CertVerify - A Scanner That Files With Compromised Or Untrusted Code Signing Certificates

The CertVerify is a tool designed to detect executable files exe, dll, sys that have been signed with untrusted or leaked code signing certificates. The purpose of this tool is to identify potentially malicious files that have been signed using certificates that have been compromised, stolen, or...

Code injection

ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODESIGNINGINJECTBASEENTITLEMENTS...

CVE-2023-27574

ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODESIGNINGINJECTBASEENTITLEMENTS...

PT-2023-21217 · Unknown · Shadowsocksx-Ng

Name of the Vulnerable Software and Affected Versions: ShadowsocksX-NG version 1.10.0 Description: The issue arises from ShadowsocksX-NG 1.10.0 being signed with com.apple.security.get-task-allow entitlements due to CODE SIGNING INJECT BASE ENTITLEMENTS. Recommendations: For ShadowsocksX-NG versi...

CVE-2023-27574

ShadowsocksX-NG 1.10.0 is affected by CVE-2023-27574 due to CODE_SIGNING_INJECT_BASE_ENTITLEMENTS that causes signing with com.apple.security.get-task-allow entitlements. The CVSSv3.1 base score is 9.8 (CRITICAL) with network attack vector, no user interaction, and impact to confidentiality, inte...

Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS

Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS By Trellix · February 21, 2023 This blog was written by Austin Emmitt Introduction Since the first version of iOS on the original iPhone, Apple has enforced careful restrictions on the software that c...

Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS

Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS By Trellix · February 21, 2023 This blog was written by Austin Emmitt Introduction Since the first version of iOS on the original iPhone, Apple has enforced careful restrictions on the software that c...

SUSE CVE-2020-0601

A spoofing vulnerability exists in the way Windows CryptoAPI Crypt32.dll validates Elliptic Curve Cryptography ECC certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted,...

CVE-2023-25718

In ConnectWise Control through 22.9.10032 formerly known as ScreenConnect, after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a different attacker-controlled executable file. It is...

Privilege escalation

DISPUTED In ConnectWise Control through 22.9.10032 formerly known as ScreenConnect, after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a different attacker-controlled executable fil...

PT-2023-20270 · Connectwise · Connectwise Control

Name of the Vulnerable Software and Affected Versions: ConnectWise Control versions through 22.9.10032 Description: The issue concerns the cryptographic code signing process in ConnectWise Control. It allows an attacker to add instructions to a signed executable file without invalidating the...

CVE-2023-25718

ConnectWise Control (through 22.9.10032) has a vulnerability where, after an executable is signed, additional instructions can be appended without invalidating the signature, potentially leading to an attacker-controlled executable being offered to the end user for download and execution. Connect...

CVE-2023-25718

In ConnectWise Control through 22.9.10032 formerly known as ScreenConnect, after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a different attacker-controlled executable file. It is...

CVE-2022-3913

Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the...

Design/Logic Flaw

Rapid7 Nexpose and InsightVM versions 6.6.82 through 6.6.177 fail to validate the certificate of the update server when downloading updates. This failure could allow an attacker in a privileged position on the network to provide their own HTTPS endpoint, or intercept communications to the...

CVE-2022-3913

CVE-2022-3913 affects Rapid7 Nexpose and InsightVM, versions 6.6.82–6.6.177, due to failure to validate the update server’s TLS certificate when downloading updates. This could allow a network‑adjacent attacker with some access along the path to supply their own HTTPS endpoint or intercept traffi...

GitHub Reports Code-Signing Certificate Theft in Security Breach

By Deeba Ahmed GitHub states that hackers gained access to its code repositories and stole code-signing certificates for two of its desktop apps: Desktop and Atom. This is a post from HackRead.com Read the original post: GitHub Reports Code-Signing Certificate Theft in Security Breach...

GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom

GitHub on Monday disclosed that unknown threat actors managed to exfiltrate encrypted code signing certificates pertaining to some versions of GitHub Desktop for Mac and Atom apps. As a result, the company is taking the step of revoking the exposed certificates out of abundance of caution. The...

GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom

GitHub on Monday disclosed that unknown threat actors managed to exfiltrate encrypted code signing certificates pertaining to some versions of GitHub Desktop for Mac and Atom apps. As a result, the company is taking the step of revoking the exposed certificates out of abundance of caution. The...

laZzzy - Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques

laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries. Features Direct syscalls and native Nt functions not all functions but most Import Address Table IAT evasion Encrypte...