Security Affairs

JULY 1, 2020

According to Felix Seele, it establishes a reverse shell to communicate with the C2 server. The ransomware also checks for some common anti-virus solutions (e.g. Kaspersky, Norton, Avast, DrWeb, Mcaffee, Bitdefender, and Bullguard). It also attempts to open a reverse shell to the C2 server if the user "mr.x" " exists.

Ransomware 356

Ransomware Libraries Encryption Communications 356

Security Affairs

JULY 7, 2022

The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue , tracked as CVE-2022-2274 , affecting the popular library. which was released on June 21, 2022.

Libraries 313

Libraries Encryption Communications Security 313

Security Affairs

JUNE 9, 2019

The SpiService.exe is associated with XFS, the Extension for Financial Services DLL library (MSXFS.dll) that is specifically used by ATMs.” “The library provides a special API for the communication with the ATM’s PIN pad and the cash dispenser.” ” reads the post published by the experts.

Libraries 279

Libraries Communications Financial Services Security 279

Security Affairs

OCTOBER 28, 2022

We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. “ This is the seventh Chrome zero-day fixed by Google this year, below is the full list: CVE-2022-3075 (September 2) – Insufficient data validating in the Mojo collection of runtime libraries.

Libraries 343

Libraries IT Communications Access 343

Security Affairs

DECEMBER 31, 2021

CVE-2021-20174 : Default HTTP Communication (Web Interface). CVE-2021-20175 : Default HTTP Communication (SOAP Interface). Researchers discovered multiple instances of known vulnerable jQuery libraries (such as jquery 1.4.2), for this reason, they are urging to update them to the latest available versions.

Communications 355

Communications Libraries Encryption Passwords 355

Security Affairs

SEPTEMBER 3, 2022

Mojo is a collection of runtime libraries providing a platform-agnostic abstraction of common IPC primitives, a message IDL format, and a bindings library with code generation for multiple target languages to facilitate convenient message passing across arbitrary inter- and intra-process boundaries.

Libraries 326

Libraries Communications Security IT 326

Security Affairs

DECEMBER 1, 2022

The attacking server that is defined as the master uses this connection to download the shared library exp_lin.so MODULE LOAD command – this allows for the loading of a module from the dynamic library downloaded at stage 4 at runtime. This library allows for exploitation of the vulnerability and runs arbitrary commands later.

Libraries 363

Libraries Honeypots Communications Cybersecurity 363

Security Affairs

JULY 30, 2024

These included relocating malicious functions to obfuscated native libraries, using certificate pinning to secure C2 communications, and determine if it was running on a rooted device or in an emulated environment. “In April 2024, we found a suspicious sample that turned out to be a new version of Mandrake.

Libraries 308

Libraries Communications Encryption IT 308

Security Affairs

NOVEMBER 2, 2022

The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786 , in its cryptography library. of the library.

Libraries 301

Libraries Encryption Authentication Communications 301

Security Affairs

JULY 5, 2024

The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that restricts it to execute specific functions from two dynamic link library files.” ” reads the advisory. ” The flaw impacts FactoryTalk View Machine Edition (versions 13.0, and prior).

Libraries 316

Libraries Communications Cybersecurity Risk 316

Security Affairs

SEPTEMBER 10, 2024

According to Sekoia, the operators have enhanced the botnet’s communication shifting away from using open SOCKS proxies for relaying malicious traffic in an attempt to evade detection. The botnet now uses the KCP protocol, which communicates over UDP via a new tool called FsyNet. ” reads the report.

Communications 298

Communications Libraries Encryption Security 298

Security Affairs

MARCH 31, 2024

Both Linux and Windows versions of DinodasRAT communicates with the C2 over TCP or UDP. 0x1A DealProxy Proxy C2 communication through a remote proxy. 0x1A DealProxy Proxy C2 communication through a remote proxy. The library uses the Tiny Encryption Algorithm ( TEA ) in CBC mode to cipher and decipher the data.

Libraries 360

Libraries Encryption Communications Government 360

Security Affairs

MAY 9, 2020

The Mac RAT implements a C&C communication similar to the Linux variant. Like the Linux variant, the backdoor communicates with the C&C using a TLS connection and encrypts data using the RC4 algorithm. “Both Mac and Linux variants use the WolfSSL library for SSL communications. ” continues the report.

