Aggregator

A vulnerability, which was classified as problematic, has been found in Samsung Devices. Affected by this issue is some unknown functionality. The manipulation leads to improper export of android application components. This vulnerability is handled as CVE-2024-34641. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Samsung Devices. Affected by this vulnerability is an unknown functionality of the component BGProtectManager. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-34640. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Samsung Devices. Affected is an unknown function of the component Setupwizard. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability is traded as CVE-2024-34639. It is possible to launch the attack on the physical device. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Devices. It has been rated as problematic. This issue affects some unknown processing of the component ThemeCenter. The manipulation leads to handling of exceptional conditions. The identification of this vulnerability is CVE-2024-34638. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Devices. It has been declared as problematic. This vulnerability affects unknown code of the component KnoxMiscPolicy. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability was named CVE-2024-34648. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Samsung Notes. It has been classified as critical. This affects an unknown part. The manipulation leads to stack-based buffer overflow. This vulnerability is uniquely identified as CVE-2024-34657. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Samsung Group Sharing 10.8.03.2/13.0.6.15 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to information disclosure. This vulnerability is handled as CVE-2024-34659. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Samsung Devices and classified as critical. Affected by this vulnerability is an unknown functionality of the component Dressroom. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-34644. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Samsung Devices. Affected is an unknown function of the component Dressroom. The manipulation leads to improper access controls. This vulnerability is traded as CVE-2024-34643. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

WMCTF2024 | 倒计时3天 | 等你来战

LOYTEC electronicsが提供する複数の製品には、複数の脆弱性が存在します。

A vulnerability, which was classified as problematic, has been found in Samsung Devices. This issue affects some unknown processing of the component WindowManagerService. The manipulation leads to incorrect authorization. The identification of this vulnerability is CVE-2024-34637. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Samsung Samsung Assistant. This vulnerability affects unknown code of the component Location Data Handler. The manipulation leads to improper handling of insufficient permissions or privileges. This vulnerability was named CVE-2024-34661. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

一个名为Head Mare 的黑客组织涉嫌发动网络攻击，攻击对象主要是俄罗斯和白俄罗斯目标。 卡巴斯基在周一对该组织的策略和工具的分析中表示：“Head Mare 使用更为先进的方法来获取初始访问权限。例如，攻击者利用了 WinRAR 中相对较新的CVE-2023-38831漏洞，该漏洞允许攻击者通过特制的存档在系统上执行任意代码。这种方法使该组织能够更有效地传递和伪装恶意负载。” Head Mare 自 2023 年起活跃，是一年前开始的俄乌冲突背景下攻击俄罗斯组织的黑客组织之一。 它还在 X 上存在，并在那里泄露受害者的敏感信息和内部文件。该组织的攻击目标包括政府、交通、能源、制造业和环境部门。 与其他可能以对两国公司造成“最大程度损害”为目标的黑客活动分子不同，Head Mare 还使用 LockBit （Windows版本）和 Babuk （Linux版本）加密受害者的设备，并索要解密赎金。 其工具包还包括PhantomDL 和 PhantomCore，前者是一个基于 Go 的后门，能够提供额外的有效载荷并将感兴趣的文件上传到命令和控制 (C2) 服务器。 PhantomCore（又名 PhantomRAT）是 PhantomDL 的前身，是一种具有类似功能的远程访问木马，允许从 C2 服务器下载文件、将文件从受感染主机上传到 C2 服务器，以及在 cmd.exe 命令行解释器中执行命令。 “攻击者创建名为 MicrosoftUpdateCore 和 MicrosoftUpdateCoree 的计划任务和注册表值，将其活动伪装成与微软软件相关的任务。”卡巴斯基表示，“我们还发现该组织使用的某些 LockBit 样本具有以下名称：OneDrive.exe [和] VLC.exe。这些样本位于 C:\ProgramData 目录中，伪装成合法的 OneDrive 和 VLC 应用程序。” 我们发现，这两种文件都是通过网络钓鱼活动以具有双扩展名的商业文档的形式进行分发的（例如，решение №201-5_10вэ_001-24 к пив экран-сои-2.pdf.exe 或 тз на разработку.pdf.exe）。 其攻击武器库的另一个关键组成部分是Sliver，这是一个开源 C2 框架，以及各种公开可用的工具的集合，例如 rsockstun、ngrok 和 Mimikatz，用于促进发现、横向移动和凭证收集。 入侵最终会根据目标环境部署 LockBit 或 Babuk，然后留下一封勒索信，要求用户付款以换取解密器来解锁文件。 这家俄罗斯网络安全供应商表示：“Head Mare 组织所使用的策略、方法、程序和工具与俄乌冲突背景下针对俄罗斯和白俄罗斯目标进行攻击的其他组织类似。该组织的特点是使用 PhantomDL 和 PhantomCore 等定制恶意软件，以及利用相对较新的漏洞 CVE-2023-38831，在网络钓鱼活动中渗透到受害者的基础设施中。”   转自军哥网络安全读报，原文链接：https://mp.weixin.qq.com/s/_8z5DsDXY8XnKHJfxf7fCw 封面来源于网络，如有侵权请联系删除

A vulnerability classified as problematic has been found in Huawei HarmonyOS and EMUI. This affects an unknown part of the component Software Update Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-45450. Attacking locally is a requirement. There is no exploit available.

A vulnerability was found in Huawei HarmonyOS and EMUI. It has been rated as critical. Affected by this issue is some unknown functionality of the component DownloadProviderMain Module. The manipulation leads to improper access controls. This vulnerability is handled as CVE-2024-45442. Local access is required to approach this attack. There is no exploit available.

A vulnerability was found in Huawei HarmonyOS and EMUI. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component System Service Module. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-45441. An attack has to be approached locally. There is no exploit available.

A vulnerability was found in Huawei HarmonyOS and EMUI. It has been classified as problematic. Affected is an unknown function of the component SystemUI Module. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-42039. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Huawei HarmonyOS and EMUI and classified as problematic. This issue affects some unknown processing of the component Camera Framework Module. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-45447. The attack may be initiated remotely. There is no exploit available.

Editor’s note: The current article is authored by Mostafa ElSheimy, a malware reverse engineer and threat intelligence analyst. You can find Mostafa on X and LinkedIn. In this malware analysis report, we conduct an in-depth examination of AZORult, a sophisticated credential and payment card information stealer. Our walk-through covers the malware’s evolution, including its transition from Delphi to […]

The post AZORult Malware: Technical Analysis appeared first on ANY.RUN's Cybersecurity Blog.