We often see hackers reusing the same malware, with only a few new adjustments to obfuscate the code so that it is more difficult for scanning tools to detect. However, sometimes entirely new attack tools are created and deployed by threat actors who don-t want to rely on obfuscating existing malware.
https://blog.sucuri.net/2020/10/r_evil-wordpress-hacktool-malicious-javascript-injections.html
Zahlreiche neue Fake-Shops locken mit günstigen Angeboten und gutem Kundendienst
We continue to describe our approaches to searching for vulnerabilities in industrial systems based on the OPC UA protocol. In this article, we examine new techniques that can be used to search for memory corruption vulnerabilities if the source code is available. We also discuss an example of fuzzing using libfuzzer.
https://ics-cert.kaspersky.com/reports/2020/10/19/practical-example-of-fuzzing-opc-ua-applications/
Vulnerabilities
VMware Horizon Server and VMware Horizon Client updates address multiple security vulnerabilities (CVE-2020-3997, CVE-2020-3998)
VMware Horizon Server does not correctly validate user input. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.1.
https://www.vmware.com/security/advisories/VMSA-2020-0024.html