Libraries 311

Libraries Communications Encryption Authentication 311

Security Affairs

AUGUST 24, 2022

Tox has been used in the last months by threat actors as a communication channel between ransomware gangs and their victims. The binary is written in C and has only statically linked the c-toxcore library. We are observing it for the first time where Tox protocol is used to run scripts onto the machine.”

Communications 338

Communications Ransomware Libraries Encryption 338

Security Affairs

AUGUST 12, 2024

. “Attackers use the classic DLL sideloading technique: when the desktop.exe file is launched, the malicious VERSION.dll library is loaded into the corresponding process” reads the report published by Kaspersky. “This library is a backdoor packed with the VMProtect tool. ” continues the report.

Libraries 336

Libraries Encryption Cloud Archiving 336

Security Affairs

APRIL 30, 2020

The malware also downloads the Command-and-control (C2) URLs, C2 communication is encrypted using Base64, RC4, and Curve25519. . Most recent versions of EventBot also include a ChaCha20 library that can improve performance, but it is not currently being used, a circumstance that suggests authors are actively working to optimize EventBot. .

Financial Services 356

Financial Services Libraries Encryption Authentication 356

Security Affairs

MARCH 7, 2019

UPnP-enabled devices running outdated software are exposed to a wide range of attacks exploiting known flaws in UPnP libraries. UPnP works with network protocols to configure communications in the network.” The UPnP communication protocol is widely adopted even if it is known to be vulnerable. ” continues the expert.

Libraries 268

Libraries Communications Data collection Security 268

Security Affairs

DECEMBER 15, 2020

PyMICROPSIA communicated with C2 with HTTP POST requests, it uses different Uniform Resource Identifier (URI) paths and variables that depend on the functionality invoked. ’ PyMICROPSIA uses Python libraries to implements multiple operations, including data theft, Windows process and systems interaction. Audio recording.

Communications 363

Communications Libraries IT Security 363

Security Affairs

FEBRUARY 22, 2020

“The Haken clicker utilizes native code and injection to Facebook and AdMob libraries while communicating with a remote server to get the configuration.” Haken leverages these permissions to load a native library (‘ kagu-lib ‘) and registering two workers and a timer. ” continues the analysis.

Libraries 363

Libraries Communications IT Security 363

Security Affairs

DECEMBER 3, 2021

CISA’s advisories are related to RTU500 series bidirectional communication interface, Relion protection and control IEDs, Retail Operations and Counterparty Settlement and Billing (CSB) software, the Asset Performance Management (APM) Edge software for transformers, and the PCM600 update manager.

Retail 287

Retail Libraries Communications Cybersecurity 287

Security Affairs

APRIL 3, 2019

The two loaders discovered by Cylance and used by the APT group use side-loaded DLLs and an AES128 implementation from Crypto++ library for payload decryption. To make hard the analysis of the malware, backdoor DLLs are heavily obfuscated and C2 communication encrypted.

Libraries 264

Libraries Encryption Communications Manufacturing 264

Security Affairs

SEPTEMBER 24, 2020

An attacker could trigger the vulnerability by sending a crafted malicious image to the victim via email, WhatsApp, SMS, or any other communications platform and then saved to a victim’s device. The vulnerability ties on how Instagram uses third-party libraries for image processing, in particular, the open-source JPEG decoder Mozjpeg.

Access 324

Access Libraries Communications IT 324

Security Affairs

JULY 24, 2023

OpenSSH (Open Secure Shell) is a set of open-source tools and utilities that provide secure encrypted communication over a network. The vulnerability can be exploited only if certain libraries are installed on systems running the vulnerable versions and the SSH authentication agent is forwarded to an attacker-controlled system.

Libraries 246

Libraries Authentication Encryption Security 246

Security Affairs

JANUARY 18, 2019

The Commons FileUpload library is the default file upload mechanism in Struts 2, the CVE-2016-1000031 was discovered two years ago by experts at Tenable. The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper.

