ClawGuard: Out-Of-Band Detection of LLM Agent Workflow Hijacking Via EM Side Channel

Autonomous LLM agents face a critical security risk known as workflow hijacking, where attackers subtly alter tool and skill invocations. Existing defenses rely on host-internal telemetry such as audit logs, which can be forged if the host OS is compromised. To solve this, we introduce ClawGuard,...

Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan

Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services AWS that allows the AWS Systems Manager Agent SSM Agent to be run as a remote access trojan on Windows and Linux environments "The SSM agent, a legitimate tool used by admins to manage their...

Decoy Dog: New Breed of Malware Posing Serious Threats to Enterprise Networks

A deeper analysis of a recently discovered malware called Decoy Dog has revealed that it's a significant upgrade over the Pupy RAT, an open-source remote access trojan it's modeled on. "Decoy Dog has a full suite of powerful, previously unknown capabilities – including the ability to move victims...

Update on Spring4Shell’s Impact on Rapid7 Solutions and Systems

We have completed remediating the instances of Spring4Shell CVE-2022-22965 and Spring Cloud CVE-2022-22963 vulnerabilities that we found on our internet-facing services and systems. We continue to monitor for new vulnerability instances and to remediate vulnerabilities on internally accessible...

Security Breach Disrupts Fintech Firm Finastra

Finastra, a company that provides a range of technology solutions to banks worldwide, said today it was shutting down key systems in response to a security breach discovered this morning. The company's public statement and notice to customers does not mention the cause of the outage, but their...

UPDATE: Sysdig Falco v0.18.0

Sysdig Falco v0.18.0 was released a while ago which I detected when I was using this tool and hence this blog. It has been some time since I last blogged about this open source behavorial activity monitor which has container support and a lot has changed in this version as well. What is Sysdig...

ISC BIND CVE-2019-6477 Remote Denial of Service Vulnerability

Description ISC BIND is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected ISC Bind 9.11.0 ISC Bind 9.11.2 ISC Bind 9.11.3 ISC Bind 9.11.4 ISC Bind 9.11.5 ISC Bind 9.11.6 ISC Bind 9.11.7 ISC Bind 9.11...

Microsoft Windows Media Foundation CVE-2019-1430 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Windows 10 Version 1903 f...

Multiple Cisco Products CVE-2019-12636 Cross Site Request Forgery Vulnerability

Description Multiple Cisco Products are prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. This issue is being tracked by Cisco...

Oracle Java SE/Java SE Embedded CVE-2019-2975 Remote Security Vulnerability

Description Oracle Java SE and Java SE Embedded are prone to a remote security vulnerability. The vulnerability can be exploited over Multiple protocols. This issue affects the 'Scripting' component. This vulnerability affects the following supported versions: Java SE: 8u221, 11.0.4, 13; Java SE...

Siemens SIMATIC IT UADM CVE-2019-13929 Hardcoded Cryptographic Key Vulnerability

Description Siemens SIMATIC IT UADM is prone to a hard-coded cryptographic key vulnerability. An attacker can exploit this issue to gain unauthorized access to the vulnerable device and perform unauthorized actions. Versions prior to SIMATIC IT UADM 1.3 are vulnerable. Technologies Affected Sieme...

Multiple Cisco Products CVE-2019-12695 Cross Site Scripting Vulnerability

Description Multiple Cisco Products are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This...

CA Network Flow Analysis CVE-2019-13658 Default Credentials Security Bypass Vulnerability

Description CA Network Flow Analysis is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and execute arbitrary command. The following versions are vulnerable: CA Network Flow Analysis 10.0.xCA Network Flow Analysis 9.x Technologie...

Microsoft SharePoint CVE-2019-1259 Spoofing Vulnerability

Description Microsoft SharePoint is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft SharePoint...

BLUESPAWN - Windows Based Active Defense Tool To Empower Blue Teams

BLUESPAWN helps blue teams monitor Windows systems in real-time against active attackers by detecting anomalous activity Why we made BLUESPAWN We've created and open-sourced this for a number of reasons which include the following: Move Faster : We wanted tooling specifically designed to quickly...

ISC Kea CVE-2019-6473 Denial of Service Vulnerability

Description ISC Kea is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Kea 1.4.0 through 1.5.0, 1.6.0-beta1, and 1.6.0-beta2 are vulnerable. Technologies Affected ISC Kea 1.4.0 ISC Kea 1.5.0 ISC Kea 1.6.0-beta1 ISC Kea...

Microsoft Windows Graphics Component CVE-2019-1150 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows 10...

Microsoft Team Foundation Server CVE-2019-1076 Cross Site Scripting Vulnerability

Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

Microsoft Internet Explorer and Edge CVE-2019-1081 Information Disclosure Vulnerability

Description Microsoft Internet Explorer and Edge are prone to an information disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Technologies Affected Microsoft Edge Microsoft Internet Explorer 10 Microsoft Internet...

Microsoft Windows JET Database Engine CVE-2019-0893 Remote Code Execution Vulnerability

Description Microsoft Windows JET Database Engine is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of an affected system. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10...