2023 – Page 3 – WafdogBlog

Urgent Alert: Critical Security Flaw in WebP Codec Endangers Numerous Applications

A recently discovered critical security vulnerability in the WebP codec allows attackers to trigger a heap buffer overflow in numerous widely-used applications when a specially crafted image is opened. According to a report by Stackdiary, not only web browsers like Chrome, Firefox, Brave, and Edge are affected, but also countless other apps that utilize the …

Urgent Alert: Critical Security Flaw in WebP Codec Endangers Numerous Applications Read More »

Unveiling BlueShell: Insights, Variants, and Escalating Threats

Originating in 2020 and coded in Go, the BlueShell backdoor operates stealthily, utilizing TLS encryption to avoid network detection while communicating with its command-and-control (C2) server. It relies on three key configuration parameters: the C2 server’s IP address, port number, and a specified waiting time. Research has linked the use of BlueShell malware to the …

Unveiling BlueShell: Insights, Variants, and Escalating Threats Read More »

Addressing Splunk Enterprise Vulnerabilities: Patching Cross-Site Scripting, Denial of Service, and More

Splunk Enterprise harbors multiple vulnerabilities, including Cross-site Scripting (XSS), Denial of Service (DoS), Remote Code Execution, Privilege Escalation, and Path Traversal, with severity ratings ranging from 6.3 (Medium) to 8.8 (High). Addressing these concerns, Splunk has issued security advisories detailing patches for these vulnerabilities. CVE-2023-40592: Reflected Cross-Site Scripting (XSS) This vulnerability permits attackers to execute …

Addressing Splunk Enterprise Vulnerabilities: Patching Cross-Site Scripting, Denial of Service, and More Read More »

VMware Vulnerability Report: SAML Token Signature Bypass and Mitigation Measures

A vulnerability affecting VMware involving a SAML token signature bypass has been reported, potentially allowing threat actors to execute VMware Guest operations. Assigned the CVE ID CVE-2023-20900, this vulnerability is classified with a severity rating of 7.5 (High). VMware tools encompass a suite of modules and services designed to enhance various functionalities within VMware products. …

VMware Vulnerability Report: SAML Token Signature Bypass and Mitigation Measures Read More »

ArubaOS-Switch Vulnerabilities: Risks and Remediation Measures

ArubaOS-Switch Switches have been found to contain multiple vulnerabilities, including Stored Cross-site Scripting (Stored XSS), Denial of Service (DoS), and Memory Corruption issues. Aruba, the owner of ArubaOS-Switch and a subsidiary of Hewlett Packard Enterprise, has taken steps to address these vulnerabilities and has released a security advisory. ArubaOS-Switch allows centralized network management and is …

ArubaOS-Switch Vulnerabilities: Risks and Remediation Measures Read More »

Skype Security Alert: Flaw Exposes Users’ IP Addresses

A serious security flaw in Microsoft’s Skype messenger allows attackers to easily spy on your IP address. Using Skype? Then you should be particularly cautious now! A security researcher has managed to find out the IP address of a Skype user without them having to click on a link. Sounds alarming, doesn’t it? In this …

Skype Security Alert: Flaw Exposes Users’ IP Addresses Read More »

New Evasion Technique: Hackers Embed Malicious Word Files within PDFs

In an attempt to evade detection, hackers have adopted a novel technique known as “MalDoc in PDF,” wherein they embed a malicious Word file within a PDF file. Despite possessing PDF-specific file format and magic numbers, a file crafted with MalDoc in PDF can be opened in Word. When such a file contains a configured …

New Evasion Technique: Hackers Embed Malicious Word Files within PDFs Read More »

U.S. FBI Warns of Persistent Risk to Barracuda Networks Email Security Gateway Despite Patching Efforts

The U.S. Federal Bureau of Investigation (FBI) has issued a stark warning regarding Barracuda Networks Email Security Gateway (ESG) appliances, cautioning that even with the latest patches, they remain vulnerable to potential compromise by suspected Chinese hacking groups. According to the FBI, the patches released to address the recently disclosed critical flaw in Barracuda ESG …

U.S. FBI Warns of Persistent Risk to Barracuda Networks Email Security Gateway Despite Patching Efforts Read More »

Carderbee Hacking Group Utilizes Genuine Software in Supply Chain Breach

In a recent supply chain infiltration aimed at implanting the Korplug backdoor (also known as PlugX) into targeted systems, an unidentified APT group has been observed leveraging the “Cobra DocGuard” software. Cobra DocGuard, developed by the Chinese company “EsafeNet,” serves as a legitimate software solution for managing Consolidated Omnibus Budget Reconciliation Act documents. Symantec cybersecurity …

Carderbee Hacking Group Utilizes Genuine Software in Supply Chain Breach Read More »

WinRAR Vulnerability Enables Hackers to Seize Control of PCs

A significant security vulnerability has been revealed in the WinRAR utility, which has the potential to be exploited by malicious actors to achieve remote code execution on Windows systems. This vulnerability, identified as CVE-2023-40477 with a CVSS score of 7.8, arises from improper validation during the processing of recovery volumes. The Zero Day Initiative (ZDI) …

WinRAR Vulnerability Enables Hackers to Seize Control of PCs Read More »