CrushFTP Server-Side Template Injection (SSTI)
Overview SonicWall Capture Labs threat research team became aware of a fully unauthenticated server-side template injection vulnerability within CrushFTP, assessed its impact, and developed mitigation measures. CrushFTP is an enterprise file transfer tool. Such tools […]
Fake Windows Explorer Installs a Crypto Miner
Overview This week the SonicWall Capture Labs threat research team came across a sample purporting to be Windows Explorer. At a glance, everything checks out – it uses the legitimate Windows Explorer icon and the […]
Android Remote Access Trojan Equipped to Harvest Credentials
Overview The SonicWall Capture Labs threat research team has been regularly sharing information about malware targeting Android devices. We’ve encountered similar RAT samples before, but this one includes extra commands and phishing attacks designed to […]
GitLab XSS Via Autocomplete Results
Overview The SonicWall Capture Labs threat research team became aware of a cross-site scripting vulnerability in GitLab, assessed its impact and developed mitigation measures. GitLab, an open-source code-sharing platform, published an advisory on this vulnerability […]
Analysis of Native Process CLR Hosting Used by AgentTesla
Overview SonicWall Capture Labs threat research team has observed fileless .Net managed code injection in a native 64-bit process. Native code or unmanaged code refers to low-level compiled code such as C/C++. Managed code refers […]
CrushFTP Server-Side Template Injection (SSTI)May 1, 2024 - 9:45 am- Fake Windows Explorer Installs a Crypto MinerApril 30, 2024 - 3:39 pm
Vintage Bugs: Data Shows Old Vulnerabilities Still Menace...April 30, 2024 - 1:00 am- Android Remote Access Trojan Equipped to Harvest Creden...April 29, 2024 - 11:32 am
This post is also available in: Portuguese (Brazil) French German Japanese Korean Spanish