CloudSorcerer – A new APT targeting Russian government entities

In May 2024, we discovered a new advanced persistent threat APT targeting Russian government entities that we dubbed CloudSorcerer. Its a sophisticated cyberespionage tool used for stealth monitoring, data collection, and exfiltration via Microsoft Graph, Yandex Cloud, and Dropbox cloud...

ExtremePacs Extreme XDS Security Vulnerability

ExtremePacs Extreme XDS is a service. A security vulnerability exists in ExtremePacs Extreme XDS versions prior to 3928, which stems from the presence of an improper privilege management vulnerability that allows the collection of user-supplied data...

Splunk Enterprise Path Traversal Vulnerability

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. Splunk...

Splunk Enterprise Code Execution Vulnerability

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. A code...

Splunk Enterprise Cross-Site Scripting Vulnerability (CNVD-2024-34270)

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. Splunk...

Splunk Enterprise Cross-Site Scripting Vulnerability (CNVD-2024-34268)

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. Splunk...

Splunk Enterprise Security Bypass Vulnerability (CNVD-2024-34266)

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. A securit...

Splunk Enterprise File Upload Vulnerability

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. A file...

Splunk Enterprise Denial of Service Vulnerability

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines and cloud. A denial ...

The vulnerability of the data collection tool for Azure Monitor Agents from virtual machines and physical servers arises from incorrect handling of the link before accessing the file. This allows attackers to escalate their privileges.

The vulnerability of the data collection tool for Azure Monitor Agents, which are used for monitoring virtual machines and physical servers, is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability could allow attackers to increase their privilege...

The vulnerability of the data collection tool for Azure Monitor Agents from virtual machines and physical servers arises from incorrect handling of the link before accessing the file. This allows attackers to escalate their privileges.

The vulnerability of the data collection tool for Azure Monitor Agents, which are used for virtual machines and physical servers, is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability can allow attackers to enhance their privileges using a...

JAW - A Graph-based Security Analysis Framework For Client-side JavaScript

An open-source, prototype implementation of property graphs for JavaScript based on the esprima parser, and the EsTree SpiderMonkey Spec. JAW can be used for analyzing the client-side of web applications and JavaScript-based programs. This project is licensed under GNU AFFERO GENERAL PUBLIC LICEN...

Cacti 安全漏洞

Cacti is a suite of open source network traffic monitoring and analysis tools from the Cacti team. The tool fetches data via snmpget, analyzes it using RRDtool drawing graphs, and provides data and user management features. A security vulnerability exists in Cacti versions prior to 1.2.27, which...

JS-Tap - JavaScript Payload And Supporting Software To Be Used As XSS Payload Or Post Exploitation Implant To Monitor Users As They Use The Targeted Application

JavaScript payload and supporting software to be used as XSS payload or post exploitation implant to monitor users as they use the targeted application. Also includes a C2 for executing custom JavaScript payloads in clients. Changelogs Major changes are documented in the project Announcements:...

State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed the activity ArcaneDoor, attributed it as the handiwork of a previously undocumented sophisticated...

Getting Started with LLMs: Managing Data Collection

...

The vulnerability of the data collection tool for Azure Monitor Agents from virtual machines and physical servers arises from incorrect handling of the link before accessing the file. This allows attackers to escalate their privileges.

The vulnerability of the data collection tool for Azure Monitor Agents, which are used for monitoring virtual machines and physical servers, is related to an incorrect definition of the link before accessing the file. Exploiting this vulnerability could allow attackers to increase their privilege...

New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks

A new Android trojan called SoumniBot has been detected in the wild targeting users in South Korea by leveraging weaknesses in the manifest extraction and parsing procedure. The malware is "notable for an unconventional approach to evading analysis and detection, namely obfuscation of the Android...

CVE-2024-28167

SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization...

CVE-2024-28167 Missing Authorization check in SAP Group Reporting Data Collection (Enter Package Data)

SAP Group Reporting Data Collection does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, specific data can be changed via the Enter Package Data app although the user does not have sufficient authorization...