Published: 15/11/2017 Updated: 16/03/2021

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 1000

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an malicious user to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft office 2013
microsoft office 2010
microsoft office 2016
microsoft office 2007

Source: githubcom/embedi/CVE-2017-11882 CVE-2017-11882: portalmsrcmicrosoftcom/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2017-11882 Research: embedicom/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about Patch analysis: 0patchblo ...

This Metasploit module exploits a flaw in how the Equation Editor handles OLE objects in memory to execute arbitrary code using RTF files without interaction ...

Module exploits a flaw in how the Equation Editor that allows an attacker to execute arbitrary code in RTF files without interaction. The vulnerability is caused by the Equation Editor, to which fails to properly handle OLE objects in memory.

msf > use exploit/windows/fileformat/office_ms17_11882
      msf exploit(office_ms17_11882) > show targets
            ...targets...
      msf exploit(office_ms17_11882) > set TARGET <target-id>
      msf exploit(office_ms17_11882) > show options
            ...show and set options...
      msf exploit(office_ms17_11882) > exploit

Microsoft Office Memory Corruption Vulnerability CVE-2017-11882 March 25, 2019 Shannon and Iman Outline Background Vulnerability How does it work? Uses Violations How was it fixed? (solutions) What the patch does Example Background The code for Equation Editor was compiled in 2000 and was used in subsequent versions of Word It is run as a separate process and an attacker can

CVE-2017-11882

ABC CVE-2017-11882 Invoke-Mimikatz googl/urb92R Calcexe googl/qTqqE4

CVE-2017-11882 43b 原脚本来自于 githubcom/embedi/CVE-2017-11882 109b 原脚本来自于 githubcom/unamer/CVE-2017-11882/ （膜一波，现在unamer的代码已经可以执行shellcode了~） CVE-2017-11882: portalmsrcmicrosoftcom/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2017-11

CVE-2017-11882 analyse notebook

IDB_Share CVE-2017-11882 analyse notebook 发现了一个利用姿势比较清奇的11882格式溢出文档，释放的payload也很有意思，大量硬编码API地址和加解密的字符串，使静态分析难度较大，公开部分IDB，以飨读者 shellcodeidb 适用于ida pro 68,其他两个idb适用于ida pro 695

CactusPete APT group’s updated Bisonal backdoor Kaspersky 2020-08-13T10:00:09+00:00 A new CactusPete campaign shows that the group’s favored types of target remain the same The victims of the new variant of the Bisonal backdoor were from financial and military sectors located in Eastern Europe securelistcom/cactuspete-apt-groups-updated-bisonal-backdoor/9

Tool to decode the encoded Shellcode of this type found in office documents

EquationEditorShellCodeDecoder Tool to decode the encoded Shellcode of this type found in office documents See the Blogpost to see how to use this pcsxcetrasupport3wordpresscom/2019/05/22/a-deeper-look-at-equation-editor-cve-2017-11882-with-encoded-shellcode/ I also have decoding notes for this sample in the 7Zip file The password is the standard infected just incas

DeltaFlare Description This repository content a matrix with the references on legit software abused by Threat Actors for hunt by reuse TTPs methods Objectives This matrix has for objectives for to help to attribution to a Threat Actor that abuse again a legit software for theirs operations or for hunting the activities on the public sandboxes in checking new submissions This

Crawler nguồn IOC (Indicators of Compromise)

Crawler nguồn IOC (Indicators of Compromise) IOCs (hashes, địa chỉ IP, tên miền…) được lấy từ các nhóm nội bộ đến các tổ chức, hoặc có thể từ đơn vị cung cấp thứ ba Loại tìm kiếm này hầu như không chủ động nhưng lại mang về một số lợi ích trong

Simple Overflow demo, like CVE-2017-11882 exp

Overflow-Demo-CVE-2017-11882 Simple Overflow demo by strcpy text string, like CVE-2017-11882 exp Build Build with Visual Studio 2017( 2019 is working too, 2015 is not working) Project Config Project setting: c/c++ Optimization Optimization: Maximum Optimization (Favor Size) (/O1) Favor Size of Speed: Favor small code (/Os) Who

