3093 matches found
PT-2023-26992 · Unknown · Cryptomator
Name of the Vulnerable Software and Affected Versions: Cryptomator version 1.9.2 Description: Cryptomator encrypts data being stored on cloud infrastructure. The issue allows local privilege escalation for low privileged users via the repair function. This occurs because the repair function of th...
CVE-2020-10962
In PowerShell App Deployment Toolkit aka PSAppDeployToolkit through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via local access...
Design/Logic Flaw
In PowerShell App Deployment Toolkit aka PSAppDeployToolkit through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2020-10962
In PowerShell App Deployment Toolkit aka PSAppDeployToolkit through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2020-10962
In PowerShell App Deployment Toolkit aka PSAppDeployToolkit through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via local access...
PowerShell App Deployment Toolkit Security Vulnerability
PowerShell App Deployment Toolkit is a versatile, reusable and extensible tool replacement for WiseScript, VBScript and Batch wrapper scripts from the PowerShell App Deployment Toolkit team. A security vulnerability exists in PowerShell App Deployment Toolkit 3.8.0 and prior versions, which stems...
CVE-2020-10962
Summary: CVE-2020-10962 affects PowerShell App Deployment Toolkit (PSAppDeployToolkit) up to version 3.8.0. Vulnerability: an incorrect access control in the default configuration could let an authenticated user locally escalate privileges. Impact: local privilege escalation; details on exploitab...
PT-2023-11450 · Microsoft · Powershell App Deployment Toolkit
Name of the Vulnerable Software and Affected Versions: PowerShell App Deployment Toolkit versions prior to 3.8.1 Description: The issue is related to an incorrect access control vulnerability in the default configuration, which may allow an authenticated user to potentially enable escalation of...
Old Loader, New Threat: Exploring XWorm RAT's Distribution and Tactics
Old Loader, New Threat: Exploring XWorm RAT's Distribution and Tactics By Pratik Pachpor and Adarsh S · July 31, 2023 Executive Summary: In March-April 2023, we detected a malicious email campaign delivering .Net based XWorm RAT in which embedded blogspot.com URLs were used as an entry point. Thi...
GreenShot 1.2.10 Arbitrary Code Execution
Exploit Title: GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution Date: 26/07/2023 Exploit Author: p4r4bellum Vendor Homepage: https://getgreenshot.org Software Link: https://getgreenshot.org/downloads/ Version: 1.2.6.10 Tested on: windows 10.0.19045 N/A build 19045 CVE :...
Hackers Abusing Windows Search Feature to Install Remote Access Trojans
A legitimate Windows search feature is being exploited by unknown malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT. The novel attack technique, per Trellix, takes advantage of the...
Turla Exploits Ukraine’s Defense Sector with DeliveryCheck Backdoor
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DeliveryCheck, a .NET-based backdoor, targets Ukraines defense sector, attributed to Russian actor Turla; it aims to exfiltrate Signal app data. Notably, it breaches Microsoft Exchange servers using...
Turla's New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector
The defense sector in Ukraine and Eastern Europe has been targeted by a novel .NET-based backdoor called DeliveryCheck aka CAPIBAR or GAMEDAY that's capable of delivering next-stage payloads. The Microsoft threat intelligence team, in collaboration with the Computer Emergency Response Team of...
How to Send a Test Email Notification Using PowerShell
This article documents a method for sending a simple email via PowerShell...
Exploit for Race Condition in Microsoft
CVE-2023-36884-Checker Script to check for CVE-2023-36884 har...
CERT-UA Uncovers Gamaredon's Rapid Data Exfiltration Tactics Following Initial Compromise
The Russia-linked threat actor known as Gamaredon has been observed conducting data exfiltration activities within an hour of the initial compromise. "As a vector of primary compromise, for the most part, emails and messages in messengers Telegram, WhatsApp, Signal are used, in most cases, using...
PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland
Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns designed to steal sensitive data and gain persistent remote access to the infected systems. The intrusion set, which stretches from April 2022 to July 2023,...
Exploit for Race Condition in Microsoft
This is a PoC exploit for CVE-2023-36884, a vulnerability in Mic...
Iranian Hackers Using POWERSTAR Backdoor in Targeted Espionage Attacks
Charming Kitten, the nation-state actor affiliated with Iran's Islamic Revolutionary Guard Corps IRGC, has been attributed to a bespoke spear-phishing campaign that delivers an updated version of a fully-featured PowerShell backdoor called POWERSTAR. "There have been improved operational security...
Black Basta ransomware
What is Black Basta ransomware? Black Basta is a threat group that provides ransomware-as-a-service RaaS. The service is maintained by dedicated developers and is a highly efficient and professionally run operation; theres a TOR website that provides a victim login portal, a chat room, and a wall...