Moderate Photon OS Security Update - PHSA-2023-5.0-0180

Updates of 'powershell' packages of Photon OS have been released...

UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware

The threat actor known as UAC-0099 has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called LONEPAGE. "The threat actor targets Ukrainian employees working for companies outside of Ukraine,"...

Imperva Detects Undocumented 8220 Gang Activities

Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and Linux web servers with cryptojacking malware. In...

Microsoft PowerShell Information Disclosure Vulnerability (Dec 2023) - Windows

This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2023-36013. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Microsoft PowerShell Information Disclosure Vulnerability (Dec 2023) - Linux

This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2023-36013. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Error: Provisioning Scheme already has another task running in PowerShell

NOTE : This article contains information about removing virtual machines in bulk directly from PowerShell Removing multiple virtual machines at a time can be done using Remove-ProvVM but if not done with the correct syntax, it will generate errors indicating that the provisioning scheme already h...

Microsoft PowerShell Information Disclosure Vulnerability (Dec 2023) - Linux

This host is missing an important security update for PowerShell Core according to Microsoft security advisory CVE-2023-36013. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

New MrAnon Stealer Malware Targeting German Users via Booking-Themed Scam

A phishing campaign has been observed delivering an information stealer malware called MrAnon Stealer to unsuspecting victims via seemingly benign booking-themed PDF lures. "This malware is a Python-based information stealer compressed with cx-Freeze to evade detection," Fortinet FortiGuard Labs...

Douglas-042 - Powershell Script To Help Speed ​​Up Threat Hunting Incident Response Processes

DOUGLAS-042 stands as an ingenious embodiment of a PowerShell script meticulously designed to expedite the triage process and facilitate the meticulous collection of crucial evidence derived from both forensic artifacts and the ephemeral landscape of volatile data. Its fundamental mission revolve...

Tater

It is an offensive tool for Windows Privilege Escalation. The primary CVE ID is not explicitly mentioned, but the tool is based on the Hot Potato Windows Privilege Escalation exploit, which is a known vulnerability. The target product/service is Windows, and the vulnerability class/vector is...

Microsoft Defender Anti-Malware PowerShell API Arbitrary Code Execution Vulnerability

Microsoft Defender API and PowerShell APIs suffer from an arbitrary code execution due to a flaw in powershell not handling user provided input that contains a semicolon. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

Microsoft Defender Anti-Malware PowerShell API Arbitrary Code Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFTDEFENDERANTIMALWAREPOWERSHELLAPIUNINTENDEDCODEEXECUTION.txt + twitter.com/hyp3rlinx + x.com/hyp3rlinx + ISR: ApparitionSec Vendor www.microsoft.com Product Windows...

The vulnerability of the PowerShell command interpreter for Windows operating systems allows attackers to exploit it to disclose sensitive information.

The vulnerability of PowerShell command interpreters on Windows operating systems is related to authentication process errors. Exploiting this vulnerability can allow a malicious actor to disclose sensitive information remotely...

Microsoft Incident Response lessons on preventing cloud identity compromise

Microsoft observed a surge in cyberattacks targeting identities in 2023, with attempted password-based attacks increasing by more than tenfold in the first quarter of 2023 compared to the same period in 2022. Threat actors leverage compromised identities to achieve a significant level of access t...

Microsoft PowerShell Installed (macOS)

Binary data microsoftpowershellmacosinstalled.nbin...

Microsoft PowerShell 7.2.x < 7.2.17 / 7.3.x < 7.3.10 / 7.4.x < 7.4.0 Information Disclosure (macOS)

The version of Microsoft PowerShell installed on the remote macOS host is 7.2.x prior to 7.2.17, 7.3.x prior to 7.3.10 or 7.4.x prior to 7.4.0. It is, therefore, affected by an information disclosure vulnerability. According to the Microsoft Security Advisory, there exists an unspecified error ca...

MaccaroniC2 - A PoC Command And Control Framework That Utilizes The Powerful AsyncSSH

MaccaroniC2 is a proof-of-concept Command and Control framework that utilizes the powerful AsyncSSH Python library which provides an asynchronous client and server implementation of the SSHv2 protocol and use PyNgrok wrapper for ngrok integration. This tool is inspired for a specific scenario whe...

CVE-2023-49213

The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1...

CVE-2023-49213

The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1...

Design/Logic Flaw

The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1...