CVE-2017-11882 File Generator PoC

CVE-2017-11882 A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user 2017-11882_Generator This is a PoC re-edited, from the original one made by Embedi, to generate single file rt

cve-2017-11882

CVE-2017-11882 from https://github.com/embedi/CVE-2017-11882

Microsoft Office Memory Corruption (CVE-2017-11882) Background Age: 17 year old vulnerability What is it: Run arbitrary code remotely without user interaction Why it works: Buffer overflow vulnerability inside equation editor (EQUEDT32exe) Who has been affected: Users who installed Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 Service Pack 2 Microsoft Office 201

Malware samples and other artifacts

Malware Samples This repository is intended to provide access to a wide variety of malicious files and other artifacts Please keep in mind that most of these samples will not be archived or password protected For those that are, consult the additional README but the use of the standard password 'infected' will be utilized Summary of Samples 2020-11-07: Maldoc temp

Proof-of-Concept exploits for CVE-2017-11882

CVE-2017-11882 CVE-2017-11882: portalmsrcmicrosoftcom/en-US/security-guidance/advisory/CVE-2017-11882 MITRE CVE-2017-11882: cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2017-11882 Research: embedicom/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about Patch analysis: 0patchblogspotru/2017/11/did-microsoft-just-manually-patch-the

some links gathering about penetration

Table of contents PentestInfo 0X01 Information Gethering IP And DNS Information leakage 0X02 Denial Of Service 0X03 Scan Identify Tools For Overall Scan Web Applications Scan Tools 0X04 Fuzz and Password 0X05 Password crack 0X06 System Vulnerability 0X07 Web Relevant Online Website 0X08 Existing Vulnerability Finding 0X09 Cheatsheet 0X10 Webshell And Payload 0X11 Code R

YesWeHack BugTracker

ywh2bt ywh2bt is a tool to integrate your bug tracking system(s) with YesWeHack platform It automatically creates issues in your bug tracking system for all your program's report, and add to the concerned reports the link to the issue This tool requires you to have "Use Apps API" right on YesWeHack platform, and a custom HTTP header value to put in your configu

MalDoc-Parser A command line application that performs an extensive static analysis on Office documents Although there are plenty of awesome tools for Maldocs out there, I wanted to write a tool myself as part of studying Maldocs A tool that can handle all Office formats Feed it a Office document and it will determine the formatt by itself and parse it The script currentl

CAUTION!! This repo includes malware so be careful!!!!! Anti Any Run malware on wild I read this article And I wonder how this malware detect AnyRun environment Therefore, I analyzed this Scenario Maldoc exploit Microsoft Equation with CVE-2017-11882 and execute PowerShell script(original/psps1 de-obfuscated one is powershells/downloaderps1) Then, it downloads two files(

Crawler nguồn IOC (Indicators of Compromise)

Crawler nguồn IOC IOCs (hashes, địa chỉ IP, tên miền…) được lấy từ các nhóm nội bộ đến các tổ chức, hoặc có thể từ đơn vị cung cấp thứ ba Loại tìm kiếm này hầu như không chủ động nhưng lại mang về một số lợi ích trong quá trình t&i

SophosLabs-Intelix In order to use the basic functionability of API SophosLabs Intelix , we have developped a tool that allows static or dynamical analysis of files In other words , the latter servers to examine and to identify malicious for Android Applications It consists of scanning hash or file giving a Json file that includes the analysis results Authors : -Script Au

some links gathering about penetration

CVE-2017-11882 - The unique vulnerability identifier of Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allows an attacker to run code in the context of the current user without properly handling objects in memory, the so-called "Microsoft Office Memory c…

SignHere Introduction CVE-2017-11882 - The unique vulnerability identifier of Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allows an attacker to run code in the context of the current user without properly handling objects in memory, the so-called "Microsoft Office Memory corrupt

