-
Vulnerability in Apereo CAS software
CERT Poland has received a report about vulnerability in the Apereo CAS software and assigned it the number CVE-2023-4612.
Read more -
Malware stories: Deworming the XWorm
XWorm is a multi-purpose malware family, commonly used as RAT. This post contains a detailed analysis and walk-through the reverse-engineering process.
Read more -
Vulnerability in SmodBIP software
Cross-Site Request Forgery vulnerability has been found in SmodBIP software (CVE-2023-4837).
Read more -
Vulnerability in UptimeDC software
CERT Poland has received a report about vulnerability in the UptimeDC software and assigned it the number CVE-2023-4997.
Read more -
Unpacking what's packed: DotRunPeX analysis
When, what and why As a national CERT we analyse all kinds of incidents. Some of them involve widespread APT campaigns, othertimes we just focus on everyday threats. Recently we got notified about a new malspam campaign targeting Polish users and decided to investigate. It all started with this phishing …
Read more -
Vulnerability in lua-http library
CERT Poland has received a report about vulnerability in the lua-http Library and assigned it the number CVE-2023-4540.
Read more -
CERT Polska will contribute to the CVE vulnerability database
From the beginning of August, CERT Polska, as the only institution in Poland and one of 7 CERTs in Europe, can assign CVE numbers, which are used to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
Read more -
Malspam campaign delivering PowerDash – a tiny PowerShell backdoor
In late April we observed a malspam campaign delivering a previously unseen PowerShell malware. We decided to provide an overview of the campaign and some of the malware capabilities. We're also dubbing this malware family as "PowerDash" because of the "/dash" path on C2 server, used as a gateway for bots.
Read more -
A tale of Phobos - how we almost cracked a ransomware using CUDA
For the past two years we've been tinkering with a proof-of-concept decryptor for the Phobos family ransomware. It works, but is impractical to use for reasons we'll explain here. Consequently, we've been unable to use it to help a real-world victim so far. We've decided to publish our findings and tools, in hope that someone will find it useful, interesting or will continue our research. We will describe the vulnerability, and how we improved our decryptor computational complexity and performance to reach an almost practical implementation.
Read more -
Artemis vulnerability scanner is now open source
The Artemis vulnerability scanner is now open source! Artemis is a tool developed by the CERT Polska team and initiated by the KN Cyber science club of Warsaw University of Technology. The tool is built to find website misconfigurations and vulnerabilities on a large scale. Thanks to its modular architecture, it can combine the results of various other tools in a single place.
Read more