PT-2023-11450 · Microsoft · Powershell App Deployment Toolkit

Name of the Vulnerable Software and Affected Versions: PowerShell App Deployment Toolkit versions prior to 3.8.1 Description: The issue is related to an incorrect access control vulnerability in the default configuration, which may allow an authenticated user to potentially enable escalation of...

Old Loader, New Threat: Exploring XWorm RAT's Distribution and Tactics 

Old Loader, New Threat: Exploring XWorm RAT's Distribution and Tactics By Pratik Pachpor and Adarsh S · July 31, 2023 Executive Summary: In March-April 2023, we detected a malicious email campaign delivering .Net based XWorm RAT in which embedded blogspot.com URLs were used as an entry point. Thi...

GreenShot 1.2.10 Arbitrary Code Execution

Exploit Title: GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution Date: 26/07/2023 Exploit Author: p4r4bellum Vendor Homepage: https://getgreenshot.org Software Link: https://getgreenshot.org/downloads/ Version: 1.2.6.10 Tested on: windows 10.0.19045 N/A build 19045 CVE :...

Hackers Abusing Windows Search Feature to Install Remote Access Trojans

A legitimate Windows search feature is being exploited by unknown malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT. The novel attack technique, per Trellix, takes advantage of the...

Turla Exploits Ukraine’s Defense Sector with DeliveryCheck Backdoor

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DeliveryCheck, a .NET-based backdoor, targets Ukraines defense sector, attributed to Russian actor Turla; it aims to exfiltrate Signal app data. Notably, it breaches Microsoft Exchange servers using...

Turla's New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector

The defense sector in Ukraine and Eastern Europe has been targeted by a novel .NET-based backdoor called DeliveryCheck aka CAPIBAR or GAMEDAY that's capable of delivering next-stage payloads. The Microsoft threat intelligence team, in collaboration with the Computer Emergency Response Team of...

How to Send a Test Email Notification Using PowerShell

This article documents a method for sending a simple email via PowerShell...

Exploit for Race Condition in Microsoft

CVE-2023-36884-Checker Script to check for CVE-2023-36884 har...

CERT-UA Uncovers Gamaredon's Rapid Data Exfiltration Tactics Following Initial Compromise

The Russia-linked threat actor known as Gamaredon has been observed conducting data exfiltration activities within an hour of the initial compromise. "As a vector of primary compromise, for the most part, emails and messages in messengers Telegram, WhatsApp, Signal are used, in most cases, using...

PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland

Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns designed to steal sensitive data and gain persistent remote access to the infected systems. The intrusion set, which stretches from April 2022 to July 2023,...

Exploit for Race Condition in Microsoft

This is a PoC exploit for CVE-2023-36884, a vulnerability in Mic...

Iranian Hackers Using POWERSTAR Backdoor in Targeted Espionage Attacks

Charming Kitten, the nation-state actor affiliated with Iran's Islamic Revolutionary Guard Corps IRGC, has been attributed to a bespoke spear-phishing campaign that delivers an updated version of a fully-featured PowerShell backdoor called POWERSTAR. "There have been improved operational security...

Black Basta ransomware

What is Black Basta ransomware? Black Basta is a threat group that provides ransomware-as-a-service RaaS. The service is maintained by dedicated developers and is a highly efficient and professionally run operation; theres a TOR website that provides a victim login portal, a chat room, and a wall...

MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans

A new phishing campaign codenamed MULTISTORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. "The attack chain ends with the victim machine infected with multiple unique RAT remote access trojan malware instances, su...

MULTI#STORM Campaign Targets India and U.S. with Remote Access Trojans

A new phishing campaign codenamed MULTISTORM has set its sights on India and the U.S. by leveraging JavaScript files to deliver remote access trojans on compromised systems. "The attack chain ends with the victim machine infected with multiple unique RAT remote access trojan malware instances, su...

New Chromeloader Shampoo Campaign Infecting Chrome and Stealing Data

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The current ChromeLoader Shampoo campaign, where users unknowingly download and execute VBScript files from malicious websites. These files trigger a series of PowerShell scripts, leading to the...

New Report Reveals Shuckworm's Long-Running Intrusions on Ukrainian Organizations

The Russian threat actor known as Shuckworm has continued its cyber assault spree against Ukrainian entities in a bid to steal sensitive information from compromised environments. Targets of the recent intrusions, which began in February/March 2023, include security services, military, and...

CVE-2023-32031

creationtimestamp| type| source ---|---|--- 2023-06-14 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=1041 2023-06-14 10:24:46+00:00| seen| https://t.me/kasperskyb2b/694 2023-06-14 13:25:38+00:00| seen| https://t.me/truesecator/4496 2023-07-16 08:01:35+00:00|...

Vulnerabilities fixed in Microsoft Exchange

Microsoft has fixed vulnerabilities in Exchange. A authenticated malicious person with the ability to Powershell scripts can execute the vulnerabilities exploit them to execute arbitrary code with permissions from the application. Microsoft Exchange Server:...

Cybercriminals Using Powerful BatCloak Engine to Make Malware Fully Undetectable

A fully undetectable FUD malware obfuscation engine named BatCloak is being used to deploy various malware strains since September 2022, while persistently evading antivirus detection. The samples grant "threat actors the ability to load numerous malware families and exploits with ease through...