Lucene search
K

941 matches found

Github Security Blog
Github Security Blog
added 2024/01/19 10:12 p.m.17 views

Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry

Impact An external actor with control of a compromised container registry can provide outdated versions of OCI artifacts, such as Images. This could lead artifact consumers with relaxed trust policies such as permissive instead of strict to potentially use artifacts with signatures that are no...

6.8CVSS7.1AI score0.00288EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2024/01/19 12:0 a.m.4 views

Notary Project Specifications Security Vulnerabilities

Notary Project Specifications is a repository for the Notary Project. A security vulnerability exists in Notary Project Specifications that stems from the use of artifacts whose signatures are no longer valid...

6.8CVSS6.8AI score0.00288EPSS
Exploits0References3
Rapid7 Blog
Rapid7 Blog
added 2023/12/29 3:52 p.m.5 views

Velociraptor 0.7.1 Release

Written by Dr. Michael Cohen Sigma Support, ETW Multiplexing, Local Encrypted Storage and New VQL Capabilities Highlight the Last Release of 2023 Rapid7 is excited to announce that version 0.7.1 of Velociraptor is live and available for download. There are several new features and capabilities th...

6AI score
Exploits0
Circl
Circl
added 2023/12/29 4:26 a.m.4 views

CVE-2023-23437

creationtimestamp| type| source ---|---|--- 2023-12-29 04:26:27+00:00| seen| https://t.me/ctinow/160310 2024-01-20 19:51:19+00:00| seen| https://t.me/ctinow/170707 2024-11-01 10:35:44+00:00| seen| https://t.me/cibsecurity/73872...

5.5CVSS5.5AI score0.00166EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2023/12/20 8:10 a.m.48 views

New Go-Based JaskaGO Malware Targeting Windows and macOS Systems

A new Go-based information stealer malware called JaskaGO has emerged as the latest cross-platform threat to infiltrate both Windows and Apple macOS systems. AT&T Alien Labs, which made the discovery, said the malware is "equipped with an extensive array of commands from its command-and-control C...

6.9AI score
Exploits0
Kitploit
Kitploit
added 2023/12/11 11:30 a.m.42 views

Douglas-042 - Powershell Script To Help Speed ​​Up Threat Hunting Incident Response Processes

DOUGLAS-042 stands as an ingenious embodiment of a PowerShell script meticulously designed to expedite the triage process and facilitate the meticulous collection of crucial evidence derived from both forensic artifacts and the ephemeral landscape of volatile data. Its fundamental mission revolve...

7.1AI score
Exploits0References2
Kitploit
Kitploit
added 2023/11/23 11:30 a.m.31 views

ICS-Forensics-Tools - Microsoft ICS Forensics Framework

Microsoft ICS Forensics Tools is an open source forensic framework for analyzing Industrial PLC metadata and project files. it enables investigators to identify suspicious artifacts on ICS environment for detection of compromised devices during incident response or manual check. open source...

7.2AI score
Exploits0References2
CNNVD
CNNVD
added 2023/11/15 12:0 a.m.4 views

Quarkus Security Vulnerabilities

Quarkus is a cloud-native Linux container-first framework for writing Java applications. A security vulnerability exists in Quarkus that stems from not properly cleaning artifacts created using the Gradle plugin, which allows for the retention of certain build system information, allowing an...

7.7CVSS6.5AI score0.00815EPSS
Exploits0References3
OSV
OSV
added 2023/10/26 12:15 a.m.3 views

CVE-2023-46668

If Elastic Endpoint v7.9.0 - v8.10.3 is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect and send those logs to Elasticsearch, then Elastic Agent API keys can be viewed in Elasticsearch in...

9.1CVSS7.4AI score0.00348EPSS
Exploits0References2
NVD
NVD
added 2023/10/25 6:17 p.m.17 views

CVE-2023-46655

Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...

6.5CVSS7AI score0.01159EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/10/25 1:45 p.m.15 views

CVE-2023-46655

Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build step, allowing attackers able to configure jobs to publish arbitrary files from the Jenkins...

7.2AI score0.01159EPSS
Exploits0References2
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/10/12 5:8 a.m.95 views

Using Velociraptor for large-scale endpoint visibility and rapid threat hunting

TL;DR Network-wide collection, acquisition and monitoring tool for use in DFIR engagements Designed for enterprise networks 150k+ Deployments aren’t unheard of Boasts many features that your commercial EDR has, and a few more Flexible querying language that can adapt to new threats and encourages...

