Like antivirus software, vulnerability scans rely on a database of known weaknesses.
Thatβs why websites like VirusTotal exist, to give cyber practitioners a chance to see whether a malware sample is detected by multiple virus scanning engines, but this concept hasnβt existed in the vulnerability management space.
The benefits of using multiple scanning engines
Generally speaking
WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following the discovery of a critical security flaw.
The flaw, tracked as CVE-2024-2172, is rated 9.8 out of a maximum of 10 on the CVSS scoring system and discovered by Stiofan. It impacts the following versions of the two plugins -
Malware Scanner (
Google on Tuesday announced the open source availability ofΒ OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about various projects.
TheΒ Go-based tool, powered by the Open Source Vulnerabilities (OSV) database, is designed to connect "a project's list of dependencies with the vulnerabilities that affect them," Google software engineer Rex Pan in a post shared
The operators of RomCom RAT malware are continuing to evolve their campaigns by distributing rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro via fake copycat websites.
Targets of the operation consist of victims in Ukraine and select English-speaking countries like the U.K.To be noted the malicious software in question is
The threat actor behind a remote access trojan called RomCom RAT has been observed targeting Ukrainian military institutions as part of a new spear-phishing campaign that commenced on October 21, 2022.Β
The development marks a shift in the attacker's modus operandi, which has been previously attributed to spoofing legitimate apps like Advanced IP Scanner and pdfFiller to drop backdoors on