Security Affairs

JUNE 9, 2019

The SpiService.exe is associated with XFS, the Extension for Financial Services DLL library (MSXFS.dll) that is specifically used by ATMs.” “The library provides a special API for the communication with the ATM’s PIN pad and the cash dispenser.” ” reads the post published by the experts.

Libraries 279

Libraries Communications Financial Services Security 279

Security Affairs

OCTOBER 28, 2022

We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. “ This is the seventh Chrome zero-day fixed by Google this year, below is the full list: CVE-2022-3075 (September 2) – Insufficient data validating in the Mojo collection of runtime libraries.

Libraries 351

Libraries IT Communications Access 351

Security Affairs

SEPTEMBER 3, 2022

Mojo is a collection of runtime libraries providing a platform-agnostic abstraction of common IPC primitives, a message IDL format, and a bindings library with code generation for multiple target languages to facilitate convenient message passing across arbitrary inter- and intra-process boundaries.

Libraries 336

Libraries Communications Security IT 336

Security Affairs

DECEMBER 31, 2021

CVE-2021-20174 : Default HTTP Communication (Web Interface). CVE-2021-20175 : Default HTTP Communication (SOAP Interface). Researchers discovered multiple instances of known vulnerable jQuery libraries (such as jquery 1.4.2), for this reason, they are urging to update them to the latest available versions.

Communications 359

Communications Libraries Encryption Passwords 359

Security Affairs

MARCH 31, 2024

Both Linux and Windows versions of DinodasRAT communicates with the C2 over TCP or UDP. 0x1A DealProxy Proxy C2 communication through a remote proxy. 0x1A DealProxy Proxy C2 communication through a remote proxy. The library uses the Tiny Encryption Algorithm ( TEA ) in CBC mode to cipher and decipher the data.

Libraries 362

Libraries Encryption Communications Government 362

Security Affairs

JULY 5, 2024

The device has the functionality, through a CIP class, to execute exported functions from libraries. There is a routine that restricts it to execute specific functions from two dynamic link library files.” ” reads the advisory. ” The flaw impacts FactoryTalk View Machine Edition (versions 13.0, and prior).

Libraries 326

Libraries Communications Cybersecurity Risk 326

Security Affairs

SEPTEMBER 10, 2024

According to Sekoia, the operators have enhanced the botnet’s communication shifting away from using open SOCKS proxies for relaying malicious traffic in an attempt to evade detection. The botnet now uses the KCP protocol, which communicates over UDP via a new tool called FsyNet. ” reads the report.

Communications 307

Communications Libraries Encryption Security 307

Security Affairs

DECEMBER 1, 2022

The attacking server that is defined as the master uses this connection to download the shared library exp_lin.so MODULE LOAD command – this allows for the loading of a module from the dynamic library downloaded at stage 4 at runtime. This library allows for exploitation of the vulnerability and runs arbitrary commands later.

Libraries 363

Libraries Honeypots Communications Cybersecurity 363

Security Affairs

MAY 9, 2020

The Mac RAT implements a C&C communication similar to the Linux variant. Like the Linux variant, the backdoor communicates with the C&C using a TLS connection and encrypts data using the RC4 algorithm. “Both Mac and Linux variants use the WolfSSL library for SSL communications. ” continues the report.

Libraries 319

Libraries Communications Encryption Authentication 319

Security Affairs

AUGUST 24, 2022

Tox has been used in the last months by threat actors as a communication channel between ransomware gangs and their victims. The binary is written in C and has only statically linked the c-toxcore library. We are observing it for the first time where Tox protocol is used to run scripts onto the machine.”

Communications 346

Communications Ransomware Libraries Encryption 346

Security Affairs

AUGUST 12, 2024

. “Attackers use the classic DLL sideloading technique: when the desktop.exe file is launched, the malicious VERSION.dll library is loaded into the corresponding process” reads the report published by Kaspersky. “This library is a backdoor packed with the VMProtect tool. ” continues the report.

Libraries 345

Libraries Encryption Cloud Archiving 345

Security Affairs

APRIL 30, 2020

The malware also downloads the Command-and-control (C2) URLs, C2 communication is encrypted using Base64, RC4, and Curve25519. . Most recent versions of EventBot also include a ChaCha20 library that can improve performance, but it is not currently being used, a circumstance that suggests authors are actively working to optimize EventBot. .

