The Continued Evolution of the DarkGate Malware-as-a-Service

The Continued Evolution of the DarkGate Malware-as-a-Service By Ernesto Fernández Provecho, Pham Duy Phuc, Ciana Driscoll and Vinoo Thomas · November 21, 2023 On September 2023, the Trellix Security Operations Center SOC successfully detected and stopped an attack against Musarubra, the holding...

Adobe ColdFusion Cross-Site Scripting Vulnerability (CNVD-2023-100311)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion cross-site scripting vulnerability, the vulnerability stems from the lack of effective...

ROS-20231115-04

Visual Studio Coden source code editor vulnerability related to improper control of code generation. code generation. Exploitation of the vulnerability may allow an attacker to execute arbitrary code Visual Studio Code source code editor vulnerability is related to insufficient protection of...

Adobe ColdFusion Input Validation Error Vulnerability (CNVD-2023-91796)

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. Adobe ColdFusion has an input validation error vulnerability that can be exploited by an attacker to...

Adobe ColdFusion Code Execution Vulnerability

Adobe ColdFusion is the United States Odo than Adobe company's set of rapid application development platform. The platform includes an integrated development environment and scripting language. A code execution vulnerability exists in Adobe ColdFusion versions 2023.5 and earlier and 2021.11 and...

SUSE-SU-2023:4480-1 Security update for gcc13

This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided...

PT-2023-8888 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: GPAC versions 2.3-DEV-rev617-g671976fcc-master Description: The issue is related to a memory leak in the gf mpd parse string function, located in media tools/mpd.c:75, due to the lack of memory release after its effective term of service...

[SECURITY] Fedora 37 Update: tor-0.4.8.9-1.fc37

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than making a direct connection, thus allowing both organizations and...

[SECURITY] Fedora 39 Update: gst-devtools-1.22.7-1.fc39

Development and debugging tools for GStreamer...

Microsoft Security Update Validation Report November 2023

Microsoft’s November 2023 security updates have passed Citrix testing the updates are listed below. The testing is not all-inclusive; all tests are executed against English only environments and issues may still be found upon implementation. Follow best practices for testing and installing softwa...

CISA Requests Comment on Draft Secure Software Development Attestation Form

CISA has opened a 30-day Federal Register notice to receive public comment on the draft Secure Software Development Attestation Form. CISA developed this form in coordination with the Office of Management and Budget. With the Secure Software Development Attestation Form, federal departments and...

SUSE: Security Advisory (SUSE-SU-2023:4451-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CISA Releases Roadmap for Artificial Intelligence Adoption

Today, CISA released its Roadmap for Artificial Intelligence—in alignment with White House Executive Order 14110: Safe, Secure, And Trustworthy Development and Use of Artificial Intelligence—to outline a comprehensive set of actions CISA will take along five lines of effort: 1. Responsibly use AI...

Command Execution Vulnerability in Green Alliance Operations and Maintenance Security Management System

Beijing Shenzhou Green Alliance Technology Co., Ltd. is a company whose business scope includes technology development, technology consulting, technology services; computer system services and so on. A command execution vulnerability exists in the Green Alliance Operations and Maintenance Securit...

The vulnerability in the elf.c component of the GNU Binutils development environment allows a hacker to trigger a service failure.

The vulnerability of the elf.c component in the GNU Binutils development environment is related to reading data beyond the allowed buffer size. Exploiting this vulnerability allows an attacker to cause a service failure using a specially created object file...

SUSE: Security Advisory (SUSE-SU-2023:4418-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Hades-C2 - Hades Basic Command And Control Server

Hades is a basic Command & Control server built using Python. It is currently extremely bare bones, but I plan to add more features soon. Features are a work in progress currently. This is a project made mostly for me to learn Malware Development, Sockets, and C2 infrastructure setups. Currently,...

Exploit for Code Injection in Vmware Spring_Framework

Spring4Shell Vulnerability - CVE-2022-22965 :closedbook:...

toolbox security update

An update is available for toolbox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The toolbox container image can be used with Toolbox to obtain Rocky Linux...

RLSA-2023:6077 Moderate: toolbox security update

The toolbox container image can be used with Toolbox to obtain Rocky Linux based containerized command line environments to aid with development and software testing. Toolbox is built on top of Podman and other standard container technologies from OCI. This updates the toolbox image in the Rocky...