Backdoor.Win32.AutoSpy.10 MVID-2024-0671 Remote Command Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/b012704cad2bae6edbd23135394b9127.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.AutoSpy.10 Vulnerability: Unauthenticated Remote Command Execution...

Announcing TotalCloud™ 2.0 with TruRisk™ Insights: The Future of Cloud and SaaS Security

Rapid cloud and SaaS adoption is driving digital transformation thats reshaping business agility and scalability, making cloud and SaaS security more critical than ever. Recognizing this shift, in November 2022, Qualys launched TotalCloud – an AI-powered cloud-native application protection platfo...

See List and kill current AAA VPN Session on the CLI

See and Kill current AAA Sessions...

Unveiling the Deceptive Dance: Phobos Ransomware Masquerading As VX-Underground

During a recent hunt, Qualys Threat Research has come across a ransomware family known as Phobos, impersonating VX-Underground. Phobos ransomware has been knocking on our door since early 2019 and is often seen being distributed via stolen Remote Desktop Protocol RDP connections. Strongly believe...

Modern Asian APT groups’ tactics, techniques and procedures (TTPs)

Almost every quarter, someone publishes major research focusing on campaigns or incidents that involve Asian APT groups. These campaigns and incidents target various organizations from a multitude of industries. Likewise, the geographic location of victims is not limited to just one region. This...

kernel: bpf: Skip task with pid=1 in send_signal_common()

In the Linux kernel, the following vulnerability has been resolved: bpf: Skip task with pid=1 in sendsignalcommon The following kernel panic can be triggered when a task with pid=1 attaches a prog that attempts to send killing signal to itself, also see 1 for more details: Kernel panic - not...

Mysterious Kill Switch Disrupts Mozi IoT Botnet Operations

The unexpected drop in malicious activity connected with the Mozi botnet in August 2023 was due to a kill switch that was distributed to the bots. "First, the drop manifested in India on August 8," ESET said in an analysis published this week. "A week later, on August 16, the same thing happened ...

PT-2023-18047 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a permissions bypass in the killBackgroundProcesses function of ActivityManagerService.java, which could allow escaping Google Play protection. This might lead to...

Rapid7 Delivers Visibility Across All 19 Steps of Attack in 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise

Over seven years ago, we set out to change the way that SOCs approach threat detection and response. With the introduction of InsightIDR, we wanted to address the false positives and snowballing complexity that was burning out analysts, deteriorating security posture, and inhibiting necessary...

canTot

This is a Python-based CLI framework called "canTot" that is designed for CAN Bus hacking and exploitation. It is similar to an exploit framework but focused on known CAN Bus vulnerabilities or "fun CAN Bus hacks." The framework is made up of several modules, each with its own specific...

CLSA-2023-1693427752 Update of alt-php

Jammy update: v5.15.97 upstream stable release LP: 2015599 - net: Remove WARNONONCEsk-skforwardalloc from skstreamkillqueues...

From Malvertising to Ransomware: A ThreatDown webinar recap

Our recent webinar From Malvertising to Ransomware highlight the clear connection between malvertising--the practice of embedding malicious code within legitimate online advertisements--and the epidemic of ransomware attacks affecting businesses globally. Presented by Mark Stockley, security...

CVE-2023-21254

In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

Deno 安全漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and is built with Rust. A security vulnerability exists in Deno 1.8.0 and earlier versions that exploits a vulnerability that allows a malicious program to clear the first two lines of the...

CVE-2023-27484

Summary : CVE-2023-27484 affects crossplane-runtime (Go libraries) used for building Kubernetes controllers in Crossplane stacks. A highly privileged user who can create or update Compositions can specify an arbitrarily high index in a patch’s ToFieldPath. If the index exceeds the current target ...

Malicious code in py-httpkill (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx d4040ea2543e53f0c4de6c1ca78eacdd14a78ebaf085175c2b6a63281b732c47 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

Amazon Linux AMI : kernel (ALAS-2023-1688)

The version of kernel installed on the remote host is prior to 4.14.262-135.486. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1688 advisory. 2024-04-30: CVE-2023-0047 was removed from this advisory rejected. 2024-02-01: CVE-2023-0047 was added to this...

SUSE CVE-2007-0474

Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4kkill."...

SUSE CVE-2009-1337

The exitnotify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAPKILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exitsignal field and then uses an exec system...

SUSE CVE-2009-1338

The killsomethinginfo function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary signals to all processes in all namespaces, via ...