Financial Services 247

Financial Services Libraries Mining Retail 247

Security Affairs

SEPTEMBER 5, 2024

Attackers spread the backdoor as a dynamic library (DLL, SO), the malware allows attackers to fully control the compromised environment. Upon executing the backdoor, it continuously communicates with its C2 server, awaiting instructions. The communication relies on GZIP-compressed and AES-GCM-encrypted messages.

IT 291

IT Communications Encryption Libraries 291

Security Affairs

FEBRUARY 16, 2021

dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. If a path is passed, then the library is only loaded from the specific path. Avira.OE.NativeCore.dll: malicious DLL used during the DLL side-loading process.

Libraries 324

Libraries Communications Phishing Encryption 324

Schneier on Security

FEBRUARY 12, 2025

These buckets contained software libraries that are still used. That hampers their ability to communicate with vulnerable installations. Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. Which means that it won’t be.

Libraries 112

Libraries Communications Government IT 112

Security Affairs

JANUARY 17, 2022

“The SFile ransomware uses the Mbed TLS library, RSA-2048 and AES-256 algorithms for file encryption. The ransomware does not have its own portal; the attackers communicate with victims via email” reported ESET.

Ransomware 364

Ransomware Encryption Libraries Communications 364

Security Affairs

SEPTEMBER 2, 2019

. “The malware is uploaded as gzip compressed tarball archives of binaries, scripts, and libraries. The libraries reside under the directory c/lib I thought it would be required to run the binaries in the tarball , but the binaries are compiled statically, so the libraries are extraneous.” ” wrote Cashdollar.

IoT 278

IoT Honeypots Libraries Archiving 278

Security Affairs

JULY 9, 2022

The malware uses cmd.exe to read and execute a file stored on the infected external drive, it leverages msiexec.exe for external network communication to a rogue domain used as C2 to download and install a DLL library file. Then msiexec.exe launches a legitimate Windows utility, fodhelper.exe, which in turn run rundll32.exe

Manufacturing 276

Manufacturing Libraries Communications IT 276

Security Affairs

APRIL 21, 2024

The malware is developed in C/C++ without utilizing the Standard Template Library (STL), and certain segments are coded in pure Assembler.” Notably, the malware can create scheduled tasks using the Golang Go-ole library, which interfaces with the Windows Component Object Model (COM) for Task Scheduler service interaction.

Libraries 325

Libraries Communications IT Government 325

Security Affairs

NOVEMBER 25, 2022

Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. ” continues the report. that dates back to 2009.

Libraries 253

Libraries Manufacturing Security Communications 253

Security Affairs

JULY 29, 2020

The researchers pointed out that the Doki is a new multi-threaded malware leverages an undocumented technique for C2 communications by abusing the Dogecoin cryptocurrency blockchain in a unique way. The malware uses the embedTLS library for cryptographic functions and network communication. ” continues the report.

Blockchain 363

Blockchain Mining Cloud Communications 363

Security Affairs

AUGUST 20, 2024

The most notable feature of the backdoor is that it relies on DNS tunnelling to communicate with a C2 server. “Msupedge is a backdoor in the form of a dynamic link library (DLL).” ” reads the report published by Symantec.

Libraries 294

Libraries Communications Access IT 294

Security Affairs

JULY 4, 2022

The flaw is a heap buffer overflow that resides in the Web Real-Time Communications (WebRTC) component, it is the fourth zero-day patched by the IT giant in 2022. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” ” Google added.

Libraries 280

Libraries Communications Access IT 280

Security Affairs

DECEMBER 19, 2021

WebSockets is a computer communications protocol, providing full-duplex communication channels over a single TCP connection. Experts pointed out that this new attack vector significantly expands the attack surface and can impact services even running as localhost which were not exposed to any network. .

Communications 291

Communications Risk Libraries Cybersecurity 291

Security Affairs

MARCH 28, 2020

dll (file version 3.5.15.20) library that doesn’t properly validate user-supplied data sent to the web server URL endpoint. “The CmpWebServerHandlerV3 component (when in state 0) attempts to allocate -1 (0xffffffff) bytes for the communication buffer. . The issue resides in the CmpWebServerHandlerV3.dll

Libraries 362

Libraries Communications Security IT 362