Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability
On March 14, 2023, Microsoft published a blogpost describing an Outlook Client Elevation of Privilege Vulnerability (CVSS: 9.8 CRITICAL). The publication generated a lot of activity among white, grey and black hat researchers, as well as lots of publications and tweets about the vulnerability and.....
9.8CVSS
9.2AI Score
0.902EPSS
LeakedSource Owner Quit Ashley Madison a Month Before 2015 Hack
[This is Part III in a series on research conducted for a recent Hulu documentary on the 2015 hack of marital infidelity website AshleyMadison.com.] In 2019, a Canadian company called Defiant Tech Inc. pleaded guilty to running LeakedSource[.]com, a service that sold access to billions of...
7AI Score
Blackbone - Windows Memory Hacking Library
Windows memory hacking library Features x86 and x64 support Process interaction Manage PEB32/PEB64 Manage process through WOW64 barrier Process Memory Allocate and free virtual memory Change memory protection Read/Write virtual memory Process modules Enumerate all (32/64 bit) modules...
7.2AI Score
copyparty vulnerable to path traversal attack
Summary All versions before 1.8.2 have a path traversal vulnerability, allowing an attacker to download unintended files from the server. Details Unauthenticated users were able to retrieve any files which are accessible (according to OS-level permissions) from the copyparty process. Usually, this....
7.5CVSS
7.7AI Score
0.055EPSS
copyparty vulnerable to path traversal attack
Summary All versions before 1.8.2 have a path traversal vulnerability, allowing an attacker to download unintended files from the server. Details Unauthenticated users were able to retrieve any files which are accessible (according to OS-level permissions) from the copyparty process. Usually, this....
7.5CVSS
7.6AI Score
0.055EPSS
TeamTNT's Cloud Credential Stealing Campaign Now Targets Azure and Google Cloud
A malicious actor has been linked to a cloud credential stealing campaign in June 2023 that's focused on Azure and Google Cloud Platform (GCP) services, marking the adversary's expansion in targeting beyond Amazon Web Services (AWS). The findings come from SentinelOne and Permiso, which said the...
6.9AI Score
SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge
[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.] It was around 9 p.m. on Sunday, July 19, when I received a message through the contact form on KrebsOnSecurity.com that the marital infidelity website...
6.9AI Score
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
Cisco Talos discovered 12 memory corruption vulnerabilities in MSRPC implementations on Apple macOS and VMWare vCenter. - Seven vulnerabilities affect Apple macOS only. - Two vulnerabilities affect VMWare vCenter. - Three vulnerabilities affect both. For more on these individual vulnerabilities,...
9.8CVSS
9.1AI Score
0.007EPSS
Apple DCERPC array marshaling uninitialized memory disclosure vulnerability
Talos Vulnerability Report TALOS-2022-1688 Apple DCERPC array marshaling uninitialized memory disclosure vulnerability July 13, 2023 CVE Number CVE-2023-27953 SUMMARY There exists a vulnerability in the array marshaling code of DCERPC library as used in Apple macOS 12.6.1 that can lead to use of...
9.8CVSS
6.9AI Score
0.003EPSS
SAP NetWeaver AS Java Log Injection (July 2023)
SAP NetWeaver Application Server for Java is affected by a log injection vulnerability. SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a...
5.3CVSS
6AI Score
0.001EPSS
Apple DCERPC packet stats buffer overflow vulnerability
Talos Vulnerability Report TALOS-2022-1660 Apple DCERPC packet stats buffer overflow vulnerability July 13, 2023 CVE Number CVE-2023-23513 SUMMARY A buffer overflow vulnerability exists in the stats logging functionality of DCERPC library as used in Apple macOS 12.6.1 A specially-crafted network...
9.8CVSS
7.4AI Score
0.003EPSS
Unused returns on the ds. _withdraw(), NounsDAOLogicV3._withdraw(), and ds.executeFork()
Lines of code https://github.com/nounsDAO/nouns-monorepo/blob/718211e063d511eeda1084710f6a682955e80dcb/packages/nouns-contracts/contracts/governance/NounsDAOLogicV3.sol#L497-#L499...
