Windows PowerShell - Event Log Bypass Single Quote Code Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WINDOWSPOWERSHELLSINGLEQUOTECODEEXECEVENTLOGBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Microsoft Windows PowerShell Built on the...

IBM Storage Defender Privilege Mismanagement Vulnerability

IBM Storage Defender is a solution from International Business Machines IBM that provides end-to-end data resiliency. A privilege mismanagement vulnerability exists in IBM Storage Defender Connection Manager, which stems from a Resiliency Service that could allow a privileged user to perform...

The vulnerability of Microsoft Defender for Endpoint’s Windows operating system, which allows a hacker to increase their privileges

The vulnerability of Microsoft Defender for Endpoint on the Windows operating system is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

Attacks, Vulnerabilities and Actors 12 to 18 February 2024

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of eight attacks were executed, five vulnerabilities were uncovered, and three active adversaries we...

Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability

...

KLA63962 PE vulnerability in Microsoft System Center

An elevation of privilege vulnerability was found in Microsoft System Center. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2024-21315 Related products Microsoft-Windows Microsoft-Defender-for-Endpoint-for-Windows CVE list CVE-2024-21315 critical KB li...

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Water Hydra Exploits CVE-2024-21412 to Target Financial Traders

Summary: Water Hydra exploited CVE-2024-21412 to bypass Microsoft Defender SmartScreen, targeting financial traders with DarkMe malware through sophisticated spearphishing tactics. This underscores the persistent threat of APT groups and highlights the challenge of defending against evolving atta...

Microsoft Windows Defender - VBScript Detection Bypass Vulnerability

This is additional research regarding a mitigation bypass in Windows Defender. Back in 2022, the researcher disclosed how it could be easily bypassed by passing an extra path traversal when referencing mshtml but that issue has since been mitigated. However, the researcher discovered using multip...

Microsoft Windows Defender / Backdoor_JS.Relvelshe.A Detection / Mitigation Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/WindowsDefenderBackdoorJS.Relvelshe.ADetectionMitigationBypass.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender...

IBM Storage Defender-Resiliency Service Information Disclosure Vulnerability

IBM Storage Defender is a software suite that enables data resiliency and is part of the IBM Storage portfolio of products and services. An information disclosure vulnerability exists in IBM Storage Defender-Resiliency Service, which can be exploited by a local attacker to submit a special reques...

IBM Storage Defender-Resiliency Service Information Disclosure Vulnerability (CNVD-2024-09174)

IBM Storage Defender is a software suite that enables data resiliency and is part of the IBM Storage portfolio of products and services. An information disclosure vulnerability exists in IBM Storage Defender-Resiliency Service, which can be exploited by a local attacker to obtain hard-coded...

Microsoft Windows Defender Bypass - Detection Mitigation Bypass Vulnerability

Back in 2022, the researcher released a proof of concept to bypass the Backdoor:JS/Relvelshe.A detection in Windows Defender but it no longer works as it was mitigated. However, adding a simple javascript try catch error statement and eval'ing the hex string, it executes as of the time of this...

Microsoft Windows Defender / Trojan.Win32/Powessere.G VBScript Detection Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERVBSCRIPTTROJANMITIGATIONBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender Vulnerability Type...

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.

The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

Microsoft Windows Defender / Detection Bypass Part 3

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERTROJAN.WIN32.POWESSERE.GMITIGATIONBYPASSPART3.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender...

Microsoft Windows Defender - VBScript Detection Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/MICROSOFTWINDOWSDEFENDERVBSCRIPTTROJANMITIGATIONBYPASS.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender Vulnerability Type...

Microsoft Windows Defender Bypass - Detection Mitigation Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: https://hyp3rlinx.altervista.org/advisories/WindowsDefenderBackdoorJS.Relvelshe.ADetectionMitigationBypass.txt + twitter.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows Defender...

Defender Security < 4.4.2 - IP Address Spoofing

Description The plugin prioritized user-supplied HTTP headers when trying to retrieve a user's IP address, making it possible for them to bypass IP address based restrictions...

DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability

A newly disclosed security flaw in the Microsoft Defender SmartScreen has been exploited as a zero-day by an advanced persistent threat actor called Water Hydra aka DarkCasino targeting financial market traders. Trend Micro, which began tracking the campaign in late December 2023, said it entails...