.NET Nanocore Trojan

/in /by

Overview:

The SonicWall Capture Labs Threat Research Team would like to showcase the following spear phishing attempt with the attached .NET Nanocore Trojan. The following email details are below:

From: “E… V…”<a…@g…co.tz”
Subject: contract proposal
Date and Time: 03 Jan 2019 19:10:10 -0800

Dear sir/ma

Please find enclosed contract proposal for your reference with out legal teams input, please feel free to contract us if you have any question.

Regards,
E… V…
1… 25th St., MO xxx, MISSOURI, UNITED STATE
MOBILE NO: 1 8xx xxx xxxx

This picture explains the email in more detail:

This email was attached with the following binary data:
Content-Type: application/occtet-stream; name=”New Proposal_2019.lzh”
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=”New Proposal_2019.lzh”

Compressed Static Information:

Decompressed Static Information:

Decrypted Static Information:

Unpacking & Decrypting The Sample:

The encryption used is called “Rijndael” selected by (NIST) as the candidate for the Advanced Encryption Standard (AES). The key and IV, uses 16 bytes or you can say it’s 128 bit. The mode used is called “CBC” which stands for “Cipher Block Chaining”. The Sample also uses RSA Security LLC standard called “PKCS7”. The Cryptographic Message Syntax Standard.


Host-Based Persistence:

Once decrypted, it will copy the executable to the “Startup” Folder and add the “-boot” parameter.

Registry Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Application

It also copies itself to the following location and renames itself.

Registry Location: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\UDP Subsystem

Active Network Information:

This sample, connects to (i.89.35.228.199.use.teentelecom.net:3365).
The port 3365 is known as a “Content Server”. This will download and upgrade files on the host machine.

SonicWall, Gateway Anti-Virus (GAV), provides protection against this threat:

  • GAV: NanoBot.RAR (Trojan)
  • GAV: NanoBot.RSM (Trojan)

Obfuscated JavaScript with debugging protection techniques being used to distribute GandCrab V5.1 ransomware

/in /by

SonicWall RTDMI engine has recently detected a surge in archive files (~9000-15000 Bytes in size) floating in the network. Below is a flow of execution for this threat:

 

Unavailability of the archive file in any of the popular threat intelligence sharing portals like the VirusTotal and the ReversingLabs indicates its uniqueness and limited distribution:


 

The archive files carry a JavaScript file:

The JavaScript file has obfuscated code:


The JavaScript file also contains debugging protection code which makes debugging more difficult as it generates “debugger” statements at runtime:



The JavaScript file uses PowerShell.exe to download a second stage malware which on further analysis is found to be a downloader:



The second stage downloader downloads a variant of a popular ransomware family “GandCrab”:



(Malicious URL seen in memory)

The GANDCRAB family is known for asking ransom from the victim after file encryption.



(Ransom note)

Evidence of the detection by RTDMI engine can be seen below in the Capture ATP report for this file:

 

Houdini and jRat Trojans found double teaming in the wild

/in /by

The Sonicwall Capture Labs Research team has come across a spam campaign distributing not just one but two Remote Access Trojans (RATs). Both RATs have historically been seen propagated through spam independently as an email attachment in a variety of forms such as benign looking shipment notification, payment notice, receipts, invoices, statements or quotations. This time, the propagation method was not any different.

Infection cycle:

The main installer file comes as an email attachment in a Java archive file format (JAR). Once executed,it will drop two remote access Trojans – Houdini and jRat. During our analysis it created the following files in the %APPDATA% and %USERS% directories.

  • %APPDATA% /microsoftkey.jar [Detected as GAV: jRat.A_3 (Trojan)]
  • %APPDATA% /ntfsmgr.jar [Detected as GAV: jRat.A_2 (Trojan)]
  • %APPDATA% /fifpdvUqdn.vbs [Detected as GAV: Houdini.VBS (Trojan)]
  • %USERS% /nixfeknwve.vbs [Detected as GAV: Houdini.VBS (Trojan)]

The two Trojans are then executed simultaneously using javaw.exe and wscript.exe. The following registry keys were also added to ensure persistence for both Trojans and will allow them to run after each reboot:

  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run fifpdvUqdn  exe //B “%APPDATA%\fifpdvUqdn.vbs”
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run ntfsmgr “C:\Program Files\Java\jre7\bin\javaw.exe” -jar “%APPDATA%\ntfsmgr.jar”

The jRAT components are easily identified by directory names – “blaz42” and “qt314” which contains class files.