6.7AI Score
Apple DCERPC fixed array use after free vulnerability
Talos Vulnerability Report TALOS-2022-1689 Apple DCERPC fixed array use after free vulnerability July 13, 2023 CVE Number CVE-2023-27958 SUMMARY There exists a vulnerability in the fixed size array marshaling code of DCERPC library as used in Apple macOS 12.6.1 that can result in arbitrary code...
9.1CVSS
7.7AI Score
0.003EPSS
Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability
Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their....
8.1CVSS
7.3AI Score
0.001EPSS
Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability
Microsoft Security Advisory CVE-2023-33127: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their....
8.1CVSS
8.3AI Score
0.001EPSS
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to...
8.1CVSS
8AI Score
0.001EPSS
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability
Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to...
8.1CVSS
8AI Score
0.001EPSS
Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID
A year ago when we announced the Microsoft Entra product family, we asked what the world could achieve if we had trust in every digital experience and interaction.1 This question inspired us to offer a vision for securing the millions and millions of connections that happen every second between...
7.4AI Score
Microsoft Entra expands into Security Service Edge and Azure AD becomes Microsoft Entra ID
A year ago when we announced the Microsoft Entra product family, we asked what the world could achieve if we had trust in every digital experience and interaction.1 This question inspired us to offer a vision for securing the millions and millions of connections that happen every second between...
7.4AI Score
Part 1: An In-Depth Look at the Latest Vulnerability Threat Landscape
The number of vulnerabilities is steadily increasing over the years, as evidenced by the 206,000 vulnerabilities reported and still counting in the National Vulnerability Database (NVD). With each subsequent year, this trend has persisted since 2016, surpassing the previous vulnerability count. ...
8.8CVSS
9.7AI Score
0.138EPSS
SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any...
5.3CVSS
5.2AI Score
0.001EPSS
SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any...
5.3CVSS
5.2AI Score
0.001EPSS
SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any...
5.3CVSS
5.2AI Score
0.001EPSS
CVE-2023-31405 Log Injection vulnerability in SAP NetWeaver AS for Java (Log Viewer)
SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any...
5.3CVSS
5.5AI Score
0.001EPSS
Forminator < 1.24.4 - Reflected XSS
The plugin does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks. PoC 1. Create a "Contact Us" form from the plugin presets 2. Click on the Message field, go to the "Settings" tab and choose a.....
6.4AI Score
0.001EPSS
Apache RocketMQ 5.1.0 Arbitrary Code Injection Exploit
RocketMQ versions 5.1.0 and below are vulnerable to arbitrary code injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that.....
9.8CVSS
9.7AI Score
0.973EPSS
Forminator < 1.24.4 - Reflected XSS
The plugin does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS...
6.5AI Score
0.001EPSS
9.8CVSS
7.1AI Score
0.973EPSS
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...
9.8CVSS
7.3AI Score
0.973EPSS
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by...
9.8CVSS
7.3AI Score
0.973EPSS
SQLFluff users with access to config file, using `libary_path` may call arbitrary python code
Impact In environments where untrusted users have access to the config files (e.g. .sqlfluff), there is a potential security vulnerability where those users could use the library_path config value to allow arbitrary python code to be executed via macros. Jinja macros are executed within a...
7.8CVSS
6.8AI Score
0.0004EPSS
SQLFluff users with access to config file, using `libary_path` may call arbitrary python code
Impact In environments where untrusted users have access to the config files (e.g. .sqlfluff), there is a potential security vulnerability where those users could use the library_path config value to allow arbitrary python code to be executed via macros. Jinja macros are executed within a...
7.8CVSS
6.8AI Score
0.0004EPSS
Showcasing SecOps Metrics That Matter
This year, new rules from the Security and Exchange Commission (SEC) about board-level expertise, risk management, and public disclosures will take effect. The European Union is updating its regulations, as well. To meet these new requirements, organizations will need to explain to shareholders...
