Tag: CVE-2019-16759
A vulnerable FortiGate SSL VPN server responds to this request with contents of the sslpvpn_websession file, which contains the username and password of a user. This information can be used or sold to threat actors in order to compile brute force and credential stuffing lists. While reconnaissance campaigns do not actively exploit systems, they enable…
Read MoreThe script uses random function and variable names to avoid detection by antivirus engines. It also contains another Base64-encoded payload. The threat actor uses .Net APIs to call the Windows API. For example, the script uses the .NET API to find address of VirtualAlloc function exported by kernel32.dll. It then marshals the shellcode by using…
Read MoreRecent Posts
- Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
- CISA, Microsoft Confirm High-Severity Windows Vulnerability Exploited
- Microsoft fixes bug crashing Microsoft 365 apps when typing
- Election Cybersecurity – Canary Trap
- CISA warns of Windows flaw used in infostealer malware attacks
Recent Comments
No comments to show.