APT Analysis Report，fighting！

APT-Analysis-Report APT Analysis Report，fighting！ APT-C-09 [1] CSDN APT攻击检测溯源与常见APT组织的攻击案例[EB/OL] (2020-05-11) blogcsdnnet/Eastmount/article/details/106009460 [2] FreeBuf 海莲花APT组织2019年第一季度针对中国的攻击活动技术揭秘[EB/OL] (2019-04-26) wwwfreebufcom/articles/network/201940html [3]

some links gathering about penetration

Osiris Tactical+ Intelligence Report Analyst Checklist Identification Osiris Artifacts Osiris Overview Osiris is the Egyptian god of rebirth Osiris is an extremely stealthy Banking trojan targeting victims in Poland , Germany and Japan It has been retooled from the old banking trojan named Kronos “that was discovered in last 2014” new Osiris Using uncommon te

CVE-2017-11882 exploitation

CVE-2017-11882 文章链接隐藏17年的Office远程代码执行漏洞（CVE-2017-11882） wwwcnblogscom/Hi-blog/p/7878054html

Empire Port of CVE-2017-11882

CVE-2017-11882 Empire Port of CVE-2017-11882 Code shifted to another parent repository Redirect?

CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum.

CVE-2017-11882 Exploit CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum For remote command execution,this exploit will call WinExec with SW_HIDE and call ExitProcess after WinExec returns For remote code execution,this exploit just jmp to code I cannot find a reference for the object structureso I cannot change the file length for arbitrary lengt

CVE-2017-11882 原脚本来自于 githubcom/embedi/CVE-2017-11882 CVE-2017-11882: portalmsrcmicrosoftcom/en-US/security-guidance/advisory/ MITRE CVE-2017-11882: cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2017-11882 Research: embedicom/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about Patch analysis: 0patchblogspotru

Malware Samples This repository is intended to provide access to a wide variety of malicious files and other artifacts All of the samples are in a password protected ZIP archive using a password of: infected Malware Analysis Exercises In addition to providing artifacts from samples, I will regularly post malware anlaysis exercises These exercises will cover a wide range of

Research-Exploit-Office Reference wwwnccgrouptrust/uk/about-us/newsroom-and-events/blogs/2018/june/cve-2017-8570-rtf-and-the-sisfader-rat/ tradahackingvn/another-malicious-document-with-cve-2017-11882-839e9c0bbf2f successtrendmicrocom/solution/1123612-cve-2017-8570-vulnerability-downloads-high-profile-malware whitehatvn/threads/microsoft-ph

漏洞分析

Vulnerability-analysis 漏洞分析 MSCOMCTLOCX RCE 漏洞 - CVE-2012-0158 CVE-2017-11882 文档型漏洞

Extract OLEv1 objects from RTF files by instrumenting Word

Introduction rtfraptor is a simple tool to aid analysis of malicious RTF files by extracting OLEv1 objects It was inspired by a blog post by Denis O'Brien (link below) It works by running Word and intercepting calls to OLEv1 functions This allows raw OLE objects to be dumped from memory for further analysis The tool is designed to be run on Windows This is useful f

CVE-2018-0802 CVE-2018-08022: portalmsrcmicrosoftcom/en-US/security-guidance/advisory/CVE-2018-0802 MITRE CVE-2018-0802: cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2018-0802 0patch exploitation and patch video: wwwyoutubecom/watch?v=XU-U4K270Z4 Qihoo 360 blog post wwwfreebufcom/vuls/159789html Checkpoint blog (brute-force ASLR by

RTF_11882_0802 CVE-2017-11882 CVE-2017-11882: portalmsrcmicrosoftcom/en-US/security-guidance/advisory/CVE-2017-11882 MITRE CVE-2017-11882: cvemitreorg/cgi-bin/cvenamecgi?name=CVE-2017-11882 Research: embedicom/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about Patch analysis: 0patchblogspotru/2017/11/did-microsoft-just-man

-文章记录 100截断分析 2利用Excel 40宏执行任意命令 3IIS6_WebDAV远程代码执行漏洞(CVE-2017-7269)的正确打开方式 4对一次 redis 未授权写入攻击的分析以及 redis 4x RCE 学习 5reGeorg 工作流程分析(以 php 为例) 6浅析 Kerberos 认证过程以及黄金票据和白银票据 7JSONP 劫持原理与挖掘方法 8PHPINFO 中�

