Sandbox

Pierluigi Paganini April 09, 2023
Researchers disclose critical sandbox escape bug in vm2 sandbox library

The development team behind the vm2 JavaScript sandbox library addressed a critical Remote Code Execution vulnerability. The developers behind the vm2 JavaScript sandbox module have addressed a critical vulnerability, tracked as CVE-2023-29017 (CVSS score 9.8), that could be exploited to execute arbitrary shellcode. vm2 is a sandbox that can run untrusted code in an isolated context […]

Pierluigi Paganini July 14, 2022
Microsoft published exploit code for a macOS App sandbox escape flaw

Microsoft published the exploit code for a vulnerability in macOS that can allow an attacker to escape the sandbox. Microsoft publicly disclosed technical details for an access issue vulnerability, tracked as CVE-2022-26706, that resides in the macOS App Sandbox. “Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted […]

Pierluigi Paganini February 17, 2020
Launching the First “Yomi Hunting” Challenge!

About a year ago, Yoroi released the Yomi Hunter sandbox, today, they love to challenge the malware community with the first “Yomi Hunting” contest. About a year ago, we publicly released the Yomi Hunter sandbox for a few simple reasons: in Yoroi we believe in the InfoSec community value, we think it plays a central […]

Pierluigi Paganini July 23, 2019
Comodo Antivirus is affected by several vulnerabilities

Experts discovered several flaws in Comodo Antivirus, including a vulnerability that could allow to escape the sandbox and escalate privileges. The Tenable expert David Wells discovered five flaws in the Comodo Antivirus and Comodo Antivirus Advanced.  Four of the vulnerabilities affect were version 12.0.0.6810 and one the version 11.0.0.6582. The most severe flaw, tracked as CVE=2019-3969, could […]

Pierluigi Paganini May 08, 2019
Yomi Hunter Joined the VirusTotal Sandbox Program!

We are pleased to announce that Yomi the Malware Hunter has successfully completed the on-boarding in the VirusTotal MultiSandbox Program! Official VirusTotal Announce: https://blog.virustotal.com/2019/05/virustotal-multisandbox-yoroi-yomi.html Yoroi can now contribute to the fight against malware threats sharing its analysis with Chronicle Security, the Alphabet’s subsidiary author of the notorious VirusTotal Threat Intelligence platform: one of the most widely used community platforms all around the […]

Pierluigi Paganini October 30, 2018
Windows Defender is the first antivirus solution that can run in a sandbox

Windows Defender, the Windows built-in anti-malware tool, implemented the ability to run in a secure sandbox mode. The mechanisms allow detonating an application in a safe environment that is isolated from the operating system and other applications. This means that even if the application is compromised it will not affect the overall system if it […]

Pierluigi Paganini October 19, 2017
Microsoft provides details of a code execution vulnerability in Chrome

Microsoft’s Offensive Security Research (OSR) team disclosed a remote code execution vulnerability in the Chrome web browser. Microsoft’s Offensive Security Research (OSR) team has disclosed a remote code execution vulnerability in the Chrome web browser that was discovered by its experts. The flaw, tracked as CVE-2017-5121, was addressed by Google last month with the release of Chrome 61, but […]

Pierluigi Paganini May 08, 2017
Malwaresearch – A command line tool to find malware on Openmalware.org

Malwaresearch is a command line tool to find malware on Openmalware.org, it was developed to facilitate and speed up the process of finding and downloading malware samples. The tool was developed to facilitate and speed up the process of finding and downloading malware samples via the command line interface. We’ve made use of the API provided by […]

Pierluigi Paganini May 16, 2015
Polish firm disclosed PoC code for security issues in Google App Engine

Security researchers at Security Explorations firm have published PoCs code for some of security issues in the Google App Engine. The Polish firm Security Explorations has published online the technical details and a proof-of-concept code for security flaws affecting the Google App Engine (GAE) for Java. “Security Explorations decided to release technical details as well as […]

Pierluigi Paganini November 30, 2014
Acrobat Reader Windows sandbox is affected by critical flaw

A researcher at Google discovered a critical flaw in Windows Acrobat Reader 11 Sandbox that could be exploited to access a system and gain higher privileges Google security researcher James Forshaw claims that the Acrobat Reader Windows sandbox is affected by critical vulnerability that could allow attackers to compromise a system and gain higher privileges. “The […]