Caution When Using 3CX DesktopApp (CVE-2023-29059)
Overview Details about how supply chains were attacked through the 3CX DesktopApp were published. [1] This software provides users with various communication functions, such as voice calls and video conferences, and can be operated on both Windows and MAC operating systems. Currently, the 3CX company is preparing to issue a new
Initech Product (INISAFE CrossWEB) Security Update Recommendation
Overview A security update to patch the vulnerability of Initech’s INISAFE CrossWeb EX V3 has been announced. INISAFE CrossWeb EX V3 is a software program used for electronic financial transactions and financial security certification in the public sector. It is used by various companies and individuals for Internet banking, so
Microsoft Office Outlook Vulnerability (CVE-2023-23397) Appearance and Manual Measure Guide
AhnLab Security Emergency response Center (ASEC) recently published a notice about a Microsoft Office Outlook vulnerability. Warning for Microsoft Office Outlook Privilege Escalation Vulnerability (CVE-2023-23397) CVE-2023-23397 is a vulnerability that leaks a user’s account credentials upon receiving an email and triggering a notification. The stolen information includes the ‘NTLM’
Warning for MagicLine4NX (Certificate Solution) Vulnerability and Update Recommended
Vulnerable Software and Overview MagicLine4NX is a non-ActiveX joint certificate program developed by the Korean company, Dream Security. Users can use MagicLine4NX to perform logins with a joint certificate and digitally sign transactions. This program is registered as a Startup Program and will be relaunched by a certain service
Warning for Certification Solution (VestCert) Vulnerability and Update Recommendation
Vulnerable Software and Overview VestCert is a certification program used while accessing websites, and is a non-ActiveX module developed by the Korean company, Yettiesoft. This program is registered as a Startup Program and will be relaunched by Yettiesoft’s service (Gozi) even if it is terminated. It remains constantly active as a
Warning for Asset Management Program (TCO!Stream) Vulnerability and Update Recommendation
Vulnerable Software and Overview TCO!Stream is an asset management solution developed by the Korean company, MLsoft. Consisting of a server and a client, administrators can use the console program to perform asset management work by accessing the server. TCO!Stream offers various features for asset management, but there is a process
CoinMiner Being Installed on Vulnerable Apache Tomcat Web Server
The ASEC analysis team has recently identified attacks targeting vulnerable Apache Tomcat web server. The Tomcat server that has not been updated to the latest version is one of the major attack vectors that exploit vulnerabilities. In the past, the ASEC blog has also covered attacks targeting Apache Tomcat servers
Caution! Microsoft Office Zero-day Vulnerability Follina (CVE-2022-30190)
A new vulnerability named Follina (CVE-2022-30190) has been revealed. According to Microsoft, it is a remote code execution vulnerability that occurs when the URL protocol is used to call MSDT in calling applications such as Microsoft Word. With the privileges of the calling application, attackers can run arbitrary codes, install additional
Distribution of Remcos RAT Disguised as Tax Invoice
The ASEC analysis team has discovered Remcos RAT being distributed under the disguise of a tax invoice. The content and the type of phishing email are similar to the type that has been consistently discussed in previous blogs. Within the email, it has a short message written in awkward grammar.
![[Announcement] New Log4j Vulnerability (CVE-2021-45105) – Log4j 2.17.0](https://asec.ahnlab.com/wp-content/uploads/2021/12/39_cyber-security_02.png)
[Announcement] New Log4j Vulnerability (CVE-2021-45105) – Log4j 2.17.0
CVE-2021-45105 vulnerability that operates in Log4j 2.16.0 version was additionally revealed on December 18th, 2021 (CVSS 7.5). 1. Vulnerable Versions Log4j 2.0-beta9 to 2.16.0 2. Vulnerability Exploitation Technique Vulnerability exploitations may occur if applications that use Log4j are enabled with the layout pattern and thread context features. The following shows
