Análise de Ameaças

Overview Recently, AVEVA released a security bulletin to announce the remediation of two critical vulnerabilities in industrial software. CVE-2018-17916 is a stack overflow vulnerability that can be triggered by sending a crafted packet, leading to remote code execution by an unauthorized user. CVE-2018-17914 stems from an empty password in the configuration file. An unauthorized attacker […]

Vulnerability Overview Recently, Cisco officially released a security advisory to fix the denial-of-service (DoS) vulnerability (CVE-2018-15454) in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. This vulnerability exists in the Session Initiation Protocol (SIP) inspection engine used by Cisco ASA and FTD. An unauthorized attacker could exploit this vulnerability remotely to cause an […]

Risk Overview The GandCrab family is updating at a rapid pace. Since its V5 was released in September this year, a number of variants have appeared, including V5.0, V5.0.2, V5.0.3, V5.0.4, and V5.0.5. This virus family has targeted customers in various sectors in China. Users should take precautions to remove it as soon as possible.

Vulnerability Overview Recently, Apache Software Foundation (ASF) released a security advisory to announce the fix for an access control bypass vulnerability (CVE-2018-11759) in the mod_jk module in Apache Tomcat. Currently, the proof of concept (PoC) has been announced for this vulnerability. Users of this software should take precautions to fix this vulnerability as soon as […]

Overview Security researchers from the security firm ESET spotted a piece of malware dubbed Joao targeting gamers. This malware is found inside an Aeria game installation pack provided by a third party. Upon the start of a game, this malware runs in the background, sending the victim’s machine information to the attacker, including the operating […]