Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via a.getProcessPortId. PoC var a = require"kill-process-occupying-port"; a.getProcessPortId"& touch JHU "; Remediation There is no fixed version for kill-process-on-port. Credit: JHU System Security Lab...

Three Kingdoms Online (Windows Client) suffers from dll hijacking vulnerability

Three Kingdoms Online is a card game. Three Kingdoms Kill Online Windows client suffers from a dll hijacking vulnerability, which can be exploited by attackers to load a malicious dll and execute malicious code...

openSUSE Security Update : podman (openSUSE-2020-2039)

This update for podman fixes the following issues : Security issue fixed : - This release resolves CVE-2020-14370, in which environment variables could be leaked between containers created using the Varlink API bsc1176804. Non-security issues fixed : - add dependency to timezone package or podman...

Manuka - A Modular OSINT Honeypot For Blue Teamers

Manuka is an Open-source intelligence OSINT honeypot that monitors reconnaissance attempts by threat actors and generates actionable intelligence for Blue Teamers. It creates a simulated environment consisting of staged OSINT sources, such as social media profiles and leaked credentials, and trac...

CVE-2020-15590

A vulnerability in the Private Internet Access PIA VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. Th...

CVE-2020-15590

A vulnerability in the Private Internet Access PIA VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. Th...

Design/Logic Flaw

A vulnerability in the Private Internet Access PIA VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. Th...

CVE-2020-15590

CVE-2020-15590 affects the Private Internet Access (PIA) VPN Client for Linux (1.5–2.3+). The underlying issue is that when the VPN kill switch blocks all inbound/outbound traffic, privileged processes can still send/receive traffic if net.ipv4.ip_forward is enabled, enabling leakage of the host ...

CVE-2020-15590

A vulnerability in the Private Internet Access PIA VPN Client for Linux 1.5 through 2.3+ allows remote attackers to bypass an intended VPN kill switch mechanism and read sensitive information via intercepting network traffic. Since 1.5, PIA has supported a “split tunnel” OpenVPN bypass option. Th...

@angular-devkit/build-angular (>=0.8.8 <=0.900.0-rc.8), @apployees-nx/node (>=0.0.1 <=0.0.21) +188 more potentially affected by CVE-2019-15599 via tree-kill (>=0.0.6 <=1.2.1)

tree-kill NPM version =0.0.6, =0.8.8, =0.0.1, =0.0.1-alpha.1, =1.2.2, =6.0.0, =0.0.1, =0.0.1, =2.0.0-beta.22, =2.0.0-beta.1, =1.0.0, =0.0.1, =0.2.0, =7.0.2 and more Source cves: CVE-2019-15599 Source advisory: OSV:GHSA-884P-74JH-XRG2...

Command Injection in tree-kill

Versions of tree-kill prior to 1.2.2 are vulnerable to Command Injection. The package fails to sanitize values passed to the kill function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems. Recommendation Upgra...

GHSA-884P-74JH-XRG2 Command Injection in tree-kill

Versions of tree-kill prior to 1.2.2 are vulnerable to Command Injection. The package fails to sanitize values passed to the kill function. If this value is user-controlled it may allow attackers to run arbitrary commands in the server. The issue only affects Windows systems. Recommendation Upgra...

Killchain - A Unified Console To Perform The "Kill Chain" Stages Of Attacks

What is “Kill Chain”? From Wikipedia: The term kill chain was originally used as a military concept related to the structure of an attack; consisting of target identification, force dispatch to target, decision, order to attack the target, and finally the destruction of the target. Reconnaissance...

Researchers Exploited A Bug in Emotet to Stop the Spread of Malware

Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch and prevent the malware from infecting systems for six months. "Most of the vulnerabilities and exploits th...

Researchers Exploited A Bug in Emotet to Stop the Spread of Malware

Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch and prevent the malware from infecting systems for six months. "Most of the vulnerabilities and exploits th...

Black Hat 2020: Influence Campaigns Are a Cybersecurity Problem

Social media used as a cudgel for nation-states to sway opinion is a cybersecurity threat CISOs can’t ignore — and need to understand better and mitigate against. That’s the message from Renée DiResta, research manager at the Stanford Internet Observatory, who said she is seeing a steady growth a...

Financially Motivated Actors Are Expanding Access Into OT: Analysis of Kill Lists That Include OT Processes Used With Seven Malware Families

Mandiant Threat Intelligence has researched and written extensively on the increasing financially motivated threat activity directly impacting operational technology OT networks. Some of this research is available in our previous blog posts on industrial post-compromise ransomware and FireEye's...

cri-o: infra container reparented to systemd following OOM Killer killing it's conmon

A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management conmon processes being killed if a workload process triggers an out-of-memory OOM condition for the cgroup. An attacker could abuse this flaw to get...

CVE-2020-14974

The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes even ones running as SYSTEM that hold a handle, via IOCTL code 0x222124...

Code injection

The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes even ones running as SYSTEM that hold a handle, via IOCTL code 0x222124...