6.9AI Score
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the library_path config value to allow arbitrary python code to be executed via macros. For many users...
7.8CVSS
7.8AI Score
0.0004EPSS
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the library_path config value to allow arbitrary python code to be executed via macros. For many users...
7.8CVSS
7.7AI Score
0.0004EPSS
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the library_path config value to allow arbitrary python code to be executed via macros. For many users...
7.8CVSS
7.9AI Score
0.0004EPSS
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the library_path config value to allow arbitrary python code to be executed via macros. For many users...
7.8CVSS
7.1AI Score
0.0004EPSS
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the library_path config value to allow arbitrary python code to be executed via macros. For many users...
7.8CVSS
7.8AI Score
0.0004EPSS
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the library_path config value to allow arbitrary python code to be executed via macros. For many users...
7.8CVSS
7.5AI Score
0.0004EPSS
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the library_path config value to allow arbitrary python code to be executed via macros. For many users...
6.3CVSS
8AI Score
0.0004EPSS
The growth of commercial spyware based intelligence providers without legal or ethical supervision
Attackers have long used commercial products developed by legitimate companies to compromise targeted devices. These products are known as commercial spyware. Commercial spyware operations mainly target mobile platforms with zero- or one-click zero-day exploits to deliver spyware. This threat...
6.9AI Score
How Pen Testing can Soften the Blow on Rising Costs of Cyber Insurance
As technology advances and organizations become more reliant on data, the risks associated with data breaches and cyber-attacks also increase. The introduction of data privacy laws, such as the GDPR, has made it mandatory for organizations to disclose breaches of personal data to those affected....
9.8CVSS
6.5AI Score
0.135EPSS
Using the Jira Python library to make REST API calls with cookie auth bypasses Jira rate limiting
h3. Issue Summary When using the open-source [Jira Python library|https://github.com/pycontribs/jira] to make REST API calls to Jira, if [cookie-based authentication|https://jira.readthedocs.io/examples.html#cookie-based-authentication] is used then Jira's rate limits will be bypassed. This can...
6.9AI Score
SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the library_path config value to allow arbitrary python code to be executed via macros. For many users...
7.8CVSS
7AI Score
0.0004EPSS
Fedora 38 : picocli (2023-27ec59a486)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-27ec59a486 advisory. Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user...
6.5CVSS
7AI Score
0.006EPSS
Apache RocketMQ update config RCE
RocketMQ versions 5.1.0 and below are vulnerable to Arbitrary Code Injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that.....
9.8CVSS
9.8AI Score
0.973EPSS
Class-Action Lawsuit for Scraping Data without Permission
I have mixed feelings about this class-action lawsuit against OpenAI and Microsoft, claiming that it "scraped 300 billion words from the internet" without either registering as a data broker or obtaining consent. On the one hand, I want this to be a protected fair use of public data. On the other.....
6.9AI Score
Malicious ad for USPS fishes for banking credentials
We often think of malvertising as being malicious ads that push malware or scams, and quite rightly so these are probably the most common payloads. However, malvertising is also a great vehicle for phishing attacks which we usually see more often via spam emails. Threat actors continue to abuse...
6.8AI Score
Instagram's Twitter Alternative 'Threads' Launch Halted in Europe Over Privacy Concerns
Instagram Threads, the upcoming Twitter competitor from Meta, will not be launched in the European Union due to privacy concerns, according to Ireland's Data Protection Commission (DPC). The development was reported by the Irish Independent, which said the watchdog has been in contact with the...
9.8CVSS
6.5AI Score
0.135EPSS
setBooster() function may be used to steal unclaimed rewards in FlywheelCore contract
Lines of code Vulnerability details Lines of code Vulnerability details Impact A malicious owner can steal all unclaimed rewards and break the reward accounting mechanism Proof of Concept Even if the owner is a good guy but the fact that there exists a rug vector available may negatively impact...
6.9AI Score