Apache Tomcat is a popular open-source Java servlet container, so the discovery of Ghostcat understandably set off some alarms. This blog entry seeks to put the most feared Ghostcat-related scenario into perspective by delving into the unlikely circumstances that would make it possible to allow an RCE through the vulnerability.
Read More
CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the underlying problem lies in the library called libpl_droidsonroids_gif.so, which is part of the android-gif-drawable package. While this flaw has also been patched, many applications still use the older version and remain at risk.
Read More
We discovered a new version of SLUB delivered via another unique watering hole website. This malicious site used CVE-2019-0752, an Internet Explorer vulnerability discovered by Trend Micro’s Zero Day Initiative (ZDI) that was just patched this April. This is the first time we found this exploit used in the wild. This new version of the SLUB malware has stopped using GitHub as a way to communicate, heavily using Slack instead via two free workspaces.
Read More
We found cryptocurrency-mining activity that involves the exploitation of the Oracle WebLogic server vulnerability CVE-2019-2725 with the interesting behavior of using certificate files as an obfuscation tactic.
Read More
We found a new Mirai variant we’ve called Yowai and Gafgyt variant Hakai abusing a ThinkPHP flaw for propagation and DDoS attacks.
Read More