7.1AI score
Exploits0
AlpineLinux
AlpineLinux
added 2023/10/05 6:15 p.m.28 views

CVE-2023-44387

Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to...

6.5CVSS6.8AI score0.0021EPSS
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/09/29 1:0 p.m.13 views

Unlock Broader Detections and Forensics with Velociraptor in Rapid7 XDR

Nearly 70% of companies that are breached are likely to get breached again within twelve months CPO. Effective remediation and addressing attacks at the root is key to staying ahead of threats and recurring breaches on the endpoint. Strong Digital Forensics and Incident Response DFIR ready to go...

7AI score
Exploits0
vulnersOsv
vulnersOsv
added 2023/09/20 12:30 p.m.5 views

com.github.mcollovati:quarkus-hilla (>=2.0.0 <=2.0.1), com.github.mcollovati:quarkus-hilla-deployment (>=2.0.0 <=2.0.1) +8 more potentially affected by CVE-2023-4853 via io.quarkus:quarkus-undertow (>=3.3.0 <=3.3.2)

io.quarkus:quarkus-undertow MAVEN version =3.3.0, =2.0.0, =2.0.0, =3.3.0, =3.3.0, =3.3.0, =3.3.2 Source cves: CVE-2023-4853 Source advisory: OSV:GHSA-4F4R-WGV2-JJVG...

8.1CVSS7.2AI score0.01215EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2023/09/18 3:30 p.m.5 views

0x.plugin.bom:zero-x-plugin-bom (>=0.0.10 <=1.1.0), app.ariadust.dendrobium:app.ariadust.dendrobium.gradle.plugin (>=1.0.0 <=1.0.4) +1543 more potentially affected by CVE-2023-4759 via org.eclipse.jgit:org.eclipse.jgit (>=6.0.0.202111291000-r <=6.6.0.202305301015-r)

org.eclipse.jgit:org.eclipse.jgit MAVEN version =6.0.0.202111291000-r, =0.0.10, =1.0.0, =1.0, =1.0, =2.0, =1.0, =1.0, =3.0, =3.0, =1.0, =3.26.0, =3.26.0, =4.27.0 and more Source cves: CVE-2023-4759https://vulners.co...

8.8CVSS7.3AI score0.01884EPSS
Exploits0
Kitploit
Kitploit
added 2023/09/15 11:30 a.m.26 views

Z9 - PowerShell Script Analyzer

Abstract This tools detects the artifact of the PowerShell based malware from the eventlog of PowerShell logging. Online Demo Install git clone https://github.com/Sh1n0g1/z9 How to use usage: z9.py -h --output OUTPUT -s --no-viewer --utf8 input positional arguments: input Input file path options:...

7.3AI score
Exploits0References10
Rapid7 Blog
Rapid7 Blog
added 2023/08/31 1:0 p.m.14 views

Velociraptor 0.7.0 Release: Dig Deeper With Enhanced Client Search, Server Improvements and Expanded VQL Library

Carlos Canto contributed to this article. Rapid7 is thrilled to announce version 0.7.0 of Velociraptor is now LIVE and available for download. The focus of this release was on improving user efficiency while also expanding and strengthening the library of VQL plug-ins and artifacts. Let’s take a...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/08/21 12:0 a.m.719 views

Jorani Remote Code Execution Exploit

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Jorani versions prior to 1.0.2. It abuses log poisoning and redirection bypass via header spoofing and then it uses path traversal to trigger the vulnerability. It has been tested on Jorani 1.0.0. This modul...

9.8CVSS8.2AI score0.81918EPSS
Exploits5
Rapid7 Blog
Rapid7 Blog
added 2023/08/17 4:6 p.m.20 views

Join us for VeloCON 2023: Digging Deeper Together!

September 13, 2023 at 9 am ET Rapid7 is thrilled to announce that the 2nd annual VeloCON: Digging Deeper Together virtual summit will be held this September 13th at 9 am ET. Once again, the conference will be online and completely free! VeloCON is a one-day event focused on the Velociraptor...

6.8AI score
Exploits0
Rows per page
Query Builder