PoC Exploit for CVE-2018-0802 (and optionally CVE-2017-11882)

CVE-2017-11882 Study Student Name: Peiran Sun, Yufeng Ge Date:2022220 Intro: Today we are going to talk about a vulnerability that affects everyone who uses Microsoft office for almost two decades When you opened a Microsoft Office file, have you ever noticed this annoying warning? I always wonder, how can a file display only text and pictures, maybe sometimes video, harmin

CVE-OTX Lookup About The Project Simple script to query AlienVault OTX for CVE information Specifically we're looking to learn if any given CVE has an existing exploit and if it has been exploited in the wild This is intended as a backup method of enriching vulnerability report data from TA Requirements CVE-OTX Lookup uses AlienVault's OTX Python SDK (distributed

PoC for CVE-2018-0802 And CVE-2017-11882

2018-2020青年安全圈-活跃技术博主/博客

Security-Data-Analysis-and-Visualization 2018-2020青年安全圈-活跃技术博主/博客声明所有数据均来自且仅来自公开信息，未加入个人先验知识，如有疑义，请及时联系root@4o4notfoundorg。公开这批数据是为了大家一起更快更好地学习，请不要滥用这批数据，由此引发的问题，本人将概不负责。对这

Red Teaming/Adversary Simulation Toolkit A collection of open source and commercial tools that aid in red team operations This repository will help you during red team engagement If you want to contribute to this list send me a pull request Contents Reconnaissance Weaponization Delivery Command and Control Lateral Movement Establish Foothold Escalate Privileges Data Exfil

CyberSift-Alerts A repository containing documentation on alerts generated by CyberSift Table Of Contents SWIFT Abnormal Login Privileges SWIFT Abnormal Login Source SWIFT Abnormal Login Time SWIFT Rare Event Windows Context Addition Windows Logon Events FileDeletion Sysmon CACTUSTORCH Remote Thread Creation CMSTP Execution CobaltStrike Process Injection DHCP Cal

Red-Team-OPS-Modern-Adversary A source of information, training, completely free material as well as open source and commercial tools that will help you in the training and execution of Red Team operations and adversary simulations This repository seeks to help prepare and support the community in the need for free knowledge If you want to contribute to this cause, send us a

Pentesting Pratic Notes (Cheatsheet) File detect and extractor: file targetFile strings targetFile | grep flag strings -o targetFile strings -a targetFile strings -t d targetFile strings -f targetFile strings targetFile | more more targetFile binwalk targetFile binwalk -e targetFile binwalk -e -c targetFile binwalk --dd='*' targetFile unzip targetFile fcrackzip

Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.

CSIRT *Please contribute through pull requests- ;) Another great list: awesome-incident-response Books Nice list here by CertBR Practical Cryptography for Developers, github The Book of Secret Knowledge Security Engineering — Third Edition The Cyber Plumber's Handbook Links FIRST CertBR - useful links 7º Fórum Brasileiro de CSIRTs 9º Fó

office-exploits 本仓库维护目前已知的 MS Office 漏洞，欢迎大家提交 pull request 漏洞列表 CVE-2017-8570 CVE-2017-8759 CVE-2017-11882 CVE-2018-0802 DDEAUTO 其他通过注入执行命令的方式其他漏洞以下漏洞还未测试 CVE-2017-0199 thom-s/docx-embeddedhtml-injection - This PowerShell script exploits a known vulnerability in Word 2016 docum

office

区块链生态被黑统计

区块链生态被黑统计参考来源 EOS 假充值(hard_fail 状态攻击)红色预警细节披露与修复方案 paperseebugorg/853/ 渗透测试不同阶段的工具收集整理侦察阶段主动情报收集 EyeWitness：可用于网站截图，以及提供一些服务器头信息，并在可能的情况下识别默认凭据。githubcom/ChrisTruncer/

A collection of open source and commercial tools that aid in red team operations.

