37 matches found
ClawGuard: Out-Of-Band Detection of LLM Agent Workflow Hijacking Via EM Side Channel
Autonomous LLM agents face a critical security risk known as workflow hijacking, where attackers subtly alter tool and skill invocations. Existing defenses rely on host-internal telemetry such as audit logs, which can be forged if the host OS is compromised. To solve this, we introduce ClawGuard,...
maltrail
It is an offensive tool for network traffic analysis. The primary CVE ID is not present in the provided context, but the tool is designed to detect malicious traffic. The target product/service or framework is not explicitly stated, but it is likely a network traffic analysis system. The...
Threat Intelligence Sweeping now supports container security telemetry data
Threat Intelligence Sweeping starts to support sweep container security telemetry data. Users can now use the TI tool to identify possible malicious activity in their container-based environments. The trigger events are visible in workbench alert...
Ngrok Detected
This is an informational notice that the scanner was able to detect an Ngrok tunneling service to access the target web application. Note that this detection is included in the Remote Access Tools category. No source data...
MAL-2024-10579 Malicious code in adandu (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 5f79b041fd4b5d0177f66a15f603d406d6eaeae16e312194b27685e261ce50fc A campaign of probably pentest packages flooding PYPI. Installing the package or importing the module triggers reporting basic info like hostname, path and the...
MAL-2024-9407 Malicious code in j5gnpuiwerbngpiutbgn0iutb0p (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0e410a6e975b8a7d6930f2fbde2be25a08fd2bc8995fc57d1794fc12eaf1e019 According to the description, packages should demonstrate the dependency confusion attack. The realisation is, in fact, a spamming with packages having as the...
MAL-2024-8016 Malicious code in artifact-lab-3-package-f0727516 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 4eda9e6e52c2a5a96b0b7053fcd9c738d037bc9a0c86b1a2bd7c74336691b958 Packages showing simple variants of revshell with targets to ngrok. Most probably experiments. Later versions moved to use Burp Collaborator to exfiltrate simp...
MAL-2023-1031 Malicious code in command-launcher (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a7b891d069224249cbc33b96113ab88f41f6eb292cb9a94e8232641a2e2ddf9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Watch out for this triple threat PayPal phish
ZDNet reports an interesting form of PayPal scam sent to one of their own writers. The scam is a so-called "triple threat" phish, in that it gives the scammer three different ways to potentially collect some ill gotten gains from potential victims. The idea is that if one of the three tactics...
Rapid7 Integration For AWS Verified Access
Today at re:invent, Amazon Web Services AWS unveiled its new AWS Verified Access service, and we are thrilled to announce that InsightIDR — Rapid7’s next-gen SIEM and XDR — will support log ingestion from this new service when it is made generally available. What Is AWS Verified Access? AWS...
Multiple Cisco Products CVE-2019-12636 Cross Site Request Forgery Vulnerability
Description Multiple Cisco Products are prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco...
Mitsubishi Electric FR Configurator2
1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Low skill level to exploit Vendor: Mitsubishi Electric Equipment: Mitsubishi Electric FR Configurator2 Vulnerabilities: Improper Restriction of XML External Entity Reference, Uncontrolled Resource Consumption 2. RISK EVALUATION Successful exploitation...
Microsoft SharePoint Server CVE-2018-8252 Remote Privilege Escalation Vulnerability
Description Microsoft SharePoint Server is prone to a remote privilege-escalation vulnerability because it fails to properly sanitize user-supplied input. An attacker may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microsof...
Detect Illegal Wireless Network Activities: WIPI-HUNTER
WipiHunter is developed for detecting illegal wireless network activities; howver, it shouldn’t be seen only as a piece of code. Instead, actually it is a philosophy. You can infer from this project new wireless network illegal activity detection methods. New methods, new ideas and different poin...
Microsoft Excel CVE-2018-0796 Remote Code Execution Vulnerability
Description Microsoft Excel is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected Microsoft...
Microsoft Windows Graphics Component CVE-2017-11763 Remote Code Execution Vulnerability
Description Microsoft Windows is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Failed exploit attempts may result in a denial of service condition. Technologies Affected Microsoft Windows 10 Versi...
Microsoft Windows Uniscribe CVE-2017-0285 Information Disclosure Vulnerability
Description Microsoft Windows Uniscribe is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. Technologies Affected Microsoft Office 2007 Service Pack 3 Microsoft Office 2010 Service Pack 2...
Microsoft Office CVE-2017-0019 Memory Corruption Vulnerability
Description Microsoft Office is prone to a remote memory-corruption vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...
Threat Outbreak Alert RuleID28246: Email Messages Distributing Malicious Software on March 13, 2017
Medium Alert ID: 53002 First Published: 2017 March 13 13:52 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID28246 may contain the following files: Name | Si...
Threat Outbreak Alert RuleID24697: Email Messages Distributing Malicious Software on August 31, 2016
Medium Alert ID: 48681 First Published: 2016 August 31 13:47 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID24697 may contain the following files: Name |...