In our example ntfsmgr.jar is the main file which then drops the secondary jar file – microsoftkey.jar. They contain several classes that are platform-specific implementations of the malware capabilities with the screenshot below showing supported platforms.

And below is a list of its functionalities which include playing sound/audio, sending files to remote servers, examining the victim’s network configurations, running arbitrary commands, image capturing, stealing passwords, etc.

While Houdini is a base64-encoded VB script that when decoded reveals the name “Houdini” within its code.

Upon execution it connects to a remote server goz.unknowncrypter.com.

Some of the sub function names within the script gives us a picture of this Trojan’s capabilities:

  • Information – operating system information gathering, get volume serial number
  • Site-send – send data to remote server
  • Cmd – execute commands using cmd.exe
  • Enumprocess – list all running processes
  • Uninstall – delete registry keys and delete files
  • Security – get OS version and security center info
  • Fileurl/filedir – http download and save file
  • Upload – send post data using http
  • set objwmiservice

SonicWall Capture Labs provide protection against this threat via the following signatures:

  • GAV: jRat.A_2 (Trojan)
  • GAV: jRat.A_3 (Trojan)
  • GAV: Houdini.VBS(Trojan)

Cyber Security News & Trends – 01-18-19

/0 Comments/in /by

This week, one city is back to using pen and paper after a ransomware attack, cybercriminals utilize popular video game Fortnite in a money laundering scam and construction industry cranes are alarmingly vulnerable to being hacked.

SonicWall Spotlight

SSL, TLS Certificates Expiring on US Government Sites During Federal Shutdown – SonicWall Blog

  • SonicWall’s Brook Chelmo explains why US Government websites are starting to suffer during the ongoing Government Shutdown, explaining that security certificates are not being updated and what kind of messages you might be seeing as a result.

Cyber Security News

Hack Brief: An Astonishing 773 Million Records Exposed in Monster Breach – Wired

  • Wired details the mega-breach where at least 773 million emails and 21 million unique passwords have been released in a folder called “Collection #1.” Some are calling this the largest collection of breached data ever found, although it should be noted that Collection #1 is a compilation of both old and new leaked details.

Fortnite Is Being Used by Criminals to Launder Cash Through V-Bucks – ZDNet

  • Criminals have been using the in-game currency in Fortnite for laundering money from stolen cards. It is not known exactly how much profit the cybercriminals have made, but Fortnite coins sold on eBay alone have grossed over $250,000 in two months.

Defense Department Continuously Challenged on Cybersecurity – Security Week

  • A report has revealed that while the U.S. Department of Defense has been making strides to improve their cybersecurity stance, they are still struggling. In September of last year there were 266 open cybersecurity‑related recommendations, some dating as far back as 2008.

NotPetya Victim Mondelez Sues Zurich Insurance for $100 Million

  • Zurich insurance rejected a $100 million claim by Mondelez saying that since the NotPetya ransomware attack has been seen by some, including the UK government, as a Russian military attack it is not covered by standard insurance against malware. Mondelez are taking legal action in response.

Oklahoma Gov Data Leak Exposes FBI Investigation Records, Millions of Department Files – ZDNet

  • A storage server belonging to the Oklahoma Department of Securities was found with terabytes of confidential data exposed and accessible to the public.

Yes, You Can Remotely Hack Factory, Building Site Cranes. Wait, What? – The Register

  • Cybersecurity protection on cranes, drilling rigs, and other heavy machinery has been found to be severely lacking with a report into the area finding that none of the radio remote controllers investigated had “implemented any protection mechanism to prevent unattended reprogramming.”

WEF: Cyber-Attacks a Major Global Risk for Next Decade – Infosecurity Magazine

  • The World Economic Forum released a reporting stating that cyberattacks remain as one of the risks facing the world today with 82 percent of those queried stating they expect data and monetary theft attacks to increase.

Ransomware Attack Sends City of Del Rio Back to the Days of Pen and Paper – ZDNet

  • Officials at Del Rio, Texas, had to abandon their computers and switch to pen and paper after a ransomware attack last week. It has not been revealed who is behind the ransomware but the FBI have been informed and are investigating.