Pentesting Pratic Notes

A repository containing documentation on alerts generated by CyberSift

Red Team Tool Kit

This tool kit is very much influenced by infosecn1nja's kit Use this script to grab majority of the repos NOTE: hard coded in /opt and made for Kali Linux Total Size (so far): 25+Gb Install Guide: apt -y install git apache2 python-requests libapache2-mod-php python-pymssql build-essential python-pexpect python-pefile python-crypto python-openssl libssl10-dev libffi-dev

A collection of open source and commercial tools that aid in red team operations.

Red Teaming/Adversary Simulation Toolkit A collection of open source and commercial tools that aid in red team operations This repository will help you during red team engagement Contents Reconnaissance Weaponization Delivery Command and Control Lateral Movement Establish Foothold Escalate Privileges Data Exfiltration Misc References Reconnaissance Active Intelligence Gathe

This tool kit is very much influenced by infosecn1nja's kit Use this script to grab majority of the repos NOTE: hard coded in /opt and made for Kali Linux Total Size (so far): 25G Contents Reconnaissance Weaponization Delivery Command and Control Lateral Movement Establish Foothold Escalate Privileges Data Exfiltration Misc References Reconnaissance Active Intelligenc

office-exploits Office漏洞集合 https://www.sec-wiki.com

Security Notes Palo Alto Networks has world-renowned experts supporting threat research efforts across the company The completely in-house team focuses on quickly identifying, analyzing, and creating protections for attacks as they emerge—building and enhancing the automated prevention enforced through our Security Operating Platform The team is comprised of: Threat e

ADVERSARY EMULATION MATRIX by Joas What is? Adversary emulation is a type of red team engagement that mimics a known threat to an organization by blending in threat intelligence to define what actions and behaviors the red team uses This is what makes adversary emulation different from penetration testing and other forms of red teaming Adversary emulators construct a scenario

所有收集类项目 RAT 250+ 开源远控/C&C工具，1200+ RAT分析报告\C&C相关文章等。 English Version 目录开源工具 pupy -> (1)工具 (6)文章 Covenant -> (3)工具 (18)文章 Slackor -> (1)工具 (3)文章 QuasarRAT -> (1)工具 (9)文章 EvilOSX -> (1)工具 (9)文章 Merlin -> (1)工具

APT & CyberCriminal Campaign Collection This is a collection of APT and CyberCriminal campaigns Please fire issue to me if any lost APT/Malware events/campaigns The password of malware samples could be 'virus' or 'infected' URL to PDF Tool Print Friendly & PDF Reference Resources kbandla APTnotes Florian Roth - APT Groups Attack Wiki thr

This repositories has all the best out of Bests RATs the world has ever seen

List of all the notorious RATS RAT bins by Qirit0 2500+ open source RAT/C&C tools, 1200+ blogs and video about RAT/C&C analysis Directory Popular Tools pupy -> (1)Tools (6)Post Covenant -> (3)Tools (18)Post Slackor -> (1)Tools (3)Post QuasarRAT -> (1)Tools (9)Post EvilOSX -> (1)Tools (9)Post Merlin -> (1)Tool

内容来自微信公众号:关注安全技术 Pentest_Note 声明1：依照《中华人民共和国网络安全法》等相关法规规定，任何个人和组织不得从事非法侵入他人网络、干扰他人网络正常功能、窃取网络数据等危害网络安全的活动；不得提供专门用于从事侵入网络、干扰网络正常功能及防护措施、窃�

Resources About Shellcode

所有收集类项目 Shellcode Shellcode相关资源, 150+工具, 500+文章 English Version 目录开发&&编写 shellen -> (1)工具 (2)文章漏洞开发 -> (1)工具 (13)文章编码&&解码 -> (9)工具 (14)文章 (9) 工具 (56) 文章启动&&加载&&注入&&

Author:小y 公众号:关注安全技术 wiki:wwwheresecuritywiki/ Pentest_Note 转载请随意，记得加from 声明1：依照《中华人民共和国网络安全法》等相关法规规定，任何个人和组织不得从事非法侵入他人网络、干扰他人网络正常功能、窃取网络数据等危害网络安全的活动；不得提供专门用于从�

