Tag Archives: Trendmicro

Trending vulnerabilities of July according to Positive Technologies

Leave a reply

Trending vulnerabilities of July according to Positive Technologies.

The SecLab film crew went on vacation. Therefore, there was a choice: to skip the episode of “In the trend of VM” about the July vulnerabilities, or to make a video myself. Which is what I tried to do. And from the next episode we will return to SecLab again.

📹 Video “In The Trend of VM” on YouTube
🗞 A post on Habr (rus) a slightly expanded script of the video
🗒 A compact digest (rus) on the official PT website

List of vulnerabilities:

🔻 00:33 Spoofing – Windows MSHTML Platform (CVE-2024-38112)
🔻 02:23 RCE – Artifex Ghostscript (CVE-2024-29510)
🔻 03:55 RCE – Acronis Cyber Infrastructure (CVE-2023-45249)

English voice over was generated by my open source utility subtivo (subtitles to voice over)

На русском

What is known about Spoofing – Windows MSHTML Platform (CVE-2024-38112) from the July Microsoft Patch Tuesday?

Leave a reply

What is known about Spoofing - Windows MSHTML Platform (CVE-2024-38112) from the July Microsoft Patch Tuesday?

What is known about Spoofing – Windows MSHTML Platform (CVE-2024-38112) from the July Microsoft Patch Tuesday?

🔻 According to Check Point, attackers use special “.url” files with icons that look like PDF documents. If the user clicks on the file and ignores 2 uninformative warnings, then a malicious HTA application is launched in the outdated Internet Explorer browser built into Windows. 😱 Why in IE? This is all due to the processing of the “mhtml:” prefix in the “.url” file. The July update blocks this. 👍

🔻 Check Point found “.url” samples that could date back to January 2023. According to Trend Micro, the vulnerability is exploited by the APT group Void Banshee to install the Atlantida Stealer malware and collect passwords, cookies and other sensitive data. Void Banshee add malicious “.url” files to archives with PDF books and distribute them through websites, instant messengers and phishing.

На русском

Is it possible to detect Zero Day vulnerabilities with Vulnerability Management solutions?

Leave a reply

Is it possible to detect Zero Day vulnerabilities with Vulnerability Management solutions? Hello everyone! In my English-language telegram chat avleonovchat, the question was asked: “How to find zero day vulnerabilities with Qualys?” Apparently this question can be expanded. Not just with Qualys, but with any VM solution in general. And is it even possible? There was an interesting discussion.

Alternative video link (for Russia): https://vk.com/video-149273431_456239109

Image generated by Stable Diffusion 2.1: “calendar on the wall cyber security vulnerability zero day”

The question is not so straightforward. To answer it, we need to define what a Zero Day vulnerability is. If we look at wikipedia, then historically “0” is the number of days a vendor has to fix a vulnerability.

“Eventually the term was applied to the vulnerabilities that allowed this hacking, and to the number of days that the vendor has had to fix them.”

Continue reading