Emotet Malware Returns to Work After Holiday Break – BankInfoSecurity

  • Whether coincidence or a sign that the criminals were actually on holidays, a number of malware strains including Emotet have returned in 2019 after falling out of use towards the end of the year. BankInfoSecurity trace the history and usage of Emotet, including information on where in the world it has and has not been striking.

In Case You Missed It

This Android adware bombards the infected device with a flood of advertisements

/in /by

SonicWall RTDMI engine recently detected an AndroidAdware which has an app  icon that looks similar to the Settings app icon. The non-existence of this malicious file at the time of detection on popular malware search portals like the VirusTotal and the Reversing Labs indicates the effectiveness of the RTDMI engine.

When a user clicks on the app icon, it starts its execution in the background and hides itself from the app list as shown below:

It then connects to a malicious URL, sends victim’s device information and saves the response data into a file named “Config” as shown below:

The response data from the server is in JSON format which contains events to identify the victim’s device’s Internet connectivity type (WiFi, Mobile Data) as shown below:

Depending on the victim’s connectivity type, a malicious URL is opened and the victim is flooded with random ads as shown below:

Indicators of Compromise:

  • 26488553f71a7abd93ce5710d59462e63aa9fd050d0ce2d2906fe6e61854537d
  • 0dd8b10e28064f2313f00077878ae4ac5294e0127678f99dfcfea2a078a1dfdc
  • 149a8c0006b0e6a9a9a101b7fdbc14c18ebca68c520c6114a75730bb7f0972bd
  • 1a5df9c0ef2630562548c3e00468ff3751aa2852bd0edbdfae7da84581d19084
  • 21af8c88f65b04c68b46f7f03e2e61a67b8668bab8350883ad83409369c7bba2
  • 3427219c03d7d06b209ad951932e311e6d585f69460da1cf3ba4631d0dee97f7
  • 4c8046e9e1726a9f5fbfa254e341e49d8f6889ed599600d4c1950c4b16fd8e36
  • 51178010b9ffc2e14aaddf47310b2ce7de98860c8fd9d33d7e4da81c6c1f71aa
  • 829226de4d2c91744438e549dac7a6bacea63a4796e345bedf9ec7e54c6a3ba2
  • 8a6418a0f647efd5470106c192c9366243e1ab979e48658bb790affafd724de6
  • c5a195275cca84707878f5c5b6e802a7612a35d168bfd7dee419499094729683
  • d1542dba9da8c3154d4a45e53a62ff9653881f775d5da72e4b6428483e427584
  • e271c4e9c432bb816e028e506b69f341472dfe7e502b1c7ce6462ff60032d5d3
  • e446d7e8e4af373d474b493c744884ad46e5d450083fd7589b23e136f0678853
  • f32c8320446da90a72fc8cea3f3c928735a5dc239ec7f72e0d26df41372332b0

Shown below is the Capture ATP report of the malicious APK file detected by the RTDMI engine:

 

SSL, TLS Certificates Expiring on US Government Sites During Federal Shutdown

/2 Comments/in , /by

The short- and long-term impacts of the U.S. Federal Government shutdown have been well documented during the last month. Government employees aren’t receiving paychecks. National parks are being vandalized. Air travel could soon been at risk.

But as the shutdown carries on, the trust and security of the government’s online presence is eroding, too. Many government sites aren’t being updated, support and communication is unavailable, and some are completely inaccessible to visitors. And across a handful of government sites (e.g., .gov domains), SSL and TLS digital certificates are beginning to expire.

According to ZDNet, more than 80 TLS certificates have expired across dozens of government sites. The government employees who typically manage these sites simply aren’t working, so basic management tasks, including certificate renewal, are causing widespread accessibility and security issues.

Digital certificates are the backbone of online digital trust. This is particularly critical for the government’s online presence — not just for peace of mind, but to help ensure critical sites, tools and services aren’t compromised during the shutdown.

A note on the U.S. Department of Homeland Security alerts visitors to lack of funding and management.

Transport Layer Security (TLS) and Secure Sockets Layer (SSL) certificates are the encryption standards used to protect data-in-motion sent over the public internet. SSL/TLS secures a growing amount of enterprise traffic and makes up the majority of network traffic in some verticals, including the government. According to SonicWall data, nearly 75 percent of all traffic is now encrypted.

Expired certificates are annoying to the end user, but there can be serious security ramifications. So much so, some sites have implemented HSTS (HTTP Strict Transport Security) per guidelines from the National Institute of Standards and Technology (NIST) to protect against downgrade attacks.

