Blog

The latest from Swascan: news, stories and events from the company and the Cyber world.

Security Advisory: Docebo Community Edition <= 4.0.5

Security Advisory: Docebo Community Edition <= 4.0.5

Product description Swascan Offensive Security Team has identified multiple vulnerabilities on Docebo Community Edition 4.0.5, an open source e-learning platform also defined as Learning Management System. Technical summary Swascan’s Cyber Security Team discovered important vulnerabilities on Docebo CE <= v.4.0.5 Vulnerability CVSS 3.1 Docebo CE <= 4.0.5 – SQL Injection (unauthenticated) 8.6 – High[AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L] Docebo […]

DISCOVER MORE
Ransomware Analysis: Black Basta

Ransomware Analysis: Black Basta

Black Basta Ransomware is a new ransomware which, in a few weeks, already reaped important victims.  Swascan SOC Team intercepted and analyzed this ransomware threat, verifying that it contains encrypted and obfuscated payloads to make more difficult to understand the behavior of the threat during the encryption and infection phases, as we can see from […]

DISCOVER MORE
Security Advisory: Libnmap <= 0.7.2 (CVE-2022-30284)

Security Advisory: Libnmap <= 0.7.2 (CVE-2022-30284)

Swascan Offensive Security Team has identified a severe vulnerability on the python-libnmap Python library (https://pypi.org/project/python-libnmap/). Python-libnmap Python-libnmap is a python library that enables python developers to manipulate nmap process and data. The library offers the following features: automate or schedule nmap scans on a regular basis manipulate nmap scans results to do reporting compare and […]

DISCOVER MORE
Emotet: signature-based evasion & malleable executable

Emotet: signature-based evasion & malleable executable

Analysis by Daniele Capponi – Cyber Security Analyst Swascan We recently came across an interesting finding concerning Emotet’s infection kill-chain, which usually starts with the phishing email followed by the download of an excel macro then its execution, which acts as the DLL dropper and finally leads to malware infection. Signature We had a look […]

DISCOVER MORE
Security Advisory: Alt-n Security Gateway (CVE-2022-25356)

Security Advisory: Alt-n Security Gateway (CVE-2022-25356)

Swascan Offensive Security Team has identified 1 vulnerability on Alt-n Security Gateway product, the vulnerability was found during a Penetration Test. Product description Alt-n develops and manufactures products and solutions for companies to help them be more safe against phishing attacks, malwares and much more, Security Gateway accomplishes that goal giving protection from external/internal email […]

DISCOVER MORE
Security Advisory: Forma LMS (CVE-2022-27104)

Security Advisory: Forma LMS (CVE-2022-27104)

Unauthenticated SQL Injection in forma Lms <= 1.4.3 Swascan Offensive Security Team has identified a vulnerability on Forma LMS digital assets. Forma Lms Forma Lms is the natural evolution, or a “fork”, of the last open source version of the LMS platform Docebo. Forma Lms is an open source e-learning platform, oriented towards business needs: […]

DISCOVER MORE
Conti Leak Analysis

Conti Leak Analysis

The conflict in Ukraine has attracted significant attention from the cybersecurity community: there have been cyber attacks by Russia against Ukrainian infrastructure with wiper-type malware (such as Whispergate and HermeticWiper) and a series of DDoS attacks against Russian infrastructure by Anonymous and Ukrainian supporter groups. Among the many news stories circulating, one that caused great […]

DISCOVER MORE
The Russian Doll Mechanism of Online Pharmacies

The Russian Doll Mechanism of Online Pharmacies

The world of online pharmacies is – said in a very simplistic way – a huge Russian doll mechanism of containers and cross references, deliberately anonymised. Shedding light on the system was not an easy task and finding a name to link to this game of mirrors required a veritable technical “deep dive” into the […]

DISCOVER MORE
The Mole: Criminal Hacker gang clash

The Mole: Criminal Hacker gang clash

Through its proprietary Threat Intelligence platform, Swascan’s SoC team has detected an interesting development in the continuously evolving cyber war scenarios in the international Cyber Crime landscape. Spokesmen for LockBit and REvil accused the operator of the Dark Web Ramp forum of being an informer employed by the Russian law enforcement agencies. Context In the […]

DISCOVER MORE
Vulnerability Report Emerson – Dixell XWEB-500 Multiple Vulnerabilities (CVE-2021-45420)

Vulnerability Report Emerson – Dixell XWEB-500 Multiple Vulnerabilities (CVE-2021-45420)

1.Technical Summary Swascan Offensive Security Team detected some important potential vulnerabilities on: Dixell XWEB-500 Detected vulnerabilities were: Vulnerability Assets CVSSv3 Severity Arbitrary File Write http://<target>/cgi-bin/logo_extra_upload.cgi http://<target>/cgi-bin/cal_save.cgi http://<target>/cgi-bin/lo_utils.cgi 7.5 HIGH Directory Listing http://<target>/cgi-bin/lo_utils.cgi 5.3 MEDIUM In the following section we are reporting some technical details on these vulnerabilities including evidences and proof-of-concepts. 2.Vulnerability details Arbitrary File […]

DISCOVER MORE