MALWARE FAMILY: discoveryTAGS:discovery, exploitMD5: 6905e9e6ec69c8f324f51d755f8a85f0SHA1: 18b8badd020675e0251c7431899c58de4fb76533ANALYSIS DATE: 2022-10-13T22:30:48ZTTPS: T1222 ScoreMeaningExample10Known badA malware family was detected.8-9Likely maliciousOne or more...
Malware Analysis – evasion – 493d67f1e5dad681c15249f4c8737980
Score: 10 MALWARE FAMILY: evasionTAGS:evasion, persistence, ransomware, trojanMD5: 493d67f1e5dad681c15249f4c8737980SHA1: c49a0dcd26cc9c3cfe43e5398dc7e9f928ba1f97ANALYSIS DATE: 2022-10-13T23:23:45ZTTPS: T1082, T1012, T1120, T1491, T1112, T1004, T1060, T1091,...
