ClamAV ClamD Service

SonicWall Capture Labs Threat Research Team became aware of the ClamAV VirusEvent command injection vulnerability (CVE-2024-20328), assessed its impact, and developed mitigation measures for the vulnerability. ClamAV is a notable, open-source anti-virus engine, widely recognized […]

New LockXX Ransomware Targets Users Who Speak Standard Chinese, English

Overview This week, the SonicWall Capture Labs threat research team analyzed a ransomware targeting users who speak English and Standard Chinese. Its behavior is typical of ransomware – it encrypts the user’s files and provides […]

Microsoft Security Bulletin Coverage for February 2024

Overview Microsoft’s February 2024 Patch Tuesday has 72 vulnerabilities – 30 of which are Remote Code Execution. The vulnerabilities can be classified into the following categories: 30 Remote Code Execution Vulnerabilities 17 Elevation of Privilege […]

Wessy Ransomware Bears Striking Similarities to Uransomware

The SonicWall Capture Labs threat research team has been tracking ransomware that encrypts files and claims to charge only $100 for file retrieval.  It is written in .NET and obfuscated using Ezirizs .NET Reactor.  However, […]

Ivanti Server-Side Request Forgery to Auth-Bypass

Overview Ivanti disclosed a couple more vulnerabilities — server-side request forgery (CVE-2024-21893) and a privilege escalation (CVE-2024-21888) vulnerability. This disclosure comes only a few weeks after confirming an exploit chain impacting Ivanti Connect Secure and […]

This post is also available in: Portuguese (Brazil) French German Japanese Korean Spanish