Windows Escalate UAC Execute RunAs Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Execute RunAs', 'Description' = %q This module will attempt to elevate execution level using the ShellExecute undocumented...

Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack

Iraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state-sponsored threat actor called OilRig. The attacks singled out Iraqi organizations such as the Prime Minister's Office and the Ministry of Foreign Affairs, cybersecurity compa...

WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers

WordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication 2FA mandatorily. The enforcement is expected to come into effect starting October 1, 2024. "Accounts with commit access can pu...

CVE-2024-38046

PowerShell Elevation of Privilege Vulnerability...

CVE-2024-38046

PowerShell Elevation of Privilege Vulnerability...

CVE-2024-38046 PowerShell Elevation of Privilege Vulnerability

...

CVE-2024-38046

CVE-2024-38046 is described as a local privilege-escalation vulnerability in PowerShell. The primary public documentation (NVD/NCSC) confirms a local attacker with low privileges could elevate privileges on affected Windows components, with a CVSS v3.1 base score of 7.8 (LOCAL, Privileges Require...

CVE-2024-38046 PowerShell Elevation of Privilege Vulnerability

...

Description of the security update for SharePoint Server 2019: September 10, 2024 (KB5002639)

Description of the security update for SharePoint Server 2019: September 10, 2024 KB5002639 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability, and Microsoft SharePoint Server denial of service vulnerability. To learn more about the...

PowerShell Elevation of Privilege Vulnerability

...

Microsoft Windows PowerShell 安全漏洞

Microsoft Windows PowerShell is a command line shell program and scripting environment from Microsoft Corporation USA that enables command line users and script writers to take advantage of the power of . A security vulnerability exists in Microsoft Windows PowerShell. An attacker could exploit t...

PT-2024-6244 · Microsoft · Powershell +1

Name of the Vulnerable Software and Affected Versions: PowerShell affected versions not specified Description: The vulnerability is related to insufficient input validation in the PowerShell command-line shell for Windows operating systems. Exploitation of the vulnerability may allow an attacker ...

CVE-2023-36756

creationtimestamp| type| source ---|---|--- 2024-09-05 15:39:37+00:00| seen| https://www.thezdi.com/blog/2024/9/4/exploiting-exchange-powershell-after-proxynotshell-part-1-multivaluedproperty 2024-09-12 15:00:00+00:00| seen|...

Gather electerm Passwords

This module will determine if electerm is installed on the target system and, if it is, it will try to dump all saved session information from the target. The passwords for these saved sessions will then be decrypted where possible. Module Options msf use post/multi/gather/electerm msf postelecte...

New LummaC2 Malware Variant Uses PowerShell, Obfuscation to Steal Data

Ontinue has discovered a new LummaC2 malware variant with increased activity, using PowerShell for initial infection and employing…...

PEAKLIGHT Downloader Deployed in Attacks Targeting Windows with Malicious Movie Downloads

Cybersecurity researchers have uncovered a never-before-seen dropper that serves as a conduit to launch next-stage malware with the ultimate goal of infecting Windows systems with information stealers and loaders. "This memory-only dropper decrypts and executes a PowerShell-based downloader,"...

New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data

The threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints. The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascadi...

CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait

The Computer Emergency Response Team of Ukraine CERT-UA has warned of new phishing attacks that aim to infect devices with malware. The activity has been attributed to a threat cluster it tracks as UAC-0020, which is also known as Vermin. The exact scale and scope of the attacks are presently...

Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware

Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called AnvilEcho. Enterprise security company Proofpoint is tracking the...

New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions

An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software. "The trojan malware contains different deliverables ranging from simple adware extensions that hijack...