For example, Firefox and Chrome browsers use the HSTS protocol. In this scenario, if a site also uses HTTP, users can’t access the site with an expired certificate. The ramifications of expired certificates are broad, but typical user experiences include:

  • Inability to access a site
  • Warnings that the connection and data aren’t safe
  • If warnings are bypassed, data may be transmitted unencrypted (i.e., in the clear)
  • End-users begin to train themselves to ignore these warnings in the future

Message shown by the Chrome browser on a subdomain for a U.S. government site with an expired certificate.

For users who receive certificate alerts or warnings, SonicWall recommends they do not bypass errors during the U.S. government shutdown; if you do proceed know that data is likely unencrypted and at risk. Enterprises should have consistent and established best practices in place for certificate management, which will identify certificates nearing renewal and ensure they’re renewed in a timely fashion.

White Paper: Understanding Encrypted Threats

SSL/TLS and HTTPS encryption technology offers protection against hacking and its use is growing exponentially. But cybercriminals have learned to leverage encryption as an effective method to hide malware, ransomware, spear-phishing, zero-day, data exfiltration, rogue sites and other attacks. Fortunately, advanced network security with deep packet inspection of SSL/TLS and HTTPS traffic is now available to protect against encrypted threats.

GET THE PAPER

December 2018 Cyber Threat Data: Ransomware Peaking Globally

/0 Comments/in /by

We finished off 2018 with an in-depth focus on Cyber Monday and the threats over the holiday period. Now that we are into 2019 we are able to take the full month into consideration and we can see some familiar increases, both over the month itself and generally speaking for the year. First, some figures:

Globally, the SonicWall Capture Threat Network, which includes more than 1 million sensors across the world, recorded the following 2018 year-to-date attack data through December 2018:

  • 10.5 billion malware attacks (22 percent increase from 2017)
  • 3.9 trillion intrusion attempts (38 percent increase)
  • 328.5 million ransomware attacks (120 percent increase)
  • 2.8 million encrypted threats (27 percent increase)

In December 2018 alone, the average SonicWall customer faced:

  • 1,542 malware attacks (33 percent decrease from December 2017)
  • 784,602 intrusion attempts (9 percent increase)
  • 43 ransomware attacks (153 percent increase)
  • 107 encrypted threats (81 percent decrease)
  • 15 phishing attacks, on average, each day (23 percent increase)

Ransomware Sticks

As we see, the overall number of malware attacks, especially encrypted threats, were down in December 2018 compared to the year before, but in both the yearly and monthly figures one familiar figure looms: ransomware.

Break it down into regions and a complex story emerges; ransomware attacks in America and Europe varied greatly throughout the year. For example, the figures in Europe actually came in less than the year before for five out of the 12 months. However, Asia Pacific saw what could be described as a meteoric rise throughout the whole year where there wasn’t a single month where numbers were comparatively less than 2017.

In December 2018 specifically, it was not a good month to be unprotected in any of the regions; all geographical areas saw huge increases in ransomware attacks:

  • North America: 276 percent increase
  • Europe: 122 percent increase
  • Asia Pacific: 249 percent increase.

To just take one of the regions in real figures, this comes in at 3,496,448 more cases of ransomware in Asia Pacific in December 2018 compared to the year before.

Ransomware Attacks Up

In December 2018, there were 3.5 million more ransomware attacks detected in the Asia Pacific region compared to 2017.

Malware Cocktails

It can be hard to pinpoint exactly the reasons for such an increase, but one thing SonicWall spent 2017 and 2018 consistently calling out was the rise of malware cocktails, many of which were developed following the success of WannaCry, NotPetya and Bad Rabbit in previous years. Looking at the numbers, we see these were not idle mentions. December 2018 saw almost 30,000 new variants appear in the wild, up 75 percent from the year before.

To protect your organization against evolving attack volume and sophistication, consider the SonicWall Capture Advanced Threat Protection sandbox service with Real-Time Deep Memory Inspection Technology (RTDMI™), which discover and stop previously unknown ransomware variants.

  SonicWall Capture Security Center

SonicWall cyber threat intelligence is available in the SonicWall Security Center, which provides a graphical view of the worldwide attacks over the last 24 hours, countries being attacked and geographic attack origins. This view illustrates the pace and speed of the cyber arms race.