Financial Services 358

Financial Services Libraries Encryption Authentication 358

Security Affairs

DECEMBER 3, 2021

CISA’s advisories are related to RTU500 series bidirectional communication interface, Relion protection and control IEDs, Retail Operations and Counterparty Settlement and Billing (CSB) software, the Asset Performance Management (APM) Edge software for transformers, and the PCM600 update manager.

Retail 296

Retail Libraries Communications Cybersecurity 296

Security Affairs

MARCH 7, 2019

UPnP-enabled devices running outdated software are exposed to a wide range of attacks exploiting known flaws in UPnP libraries. UPnP works with network protocols to configure communications in the network.” The UPnP communication protocol is widely adopted even if it is known to be vulnerable. ” continues the expert.

Libraries 268

Libraries Communications Data collection Security 268

Security Affairs

DECEMBER 15, 2020

PyMICROPSIA communicated with C2 with HTTP POST requests, it uses different Uniform Resource Identifier (URI) paths and variables that depend on the functionality invoked. ’ PyMICROPSIA uses Python libraries to implements multiple operations, including data theft, Windows process and systems interaction. Audio recording.

Communications 363

Communications Libraries IT Security 363

Security Affairs

SEPTEMBER 24, 2020

An attacker could trigger the vulnerability by sending a crafted malicious image to the victim via email, WhatsApp, SMS, or any other communications platform and then saved to a victim’s device. The vulnerability ties on how Instagram uses third-party libraries for image processing, in particular, the open-source JPEG decoder Mozjpeg.

Access 334

Access Libraries Communications IT 334

Security Affairs

APRIL 3, 2019

The two loaders discovered by Cylance and used by the APT group use side-loaded DLLs and an AES128 implementation from Crypto++ library for payload decryption. To make hard the analysis of the malware, backdoor DLLs are heavily obfuscated and C2 communication encrypted.

Libraries 267

Libraries Encryption Communications Manufacturing 267

Security Affairs

SEPTEMBER 5, 2024

Attackers spread the backdoor as a dynamic library (DLL, SO), the malware allows attackers to fully control the compromised environment. Upon executing the backdoor, it continuously communicates with its C2 server, awaiting instructions. The communication relies on GZIP-compressed and AES-GCM-encrypted messages.

IT 300

IT Communications Encryption Libraries 300

Security Affairs

FEBRUARY 16, 2021

dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. If a path is passed, then the library is only loaded from the specific path. Avira.OE.NativeCore.dll: malicious DLL used during the DLL side-loading process.

Libraries 334

Libraries Communications Phishing Encryption 334

Security Affairs

JANUARY 18, 2019

The Commons FileUpload library is the default file upload mechanism in Struts 2, the CVE-2016-1000031 was discovered two years ago by experts at Tenable. The bug affected the OCA’s Diameter Signalling Router component and its Communications Services Gatekeeper.

Financial Services 253

Financial Services Libraries Mining Retail 253

Schneier on Security

FEBRUARY 12, 2025

These buckets contained software libraries that are still used. That hampers their ability to communicate with vulnerable installations. Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. Which means that it won’t be.

Libraries 117

Libraries Communications Government IT 117

Security Affairs

JULY 24, 2023

OpenSSH (Open Secure Shell) is a set of open-source tools and utilities that provide secure encrypted communication over a network. The vulnerability can be exploited only if certain libraries are installed on systems running the vulnerable versions and the SSH authentication agent is forwarded to an attacker-controlled system.

Libraries 246

Libraries Authentication Encryption Security 246

Security Affairs

APRIL 21, 2024

The malware is developed in C/C++ without utilizing the Standard Template Library (STL), and certain segments are coded in pure Assembler.” Notably, the malware can create scheduled tasks using the Golang Go-ole library, which interfaces with the Windows Component Object Model (COM) for Task Scheduler service interaction.

Libraries 335

Libraries Communications IT Government 335

Security Affairs

JULY 9, 2022

The malware uses cmd.exe to read and execute a file stored on the infected external drive, it leverages msiexec.exe for external network communication to a rogue domain used as C2 to download and install a DLL library file. Then msiexec.exe launches a legitimate Windows utility, fodhelper.exe, which in turn run rundll32.exe

Manufacturing 283

Manufacturing Libraries Communications IT 283

Security Affairs

JANUARY 17, 2022

“The SFile ransomware uses the Mbed TLS library, RSA-2048 and AES-256 algorithms for file encryption. The ransomware does not have its own portal; the attackers communicate with victims via email” reported ESET.

