CERT-UA Warns of New Vermin-Linked Phishing Attacks with PoW Bait

The Computer Emergency Response Team of Ukraine CERT-UA has warned of new phishing attacks that aim to infect devices with malware. The activity has been attributed to a threat cluster it tracks as UAC-0020, which is also known as Vermin. The exact scale and scope of the attacks are presently...

Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware

Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called AnvilEcho. Enterprise security company Proofpoint is tracking the...

New Malware Hits 300,000 Users with Rogue Chrome and Edge Extensions

An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software. "The trojan malware contains different deliverables ranging from simple adware extensions that hijack...

The vulnerability of the PowerShell command line interface on Windows operating systems, which allows attackers to exploit their privileges

The vulnerability of the PowerShell command line interface on Windows operating systems is related to insufficient validation of entered data. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of the PowerShell command line interface on Windows operating systems, which allows attackers to exploit their privileges

The vulnerability of the PowerShell command line interface on Windows operating systems is related to insufficient validation of entered data. Exploiting this vulnerability can allow an attacker to gain increased privileges...

The vulnerability of the PowerShell command line interface on Windows operating systems, which allows attackers to exploit their privileges

The vulnerability of the PowerShell command line interface on Windows operating systems is related to insufficient validation of entered data. Exploiting this vulnerability can allow an attacker to gain increased privileges...

CVE-2024-23464

In certain cases, Zscaler Internet Access ZIA can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows 4.2.1...

CVE-2024-23464

In certain cases, Zscaler Internet Access ZIA can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows 4.2.1...

CVE-2024-23464 Zscaler bypass with administrative privileges on Windows

In certain cases, Zscaler Internet Access ZIA can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows 4.2.1...

CVE-2024-23464

CVE-2024-23464 affects Zscaler Client Connector on Windows prior to 4.2.1. The issue is described as improper preservation of permissions, enabling an attacker with admin rights to run PowerShell commands that can disable Zscaler Internet Access (ZIA) covered by the affected client. The vulnerabi...

CVE-2024-23464 Zscaler bypass with administrative privileges on Windows

In certain cases, Zscaler Internet Access ZIA can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows 4.2.1...

With the PVS console installed, PowerShell cmdlets targeting On-Prem DDCs prompt for cloud login

On a server with the PVS console installed, executing CVAD cmdlets targeting on-prem DDCs e.g. Get-BrokerSite -AdminAddress will encounter popups prompting for Citrix Cloud sign-on...

Zscaler Client Connector 安全漏洞

Zscaler Client Connector is a lightweight agent from Zscaler, Inc. A security vulnerability exists in Zscaler Client Connector versions prior to 4.2.1, which stems from the fact that it can be disabled via a PowerShell command with administrator privileges...

Microsoft PowerShell Reference for Office Products officedocs-cdn Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerShell Reference for Office Products. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of PowerShell Reference for Office...

Microsoft PowerShell Gallery psg-prod-centralus Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft PowerShell Gallery. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of PowerShell Gallery. When installed from the official...

APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack

A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos. The unnamed organization was targeted as early as mid-July 2023 to deliver a...

Detecting evolving threats: NetSupport RAT campaign

Cisco Talos is actively tracking multiple malware campaigns that utilize NetSupport RAT for persistent infections. These campaigns evade detection through obfuscation and updates. Snort can provide a strong defense before this malware reaches endpoints. In this first Deep Dive with NTDR, we explo...

OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script

Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script. "This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising...

OneDrive Pastejacking

OneDrive Pastejacking: The crafty phishing and downloader campaign By Rafael Pena · July 29, 2024 Over the past few weeks, the Trellix Advanced Research Center has observed a sophisticated Phishing/downloader campaign targeting Microsoft OneDrive users. This campaign heavily relies on social...

Photon OS 3.0: Powershell PHSA-2024-3.0-0717

An update of the powershell package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2024-3.0-0717. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...