The resource provides actionable cyber threat intelligence to help organizations identify the types of attacks they need to be concerned about so they can design and test their security posture ensure their networks, data, applications and customers are properly protected.

Cyber Security News & Trends – 01-11-19

/1 Comment/in /by

Adware apps downloaded by millions, German politicians have their data leaked, and how is the government shutdown affecting cybersecurity? SonicWall has collected this week’s best cybersecurity stories, just for you.

SonicWall Spotlight

What Is Driving the Workforce of the Future? – IT News Africa

  • SonicWall threat data is used to examine the potential dangers of a workforce dependent on the Internet of Things and 5G mobile connection.

Cyber Security News

German Man Confesses to Hacking Politicians’ Data, Officials Say – New York Times

  • The December leak of the personal information of German politicians was carried out by a young German student who used very basic techniques like guessing the passwords. The authorities are treating him as a juvenile and he has been released while the investigation is ongoing.

Google Removes 85 Adware Apps That Were Installed by Millions of Users – ZDNet

  • Google removed 85 apps from the Play Store after complaints that they were blatantly adware where every page on the apps triggered a full screen advert. At the time of removal one of the apps had already been downloaded over five million times.

Class-Action Lawsuit Filed Over Marriott Data Breach Washington Times

  • 76 plaintiffs from all 50 states, the District of Columbia, Puerto Rico and the U.S. Virgin Islands are suing Marriott International Inc. in federal court over the data breach in 2018 that saw millions of people’s data released.

Who Should Be Responsible for Protecting Our Personal Data?World Economic Forum

  • The World Economic Forum explores the growing cybersecurity challenges that are presented by the fact that 89% of Americans and 70% of Europeans use the internet daily, and half the world’s population is online in some way. They ask if governments are reacting fast enough to the changes and if cybersecurity is a personal or public responsibility.

Zeroday Exploit Prices Are Higher Than Ever, Especially for iOS and Messaging Apps – ArsTechnica

  • The going rate for a zero-day jailbreak for Apple’s iOS is currently as high as $2 million. That’s the highest end of the scale but the market for exploits has been going higher and higher with no sign of leveling off.

U.S. Initiative Warns Firms of Hacking by China, Other Countries – Reuters

  • A new initiative by The National Counter-Intelligence and Security Center (NCSC) has been launched, aimed with improving cybersecurity in U.S. companies. Videos, brochures, and online informational materials have all been made available in an attempt to address ongoing concerns that many companies are not currently doing enough to protect themselves from cyberthreats.

Cybersecurity May Suffer as Shutdown Persists – Roll Call

  • The partial government shutdown may be leaving departments open to cybersecurity risks since many of the shutdown departments are on the “hit-list for hackers.” As more time passes there is a fear that minor setbacks may become irreversible.

This Old Ransomware Is Using an Unpleasant New Trick to Try and Make You Pay Up – ZDNet

  • First spotted in 2016, Cryptomix is a ransomware that seemed to have disappeared until it was rediscovered recently with a new distasteful trick; using information scraped from children’s charity organizations to make it seem like the ransom payment will be used to help people in need.

  The Cybersecurity Skills Shortage Is Getting Worse – CSO Online

  • With 53 percent of respondents of one survey reporting a problematic shortage of people with the right skills, the cybersecurity job situation is seen by some as actively getting worse rather than better. CSO Online recommend massive federal leadership, a more thorough public/private partnership and an integrated industry effort to solve the problem.

In Case You Missed It

2018 Holiday Cyber Threat Data: Final Analysis Shows Big Ransomware Spikes in US, UK

/2 Comments/in /by

It’s no secret that consumers flock to online retailers during the holiday shopping season between Thanksgiving and the New Year.

Last month, SonicWall provided deep cyber threat data for the nine-day window that included Black Friday and Cyber Monday in the U.S. Over this specific period, SonicWall Capture Labs threat researchers found that SonicWall customers faced 91 million malware attacks (34 percent decrease over 2017) and 889,933 ransomware attacks (432 percent increase over 2017).

But cyberattacks are hardly static. And they definitely don’t cease once Cyber Monday comes and goes. For this reason, SonicWall collected and analyzed threat data from the full December holiday shopping season to complement its Cyber Week threat analysis.