Ransomware 364

Ransomware Encryption Libraries Communications 364

Security Affairs

SEPTEMBER 2, 2019

. “The malware is uploaded as gzip compressed tarball archives of binaries, scripts, and libraries. The libraries reside under the directory c/lib I thought it would be required to run the binaries in the tarball , but the binaries are compiled statically, so the libraries are extraneous.” ” wrote Cashdollar.

IoT 278

IoT Honeypots Libraries Archiving 278

Security Affairs

NOVEMBER 25, 2022

Researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. Binarly researchers discovered that devices from Dell, HP, and Lenovo are still using outdated versions of the OpenSSL cryptographic library. ” continues the report. that dates back to 2009.

Libraries 256

Libraries Manufacturing Communications Security 256

Security Affairs

AUGUST 20, 2024

The most notable feature of the backdoor is that it relies on DNS tunnelling to communicate with a C2 server. “Msupedge is a backdoor in the form of a dynamic link library (DLL).” ” reads the report published by Symantec.

Libraries 304

Libraries Communications Access IT 304

Security Affairs

JULY 29, 2020

The researchers pointed out that the Doki is a new multi-threaded malware leverages an undocumented technique for C2 communications by abusing the Dogecoin cryptocurrency blockchain in a unique way. The malware uses the embedTLS library for cryptographic functions and network communication. ” continues the report.

Blockchain 364

Blockchain Mining Cloud Communications 364

Security Affairs

JULY 4, 2022

The flaw is a heap buffer overflow that resides in the Web Real-Time Communications (WebRTC) component, it is the fourth zero-day patched by the IT giant in 2022. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.” ” Google added.

Libraries 288

Libraries Communications Access IT 288

Security Affairs

DECEMBER 19, 2021

WebSockets is a computer communications protocol, providing full-duplex communication channels over a single TCP connection. Experts pointed out that this new attack vector significantly expands the attack surface and can impact services even running as localhost which were not exposed to any network. .

Communications 300

Communications Risk Libraries Cybersecurity 300

Security Affairs

FEBRUARY 11, 2024

The malware uses cmd.exe to read and execute a file stored on the infected external drive, it leverages msiexec.exe for external network communication to a rogue domain used as C2 to download and install a DLL library file. The malicious code also changed its communication method and lateral movement to avoid detection.

Communications 349

Communications Manufacturing Libraries Cybersecurity 349

Security Affairs

MAY 23, 2024

Upon receiving a request, it executes the encoded JavaScript code using the Microsoft.JScript library. Our investigation also uncovered two additional variations that utilize cloud storage services for communication instead of direct HTTP requests. . “SharpJSHandler operates by listening for HTTP requests.

Archiving 334

Archiving Military Communications Phishing 334

Security Affairs

MARCH 28, 2020

dll (file version 3.5.15.20) library that doesn’t properly validate user-supplied data sent to the web server URL endpoint. “The CmpWebServerHandlerV3 component (when in state 0) attempts to allocate -1 (0xffffffff) bytes for the communication buffer. . The issue resides in the CmpWebServerHandlerV3.dll

Libraries 362

Libraries Communications Security IT 362

Security Affairs

MARCH 17, 2022

The Node-ipc node module allows local and remote inter-process communication with support for Linux, macOS, and Windows. of the library wipe the content of arbitrary files and replace it with a heart emoji. and bundles the “colors” NPM library, while it doesn’t include the STDOUT console messages. and 10.1.2

Libraries 304

Libraries Communications Security IT 304

Security Affairs

OCTOBER 28, 2021

The decrypted module is loaded into memory using the MemoryModule library. The modules reuse the loader’s functions for communication, keys and sockets, this implies that the malware don’t have to initiate new outbound connections. ” concludes ESET.

Encryption 300

Encryption Libraries Communications Security 300

Security Affairs

NOVEMBER 25, 2022

We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed. CVE-2022-3075 (September 2) – Insufficient data validating in the Mojo collection of runtime libraries. CVE-2022-2856 (August 17) – Insufficient validation of untrusted input in Intents.

Libraries 246

Libraries Communications Security Access 246