AjaxPro Deserialization Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AjaxPro Deserialization Remote Code Execution', 'Description' = %q This module leverages an insecure deserialization of data to get remote code...

How to check whether Citrix Licensing is in Grace Period using PowerShell?

This article describes how to use PowerShell cmdlets to check whether Citrix Licensing is in grace period and the number of hours remaining in the grace period...

Update now! SysAid vulnerability is actively being exploited by ransomware affiliate

Users of SysAid on-premises should take action to deal with a vulnerability. SysAid is a widely used IT service management solution that allows IT teams to manage tasks. Microsoft discovered an ongoing exploitation of a zero-day vulnerability in the SysAid IT support software in limited attacks b...

MuddyC2Go: New C2 Framework Iranian Hackers Using Against Israel

Iranian nation-state actors have been observed using a previously undocumented command-and-control C2 framework called MuddyC2Go as part of attacks targeting Israel. "The framework's web component is written in the Go programming language," Deep Instinct security researcher Simon Kenin said in a...

Dvenom - Tool That Provides An Encryption Wrapper And Loader For Your Shellcode

Double Venom DVenom is a tool that helps red teamers bypass AVs by providing an encryption wrapper and loader for your shellcode. Capable of bypassing some well-known antivirus AVs. Offers multiple encryption methods including RC4, AES256, XOR, and ROT. Produces source code in C, Rust, PowerShell...

Security Bulletin: IBM Personal Communications could allow a remote user to obtain sensitive information including user passwords, allowing unauthorized access. (CVE-2016-0321)

Summary IBM Personal Communications is susceptible to unauthorized access vulnerability when running on a compromised system by the victim opening a mail with a malicious attachment or visiting a malicious website. Malware could run with user privileges but not necessarily having access to the...

YoroTrooper: Researchers Warn of Kazakhstan's Stealthy Cyber Espionage Group

A relatively new threat actor known as YoroTrooper is likely made up of operators originating from Kazakhstan. The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani...

Broker and Central Config Service PowerShell commands failing when run on Cloud Connectors

When attempting to run PowerShell commands on Cloud Connectors, cmdlets may fail with the following error message: Unhandled exception has occurred in your application. If you click Continue, the application will ignore this error and attempt to continue. If you click Quit, the application will...

Exploit for Unprotected Alternate Channel in Rockwellautomation Allen-Bradley_Stratix_5200_Firmware

CVE-2023-20198-IOS-XE-Scanner Single threaded scanner for...

Stealer for PIX payment system, new Lumar stealer and Rhysida ransomware

Introduction As a cybersecurity company, Kaspersky is constantly dealing with known and brand-new malware samples. As part of our crimeware reporting service, we provide our customers with technical reports on the evolution of existing crimeware families, as well as newly emerging ones. In this...

Export apps setting and import by using PowerShell

Export apps setting from one delivery group and import to a different delivery group by using PowerShell...

Multiple State-Sponsored Groups Exploit WinRAR Vulnerability in Phishing Attacks

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A series of phishing attacks linked to a Russian state-sponsored group, leveraging a WinRAR vulnerability to steal data, including browser credentials via PowerShell commands and exfiltrating it through ...

Google TAG Detects State-Backed Threat Actors Exploiting WinRAR Flaw

A number of state-back threat actors from Russia and China have been observed exploiting a recent security flaw in the WinRAR archiver tool for Windows as part of their operations. The vulnerability in question is CVE-2023-38831 CVSS score: 7.8, which allows attackers to execute arbitrary code wh...

Clever malvertising attack uses Punycode to look like KeePass’s official website

Threat actors are known for impersonating popular brands in order to trick users. In a recent malvertising campaign, we observed a malicious Google ad for KeePass, the open-source password manager which was extremely deceiving. We previously reported on how brand impersonations are a common...

Discord: A Playground for Nation-State Hackers Targeting Critical Infrastructure

In what's the latest evolution of threat actors abusing legitimate infrastructure for nefarious ends, new findings show that nation-state hacking groups have entered the fray in leveraging the social platform for targeting critical infrastructure. Discord, in recent years, has become a lucrative...

Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign

Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems. "The attack involves the use of malicious archive files that exploit the recently discover...

Malicious NuGet Package Targeting .NET Developers with SeroXen RAT

A malicious package hosted on the NuGet package manager for the .NET Framework has been found to deliver a remote access trojan called SeroXen RAT. The package, named Pathoschild.Stardew.Mod.Build.Config and published by a user named Disti, is a typosquat of a legitimate package called...

#StopRansomware: AvosLocker Ransomware (Update)

Actions to take today to mitigate cyber threats from AvosLocker ransomware: 1. Securing remote access tools 2. Restricting RDP and other remote desktop services 3. Securing PowerShell and/or restrict usage 4. Update software to latest version and apply patching updates regularly...

Description of the security update for Microsoft Exchange Server 2019 and 2016: October 10, 2023 (KB5030877)

Description of the security update for Microsoft Exchange Server 2019 and 2016: October 10, 2023 KB5030877 This security update rollup resolves vulnerabilities in Microsoft Exchange Server. To learn more about these vulnerabilities, see the following Common Vulnerabilities and Exposures CVE:...

Progress Software WS_FTP Unauthenticated Remote Code Execution

This module exploits an unsafe .NET deserialization vulnerability to achieve unauthenticated remote code execution against a vulnerable WSFTP server running the Ad Hoc Transfer module. All versions of WSFTP Server prior to 2020.0.4 version 8.7.4 and 2022.0.2 version 8.8.2 are vulnerable to this...