Microsoft Exchange PowerShell Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PowerShell endpoint. The issue results from the lack of proper validation of...

Monkey365 - Tool For Security Consultants To Easily Conduct Not Only Microsoft 365, But Also Azure Subscriptions And Azure Active Directory Security Configuration Reviews

Monkey365 is an Open Source security tool that can be used to easily conduct not only Microsoft 365, but also Azure subscriptions and Azure Active Directory security configuration reviews without the significant overhead of learning tool APIs or complex admin panels from the start. To help with...

New Report Uncovers Emotet's Delivery and Evasion Techniques Used in Recent Attacks

Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control C2 infrastructure to escape detection, according to new research from VMware. Emotet is the work of a threat actor tracked as Mummy Spider aka TA542, emerging in June 2014 as ...

EulerOS Virtualization 3.0.6.0 : git (EulerOS-SA-2022-2559)

According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machine...

Exploit for Server-Side Request Forgery in Microsoft

proxynotshell-IOC-Checker Powershell script used to check for...

EulerOS Virtualization 3.0.6.6 : git (EulerOS-SA-2022-2500)

According to the versions of the git packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machine...

Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities

Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from...

Microsoft Exchange Server Remote Code Execution Vulnerability (CNVD-2022-67838)

Microsoft Exchange Server is a popular mail service program developed by Microsoft. Microsoft Exchange Server has a security vulnerability that can be exploited by remote attackers to submit special requests that can execute arbitrary code via PowerShell in the context of an application...

Metasploit Weekly Wrap-Up

Bofloader - Windows Meterpreter Gets Beacon Object File Loader Support This week brings a new and frequently requested feature to the Windows Meterpreter, the Beacon Object File loader. This new extension, bofloader, allows for users to execute Beacon Object Files as written for either Cobalt...

Exploit for Server-Side Request Forgery in Microsoft

PoC exploit for CVE-2022-41040 is absent, but this repository co...

Microsoft: Two New 0-Day Flaws in Exchange Server

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime...

Microsoft Confirms 2 New Exchange Zero-Day Flaws Being Used in the Wild

Microsoft officially disclosed it investigating two zero-day security vulnerabilities impacting Exchange Server 2013, 2016, and 2019 following reports of in-the-wild exploitation. "The first vulnerability, identified as CVE-2022-41040, is a Server-Side Request Forgery SSRF vulnerability, while th...

Microsoft Exchange Server 代码问题漏洞

Microsoft Exchange Server is a popular mail service program developed by Microsoft. Microsoft Exchange Server has a security vulnerability that can be exploited by remote attackers to submit special requests that can execute arbitrary code via PowerShell in the context of an application...

Researchers Uncover Covert Attack Campaign Targeting Military Contractors

A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed STEEPMAVERICK by Securonix, also...

Hackers Using PowerPoint Mouseover Trick to Infect Systems with Malware

The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique "is designed to be triggered when the user starts the presentation mode and moves...

PSAsyncShell - PowerShell Asynchronous TCP Reverse Shell

PSAsyncShell is an Asynchronous TCP Reverse Shell written in pure PowerShell. Unlike other reverse shells, all the communication and execution flow is done asynchronously, allowing to bypass some firewalls and some countermeasures against this kind of remote connections. Additionally, this tool...

Malicious NPM Package Caught Mimicking Material Tailwind CSS Package

A malicious NPM package has been found masquerading as the legitimate software library for Material Tailwind, once again indicating attempts on the part of threat actors to distribute malicious code in open source software repositories. Material Tailwind is a CSS-based framework advertised by its...

Exploit for CVE-2022-30190

CVE-2022-30190 Follina !build.ymlhttps://github.com/win...

Russian Gamaredon Hackers Target Ukrainian Government Using Info-Stealing Malware

An ongoing espionage campaign operated by the Russia-linked Gamaredon group is targeting employees of Ukrainian government, defense, and law enforcement agencies with a piece of custom-made information stealing malware. "The adversary is using phishing documents containing lures related to the...

Gamaredon APT targets Ukrainian government agencies in new campaign

By Asheer Malhotra and Guilherme Venere. Cisco Talos recently identified a new, ongoing campaign attributed to the Russia-linked Gamaredon APT that infects Ukrainian users with information-stealing malware. The adversary is using phishing documents containing lures related to the Russian invasion...