In the U.S., ransomware and phishing volume more than doubled compared to 2017, while malware was slightly down. In December alone, SonicWall Capture Labs threat researchers recorded:

  • 2.7 million ransomware attacks (up 177 percent)
  • 276.4 million malware attacks (down 27 percent from 2017)
  • 797,607 phishing attacks (up 116 percent)

In the U.K., ransomware spiked four-fold while malware and phishing attacks were relatively flat. For December, SonicWall Capture Labs logged:

  • 527,734 ransomware attacks (up 432 percent)
  • 52.1 million malware attacks (down 2 percent from 2017
  • 30,740 phishing attacks (no increase over 2017)

SonicWall will soon publish additional global December cyber threat data across all attack types, including encrypted threats, intrusion attempts and web application attacks.

Real-Time Threat Intelligence with SonicWall Capture Security Center

SonicWall cyber threat intelligence is available in the SonicWall Capture Security Center, which provides a graphical view of the worldwide attacks over the last 24 hours, countries being attacked and geographic attack origins.

The SonicWall Capture Security Center provides actionable cyber threat intelligence to help organizations identify the types of attacks they need to be concerned about so they can design and test their security posture ensure their networks, data, applications and customers are properly protected.

Exclusive Video: SonicWall CEO Bill Conner & CTO John Gmuender

SonicWall President and CEO Bill Conner and CTO John Gmuender walk you through the current cyber threat landscape, explore the importance of automated real-time breach detection and prevention, and address how to mitigate today’s most modern cyberattacks.

Microsoft Security Bulletin Coverage for January 2019

/in /by

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of January 2019. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2019-0536 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0537 Microsoft Visual Studio Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0538 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0539 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13979 : Chakra Scripting Engine Memory Corruption Vulnerability (JAN 19) 3
CVE-2019-0541 Internet Explorer Remote Code Execution Vulnerability
IPS 13980 : Internet Explorer Remote Code Execution Vulnerability (JAN 19) 1
CVE-2019-0543 Microsoft Windows Elevation of Privilege Vulnerability
ASPY 5363 : Malformed-File exe.MP.49
CVE-2019-0545 .NET Framework Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0546 Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0547 Windows DHCP Client Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0548 ASP.NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0549 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0550 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0551 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0552 Windows COM Elevation of Privilege Vulnerability
ASPY 5364 : Malformed-File exe.MP.50
CVE-2019-0553 Windows Subsystem for Linux Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0554 Windows Kernel Information Disclosure Vulnerability
ASPY 5365 : Malformed-File exe.MP.54
CVE-2019-0555 Microsoft XmlDocument Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0556 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2019-0557 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2019-0558 Microsoft Office SharePoint XSS Vulnerability
There are no known exploits in the wild.
CVE-2019-0559 Microsoft Outlook Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0560 Microsoft Office Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0561 Microsoft Word Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0562 Microsoft SharePoint Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0564 ASP.NET Core Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-0565 Microsoft Edge Memory Corruption Vulnerability
IPS 13976 : Microsoft Edge Memory Corruption Vulnerability (JAN 19) 1
CVE-2019-0566 Microsoft Edge Elevation of Privilege Vulnerability
ASPY 5362 : Malformed-File exe.MP.48
CVE-2019-0567 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13977 : Chakra Scripting Engine Memory Corruption Vulnerability (JAN 19) 1
CVE-2019-0568 Chakra Scripting Engine Memory Corruption Vulnerability
IPS 13978 :Chakra Scripting Engine Memory Corruption Vulnerability (JAN 19) 2
CVE-2019-0569 Windows Kernel Information Disclosure Vulnerability
ASPY 5358 :Malformed-File exe.MP.47
CVE-2019-0570 Windows Runtime Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0571 Windows Data Sharing Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-0572 Windows Data Sharing Service Elevation of Privilege Vulnerability
ASPY 5359 :Malformed-File exe.MP.51
CVE-2019-0573 Windows Data Sharing Service Elevation of Privilege Vulnerability
ASPY 5360 : Malformed-File exe.MP.52
CVE-2019-0574 Windows Data Sharing Service Elevation of Privilege Vulnerability
ASPY 5361 :Malformed-File exe.MP.53
CVE-2019-0575 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0576 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0577 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0578 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0579 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0580 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0581 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0582 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0583 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0584 Jet Database Engine Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0585 Microsoft Word Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-0586 Microsoft Exchange Memory Corruption Vulnerability
There are no known exploits in the wild.
CVE-2019-0588 Microsoft Exchange Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-0622 Skype for Android Elevation of Privilege Vulnerability
There are no known exploits in the wild.