16 matches found
CVE-2026-42171
NSIS Nullsoft Scriptable Install System 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges if they can cause myGetTempFileName to return 0, as shown in the references...
EUVD-2024-0997
Malicious code in bioql PyPI...
CVE-2024-27303
electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh...
Handala’s Wiper Targets Israel
Handala’s Wiper Targets Israel By Tomer Shloman · July 26, 2024 This blog was also written by Mathanraj Thangaraju and Max Kersten CrowdStrike’s Falcon agent caused downtime for millions of computers across the globe beginning July 19. This event caused panic and chaos, which threat actors quickl...
CVE-2024-27303 electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)
electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh...
CVE-2024-27303 electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)
electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh...
CVE-2024-27303
The CVE-2024-27303 vulnerability affects electron-builder’s NSIS installer prior to 24.13.2 on Windows. The NSIS installer runs NSExec, which by default searches the install folder before PATH. If an attacker places a malicious cmd.exe in the same folder as the installer, that executable can be e...
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)
Impact Windows-Only: The NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh installer script. NSExec by default searches the current directory of where the installer is located before searching PATH. This means that if an attacker can place a malicious executable file named...
GHSA-R4PF-3V7R-HH55 electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)
Impact Windows-Only: The NSIS installer makes a system call to open cmd.exe via NSExec in the .nsh installer script. NSExec by default searches the current directory of where the installer is located before searching PATH. This means that if an attacker can place a malicious executable file named...
Malvertising Campaign Targets Brazil's PIX Payment System with GoPIX Malware
The popularity of Brazil's PIX instant payment system has made it a lucrative target for threat actors looking to generate illicit profits using a new malware called GoPIX. Kaspersky, which has been tracking the active campaign since December 2022, said the attacks are pulled off using malicious...
SupremeBot and Mario cross the finish line together
Researchers have reported how popular game installers like Super Mario Games are being used to deliver malware. The malicious components include cryptominers, the SupremeBot mining client, and the open-source Umbral stealer. The game installers route offers some very distinct advantages to the...
Revisiting the NSIS-based crypter
This blog post was authored by hasherezade NSIS Nullsoft Scriptable Install System is a framework dedicated to creating software installers. It allows to bundle various elements of an application together i.e. the main executable, used DLLs, configs, along with a script that controls where are th...
RATicate Group Hits Industrial Firms With Revolving Payloads
Researchers have unearthed a new cybercrime group, RATicate, which is behind several waves of malspam attacks targeting industrial companies with various information-stealing payloads – from LokiBot to Agent Tesla. At least six separate campaigns have been tied to RATicate, with the first wave...
Holy water: ongoing targeted water-holing attack in Asia
On December 4, 2019, we discovered watering hole websites that were compromised to selectively trigger a drive-by download attack with fake Adobe Flash update warnings. This campaign has been active since at least May 2019, and targets an Asian religious and ethnic group. The threat actor's...
Pbot: evolving adware
The adware PBot PythonBot got its name because its core modules are written in Python. It was more than a year ago that we detected the first member of this family. Since then, we have encountered several modifications of the program, one of which went beyond adware by installing and running a...
US Government Site Was Hosting Ransomware
As recently as Wednesday afternoon, a U.S. government website was hosting a malicious JavaScript downloader that led victims to installations of Cerber ransomware. Researcher Ankit Anubhav of NewSky Security tweeted the discovery Wednesday, and within hours, the malware link was taken down. It’s...