CVE-2023-2825: Gitlab Arbitrary file Read via uploads Path Traversal

GitLab is a web-based platform for version control, CI/CD pipelines and collaboration on software development projects.  An arbitrary path traversal vulnerability has been recently reported in the GitLab Community Edition

Share
CVE-2023-33246: Apache RocketMQ Remote Code Execution Vulnerability

Apache RocketMQ is one of the most popular and widely used distributed messaging and streaming platforms. A command execution vulnerability has been recently reported in Apache RocketMQ affecting version 5.1.0

Share
Using ChatGPT to Generate Native Code Malware

The capabilities of OpenAI’s large language model have astounded, delighted and (at times) horrified those who have tried it. Much ink has been spilled speculating which professions will be replaced

Share
Uncovering the Dark Side of Email Traffic

Email is an essential service for companies and individuals. Billions of emails are exchanged daily, and within a portion of those emails lurk malware aimed at compromising your organization’s network

Share
A Custom Python Backdoor for VMWare ESXi Servers

In October 2022, Juniper Threat Labs discovered a backdoor implanted on a VMware ESXi virtualization server. Since 2019, unpatched ESXi servers have been targets of ongoing in-the-wild attacks based on

Share
Asbit: An Emerging Remote Desktop Trojan

Introduction   Juniper Threat Labs is currently monitoring an emerging Chinese Remote Desktop Trojan called Asbit. It’s a remote access Trojan being advertised on its developer’s website as a “Fast

Share
CVE-2022-30190: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

A zero-day vulnerability was discovered on Microsoft Windows Support Diagnostic Tool (MSDT).  On May 27, a researcher who goes by the twitter handle nao_sec discovered an interesting Microsoft Word document

Share
Muhstik Gang targets Redis Servers

Juniper Threat Labs has uncovered an attack that targets Redis Servers using a recently disclosed vulnerability, namely CVE-2022-0543. This vulnerability exists in some Redis Debian packages. The attack started on

Share
Log4j Attack Payloads In The Wild

Juniper Threat Labs compiled a list of the payloads from log4j attacks we have seen as of 12/16. Most of the payloads install malware such as Muhstik, Kinsing, Mirai and

Share
Log4j Vulnerability: Attackers Shift Focus From LDAP to RMI

In a previous post, we discussed the Log4j vulnerability CVE-2021-44228 and how the exploit works when the attacker uses a Lightweight Directory Access Protocol (LDAP) service to exploit the vulnerability.

Share