Задание 1 Управление уязвимостями Думаю, что нет смысла говорить, что такое уязвимость, поэтому сразу к делу Управление уязвимостями - это циклический процесс, направленный на обнаружение и классификацию у

Author:小y 公众号:关注安全技术 Pentest_Note 在家无聊总结的，后续会慢慢更新。信息收集 Whois 网站IP 是否存在CDN Bypass cdn常规方式域名历史IP 网站架构/服务器指纹/CMS识别/容器子域名网站使用的CMS的官方demo站 SSL证书信息 DNS历史解析记录同服站点情况同样架构或源码的站网站js 网

Trillium-Security-MultiSploit-Tool-v6521-Full TDS - Security Account Managerdll TDS - Security Batch and Command File Exploit Generatordll TDS - Security CHM [Help-File] Exploit Generatordll TDS - Security EDGE Exploit Generatordll TDS - Security Encrypter and Decrypterdll TDS - Security Internet Explorer Exploit Generatordll TDS - Security Internet-Locati

文章出处: 微信公众号关注安全技术此项目用于速查 Attack_Notes 声明1：依照《中华人民共和国网络安全法》等相关法规规定，任何个人和组织不得从事非法侵入他人网络、干扰他人网络正常功能、窃取网络数据等危害网络安全的活动；不得提供专门用于从事侵入网络、干扰网络正常功能

Exploit Development Table of Contents General Stuff/Techniques Acquiring Old/Vulnerable Software Practice Exploit Dev/Structured Learning Exploit Dev Papers bof ROP BlindROP SignalROP JumpROP Heap Format String Integer Overflows Null Ptr Dereference JIT-Spray ASLR Kernel Exploitation Use After Free Other writing shellcode Windows Specific Linux specific Tutorials AV B

IT threat evolution in Q1 2022. Non-mobile statistics

Securelist • AMR • 27 May 2022

IT threat evolution in Q1 2022
IT threat evolution in Q1 2022. Non-mobile statistics
IT threat evolution in Q1 2022. Mobile statistics

These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data.
Quarterly figures
According to Kaspersky Security Network, in Q1 2022:

Kaspersky solutions blocked 1,216,350,437 attacks from online resources across the globe.
...

Threatpost • Elizabeth Montalbano • 23 May 2022

While most malicious e-mail campaigns use Word documents to hide and spread malware, a recently discovered campaign uses a malicious PDF file and a 22-year-old Office bug to propagate the Snake Keylogger malware, researchers have found.
The campaign—discovered by researchers at HP Wolf Security—aims to dupe victims with an attached PDF file purporting to have information about a remittance payment, according to a blog post published Friday. Instead, it loads the info-stealing malware, ...

BleepingComputer • Bill Toulas • 22 May 2022

Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware.
The choice of PDFs is unusual, as most malicious emails today arrive with DOCX or XLS attachments laced with malware-loading macro code.
However, as people become more educated about opening malicious Microsoft Office attachments, threat actors switch to other methods to deploy malicious macros and evade detection.
In a...

BleepingComputer • Bill Toulas • 11 May 2022

New activity has been observed from Bitter, an APT group focused on cyberespionage, targeting the government of Bangladesh with new malware with remote file execution capabilities.
The campaign has been underway since at least August 2021 and constitutes a typical example of the targeting scope of Bitter, which remains unchanged since 2013.
The discovery and details of this campaign come from threat analysts at Cisco Talos, who shared their report with BleepingComputer.
Cisco T...

Threatpost • Elizabeth Montalbano • 29 Apr 2022

A threat group responsible for sophisticated cyberespionage attacks against U.S. utilities is actually comprised of three subgroups, all with their own toolsets and targets, that have been operating globally since 2018, researchers have found.
TA410 is a cyberespionage umbrella group loosely linked to APT10, a group tied to China’s Ministry of State Security. The group is known not only for targeting U.S. organizations in the utilities sector, but also diplomatic organizations in the Mid...

CVE-2017-11882

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Exploits

Mailing Lists

Metasploit Modules

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect