Sébastie[N] Kirche :debian: · @sebkirche
59 followers · 1520 posts · Server framapiaf.org

CVE-2023-38831: Bug Or Windows Feature? In-Depth Analysis of Winrar Vulnerability - Alee's Stories aleeamini.com/cve-2023-38831-w

#vulnerability #cve #infosec #winrar

Last updated 1 year ago

sekurak News · @sekurakbot
44 followers · 238 posts · Server mastodon.com.pl

0day w WinRAR był exploitowany od kilku miesięcy – m.in. za pomocą odpowiednio spreparowanego pliku zip

Informacja o podatności CVE-2023-38831 gruchnęła już dobrych kilka dni temu. Luka (luki) jest obecnie załatana, ale pokazały się informację o aktywnej tej eksploitacji podatności jako 0day – i to od kwietnia 2023. Na celowniku były m.in. komputery / konta osób handlujących kryptowalutami. Cały trick polegał na stworzeniu archiwum (np. zip),...

sekurak.pl/0day-w-winrar-byl-e

#wbiegu #0day #exploit #winrar

Last updated 1 year ago

「WinRAR」のリモートコード実行の脆弱性「CVE-2023-40477」を危惧する声が広がる/開発会社が詳細を公表、「UnRAR.dll」「UnRAR64.dll」には影響なし
forest.watch.impress.co.jp/doc

#forest_watch_impress #winrar #unrardll #セキュリティ #脆弱性 #windows #圧縮_解凍

Last updated 1 year ago

Franck_Raisch · @franckraisch
249 followers · 5930 posts · Server ruhr.social

ist zuelich verbreitet. Jetzt allerdings schnell nen Patch runterlesen, damit nicht fremde Mächte auf eurem Computer das Zepter übernehmen: www-bleepingcomputer-com.cdn.a

#winrar

Last updated 1 year ago

Marcel SIneM(S)US · @simsus
217 followers · 5314 posts · Server social.tchncs.de
Mr.Trunk · @mrtrunk
9 followers · 16767 posts · Server dromedary.seedoubleyou.me
FPMENSE · @fpmense
3 followers · 17 posts · Server toot.aquilenet.fr

Multiples vulnérabilités dans 6.22 , #7-Zip 23.00

Un défaut de vérification des données dans WinRAR permet à un attaquant non authentifié, en persuadant une victime d’ouvrir une archive spécifiquement forgée, d’exécuter du code arbitraire. La faille est activement exploitée : Oui Un correctif existe : Oui Une mesure de contournement existe : Non RARLAB WinRAR versions 6.22 et antérieures Un défaut de contrôle de la mémoire lors de l’analyse d’archives…

antivirus-france.com/multiples

#winrar

Last updated 1 year ago

Kevin Karhan :verified: · @kkarhan
1451 followers · 104327 posts · Server mstdn.social

@certbund : als Alternative ist davon nicht betroffen gewesen und anders als kostenlos und lizenzkonform unbegrenzt lange nutzbar!

#winrar #7zip #protip

Last updated 1 year ago

CryptoNewsBot · @cryptonewsbot
695 followers · 38362 posts · Server schleuss.online

WinRAR patches zero-day bug that targeted stock and crypto traders - According to cybersecurity firm Group-IB, weaponized ZIP file arc... - cointelegraph.com/news/winrar-

#winrar #hackers #malware #exploit #cybersecurity #vulnerability

Last updated 1 year ago

ITSEC News · @itsecbot
1433 followers · 36772 posts · Server schleuss.online

"A newly discovered in the widely used file-compression program has been exploited for four months by unknown attackers who are using it to install when targets open booby-trapped JPGs and other innocuous inside file archives."
arstechnica.com/security/2023/

#zeroday #winrar #malware #exploit #cybersecurity #vulnerability

Last updated 1 year ago

Mr.Trunk · @mrtrunk
10 followers · 16287 posts · Server dromedary.seedoubleyou.me

SecurityWeek: Traders Targeted by Cybercriminals in Attack Exploiting WinRAR Zero-Day securityweek.com/traders-targe &Threats -Day

#malware #cybercrime #exploited #zero #winrar

Last updated 1 year ago

XenoLurch🏴 · @XenoLurch
40 followers · 533 posts · Server kolektiva.social

WinRAR 0-day that uses poisoned JPG and TXT files
weaponized to rob yuppies since April.

via arstechnica.com:

“A newly discovered zero-day in the widely used WinRAR file-compression program has been exploited for four months by unknown attackers who are using it to install malware when targets open booby-trapped JPGs and other innocuous inside file archives.

The vulnerability, residing in the way WinRAR processes the ZIP file format, has been under active exploit since April in securities trading forums, researchers from security firm Group IB reported Wednesday. The attackers have been using the vulnerability to remotely execute code that installs malware from families, including DarkMe, GuLoader, and Remcos RAT.

From there, the “criminals” withdraw money from broker accounts. The total amount of financial losses and total number of victims infected is unknown, although Group-IB said it has tracked at least 130 individuals known to have been compromised. WinRAR developers fixed the vulnerability, tracked as CVE-2023-38831, earlier this month.“

arstechnica.com/security/2023/

#punchup #yuppies #0day #hackers #winrar

Last updated 1 year ago

Lup Yuen Lee 李立源 · @lupyuen
1779 followers · 18501 posts · Server qoto.org

" zero-day vulnerability ... was actively exploited to install malware when clicking on harmless files in an archive, allowing the hackers to breach online cryptocurrency trading accounts"

bleepingcomputer.com/news/secu

#winrar

Last updated 1 year ago

Tech news from Canada · @TechNews
973 followers · 26101 posts · Server mastodon.roitsystems.ca
IT News · @itnewsbot
3656 followers · 271187 posts · Server schleuss.online

WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April - Enlarge (credit: Getty Images)

A newly discovered zeroday in t... - arstechnica.com/?p=1962625

#winrar #biz #zeroday #exploit #zipfiles #security #vulnerability

Last updated 1 year ago

Manny James · @iammannyj
78 followers · 230 posts · Server fosstodon.org

Hackers exploit WinRAR zero-day bug to steal funds from broker accounts tcrn.ch/44g3hiU

#winrar #cybersecurity

Last updated 1 year ago

Mr.Trunk · @mrtrunk
9 followers · 15988 posts · Server dromedary.seedoubleyou.me

SecurityOnline: CVE-2023-40477: WinRAR Code Execution Vulnerability securityonline.info/cve-2023-4 -2023-40477

#cve #vulnerability #winrar

Last updated 1 year ago

Mr.Trunk · @mrtrunk
9 followers · 15915 posts · Server dromedary.seedoubleyou.me

TechcrunchSecurity: Hackers exploit WinRAR zero-day bug to steal funds from broker accounts techcrunch.com/2023/08/23/winr -dayflaw

#cybersecurity #vulnerability #zero #security #winrar

Last updated 1 year ago