New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities

The State Cyber Protection Centre SCPC of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. The advanced persistent threat, also known as Actinium,...

powershell-doktor.de Cross Site Scripting vulnerability OBB-3174389

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Infection and Evolution of the GOOTLOADER Malware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary GOOTLOADER malware infects via malicious archive download, executing JavaScript and PowerShell, delivering FONELAUNCH, Cobalt Strike BEACON/SNOWCONE, with the latest variant writing JavaScript to disk an...

Rapid7 Observes Use of Microsoft OneNote to Spread Redline Infostealer Malware

Author: Thomas Elkins Contributors: Matt Green, James Dunne, and Hernan Diaz Rapid7 routinely conducts research into the wide range of techniques that threat actors use to conduct malicious activity. One objective of this research is to discover new techniques being used in the wild, so we can...

Exploit for Cleartext Storage of Sensitive Information in Keepass

PoCCVE-2023-24055 How to run ? Edit the $User var in th...

Microsoft Urges Customers to Secure On-Premises Exchange Servers

Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads. "Attackers looking to exploit unpatched Exchange...

Microsoft Urges Customers to Secure On-Premises Exchange Servers

Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads. "Attackers looking to exploit unpatched Exchange...

Chinese Threat Actors Leverage Phishing and GuLoader to Distribute Remcos RAT

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The malicious campaign described involves the distribution of a malicious PDF file through email, via phishing. The PDF file in this case redirects victims to a legitimate cloud-based platform, where the...

Gamaredon Group Launches Cyberattacks Against Ukraine Using Telegram

The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. "The Gamaredon group's network infrastructure...

Microsoft Exchange PowerShell Unsafe Reflection NTLM Relay Vulnerability

This vulnerability allows remote attackers to relay NTLM credentials on affected installations of Microsoft Exchange. Authentication is required to exploit this vulnerability. The specific flaw exists within the PowerShell endpoint. The process does not properly restrict a user-supplied argument...

Zoho ManageEngine PoC Exploit to be Released Soon - Patch Before It's Too Late!

Users of Zoho ManageEngine are being urged to patch their instances against a critical security vulnerability ahead of the release of a proof-of-concept PoC exploit code. The issue in question is CVE-2022-47966, an unauthenticated remote code execution vulnerability affecting several products due...

Gather Dbeaver Passwords

This module will determine if Dbeaver is installed on the target system and, if it is, it will try to dump all saved session information from the target. The passwords for these saved sessions will then be decrypted where possible. Module Options msf use post/multi/gather/dbeaver msf postdbeaver...

Italian Users Warned of Malware Attack Targeting Sensitive Information

A new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer on compromised Windows systems. "The info-stealer malware steals sensitive information like system info, crypto wallet and browser histories, cookies, and credentials of crypto...

Italian Users Warned of Malware Attack Targeting Sensitive Information

A new malware campaign has been observed targeting Italy with phishing emails designed to deploy an information stealer on compromised Windows systems. "The info-stealer malware steals sensitive information like system info, crypto wallet and browser histories, cookies, and credentials of crypto...

Southeast Asian APT Group Saaiwc Targets Military and Financial Departments with PowerDism Backdoor

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Saaiwc Group APT-LY-1005 is a newly identified APT group that is thought to operate in Southeast Asia. The groups main tactic is to use an ISO file as a malicious payload, which when executed, injects a...

Description of the security update for Microsoft Exchange Server 2019: January 10, 2023 (KB5022193)

Description of the security update for Microsoft Exchange Server 2019: January 10, 2023 KB5022193 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CVE CVE-2023-21745...

Description of the security update for Microsoft Exchange Server 2013: January 10, 2023 (KB5022188)

Description of the security update for Microsoft Exchange Server 2013: January 10, 2023 KB5022188 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CVE: CVE-2023-2176...

Microsoft PowerShell Remote Code Execution Vulnerability

PowerShell is a task automation and configuration management framework developed by Microsoft Corporation USA, consisting of a command line interface shell layer related manuscript language built from . exploit this vulnerability to bypass sandbox restrictions and execute arbitrary code on the...

Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls

In yet another campaign targeting the Python Package Index PyPI repository, six malicious packages have been found deploying information stealers on developer systems. The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin,...

CVE-2022-22744

The constructed curl command from the "Copy as curl" feature in DevTools was not properly escaped for PowerShell. This could have lead to command injection if pasted into a Powershell prompt.This bug only affects Thunderbird for Windows. Other operating systems are unaffected.. This vulnerability...