941 matches found
Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry
Impact An external actor with control of a compromised container registry can provide outdated versions of OCI artifacts, such as Images. This could lead artifact consumers with relaxed trust policies such as permissive instead of strict to potentially use artifacts with signatures that are no...
Notary Project Specifications Security Vulnerabilities
Notary Project Specifications is a repository for the Notary Project. A security vulnerability exists in Notary Project Specifications that stems from the use of artifacts whose signatures are no longer valid...
Velociraptor 0.7.1 Release
Written by Dr. Michael Cohen Sigma Support, ETW Multiplexing, Local Encrypted Storage and New VQL Capabilities Highlight the Last Release of 2023 Rapid7 is excited to announce that version 0.7.1 of Velociraptor is live and available for download. There are several new features and capabilities th...
CVE-2023-23437
creationtimestamp| type| source ---|---|--- 2023-12-29 04:26:27+00:00| seen| https://t.me/ctinow/160310 2024-01-20 19:51:19+00:00| seen| https://t.me/ctinow/170707 2024-11-01 10:35:44+00:00| seen| https://t.me/cibsecurity/73872...
New Go-Based JaskaGO Malware Targeting Windows and macOS Systems
A new Go-based information stealer malware called JaskaGO has emerged as the latest cross-platform threat to infiltrate both Windows and Apple macOS systems. AT&T Alien Labs, which made the discovery, said the malware is "equipped with an extensive array of commands from its command-and-control C...
Douglas-042 - Powershell Script To Help Speed Up Threat Hunting Incident Response Processes
DOUGLAS-042 stands as an ingenious embodiment of a PowerShell script meticulously designed to expedite the triage process and facilitate the meticulous collection of crucial evidence derived from both forensic artifacts and the ephemeral landscape of volatile data. Its fundamental mission revolve...
ICS-Forensics-Tools - Microsoft ICS Forensics Framework
Microsoft ICS Forensics Tools is an open source forensic framework for analyzing Industrial PLC metadata and project files. it enables investigators to identify suspicious artifacts on ICS environment for detection of compromised devices during incident response or manual check. open source...
Quarkus Security Vulnerabilities
Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from not properly cleaning artifacts created using the Gradle plugin, which allows for the retention of certain build system information, allowing an...
CVE-2023-46668
If Elastic Endpoint v7.9.0 - v8.10.3 is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in...
CVE-2023-46655
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...
CVE-2023-46655
Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...
Using Velociraptor for large-scale endpoint visibility and rapid threat hunting
TL;DR Network-wide collection, acquisition and monitoring tool for use in DFIR engagements Designed for enterprise networks 150k+ Deployments aren’t unheard of Boasts many features that your commercial EDR has, and a few more Flexible querying language that can adapt to new threats and encourages...
CVE-2023-44387
Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...
Unlock Broader Detections and Forensics with Velociraptor in Rapid7 XDR
Nearly 70% of companies that are breached are likely to get breached again within twelve months CPO. Effective remediation and addressing attacks at the root is key to staying ahead of threats and recurring breaches on the endpoint. Strong Digital Forensics and Incident Response DFIR ready to go...
com.github.mcollovati:quarkus-hilla (>=2.0.0 <=2.0.1), com.github.mcollovati:quarkus-hilla-deployment (>=2.0.0 <=2.0.1) +8 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-undertow (>=3.3.0 <=3.3.2)
io.quarkus:quarkus-undertow MAVEN version =3.3.0, =2.0.0, =2.0.0, =3.3.0, =3.3.0, =3.3.0, =3.3.2 Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...
0x.plugin.bom:zero-x-plugin-bom (>=0.0.10 <=1.1.0), app.ariadust.dendrobium:app.ariadust.dendrobium.gradle.plugin (>=1.0.0 <=1.0.4) +1543 more potentially affected by CVE-2023-4759 via org.eclipse.jgit:org.eclipse.jgit (>=6.0.0.202111291000-r <=6.6.0.202305301015-r)
org.eclipse.jgit:org.eclipse.jgit MAVEN version =6.0.0.202111291000-r, =0.0.10, =1.0.0, =1.0, =1.0, =2.0, =1.0, =1.0, =3.0, =3.0, =1.0, =3.26.0, =3.26.0, =4.27.0 and more Source cves: CVE-2023-4759https://vulners.co...
Z9 - PowerShell Script Analyzer
Abstract This tools detects the artifact of the PowerShell based malware from the eventlog of PowerShell logging. Online Demo Install git clone https://github.com/Sh1n0g1/z9 How to use usage: z9.py -h --output OUTPUT -s --no-viewer --utf8 input positional arguments: input Input file path options:...
Velociraptor 0.7.0 Release: Dig Deeper With Enhanced Client Search, Server Improvements and Expanded VQL Library
Carlos Canto contributed to this article. Rapid7 is thrilled to announce version 0.7.0 of Velociraptor is now LIVE and available for download. The focus of this release was on improving user efficiency while also expanding and strengthening the library of VQL plug-ins and artifacts. Let’s take a...
Jorani Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated remote code execution vulnerability in Jorani versions prior to 1.0.2. It abuses log poisoning and redirection bypass via header spoofing and then it uses path traversal to trigger the vulnerability. It has been tested on Jorani 1.0.0. This modul...
Join us for VeloCON 2023: Digging Deeper Together!
September 13, 2023 at 9 am ET Rapid7 is thrilled to announce that the 2nd annual VeloCON: Digging Deeper Together virtual summit will be held this September 13th at 9 am ET. Once again, the conference will be online and completely free! VeloCON is a one-day event focused on the Velociraptor...