Code injection

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...

CVE-2023-39520 Cryptomator vulnerable to Local Elevation of Privileges

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...

CVE-2023-39520 Cryptomator vulnerable to Local Elevation of Privileges

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...

PT-2023-26992 · Unknown · Cryptomator

Name of the Vulnerable Software and Affected Versions: Cryptomator version 1.9.2 Description: Cryptomator encrypts data being stored on cloud infrastructure. The issue allows local privilege escalation for low privileged users via the repair function. This occurs because the repair function of th...

CVE-2020-10962

In PowerShell App Deployment Toolkit aka PSAppDeployToolkit through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via local access...

Design/Logic Flaw

In PowerShell App Deployment Toolkit aka PSAppDeployToolkit through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2020-10962

In PowerShell App Deployment Toolkit aka PSAppDeployToolkit through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2020-10962

In PowerShell App Deployment Toolkit aka PSAppDeployToolkit through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via local access...

PowerShell App Deployment Toolkit Security Vulnerability

PowerShell App Deployment Toolkit is a versatile, reusable and extensible tool replacement for WiseScript, VBScript and Batch wrapper scripts from the PowerShell App Deployment Toolkit team. A security vulnerability exists in PowerShell App Deployment Toolkit 3.8.0 and prior versions, which stems...

CVE-2020-10962

Summary: CVE-2020-10962 affects PowerShell App Deployment Toolkit (PSAppDeployToolkit) up to version 3.8.0. Vulnerability: an incorrect access control in the default configuration could let an authenticated user locally escalate privileges. Impact: local privilege escalation; details on exploitab...

PT-2023-11450 · Microsoft · Powershell App Deployment Toolkit

Name of the Vulnerable Software and Affected Versions: PowerShell App Deployment Toolkit versions prior to 3.8.1 Description: The issue is related to an incorrect access control vulnerability in the default configuration, which may allow an authenticated user to potentially enable escalation of...

Old Loader, New Threat: Exploring XWorm RAT's Distribution and Tactics 

Old Loader, New Threat: Exploring XWorm RAT's Distribution and Tactics By Pratik Pachpor and Adarsh S · July 31, 2023 Executive Summary: In March-April 2023, we detected a malicious email campaign delivering .Net based XWorm RAT in which embedded blogspot.com URLs were used as an entry point. Thi...

GreenShot 1.2.10 Arbitrary Code Execution

Exploit Title: GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution Date: 26/07/2023 Exploit Author: p4r4bellum Vendor Homepage: https://getgreenshot.org Software Link: https://getgreenshot.org/downloads/ Version: 1.2.6.10 Tested on: windows 10.0.19045 N/A build 19045 CVE :...

Hackers Abusing Windows Search Feature to Install Remote Access Trojans

A legitimate Windows search feature is being exploited by unknown malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT. The novel attack technique, per Trellix, takes advantage of the...

Turla Exploits Ukraine’s Defense Sector with DeliveryCheck Backdoor

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary DeliveryCheck, a .NET-based backdoor, targets Ukraines defense sector, attributed to Russian actor Turla; it aims to exfiltrate Signal app data. Notably, it breaches Microsoft Exchange servers using...

Turla's New DeliveryCheck Backdoor Breaches Ukrainian Defense Sector

The defense sector in Ukraine and Eastern Europe has been targeted by a novel .NET-based backdoor called DeliveryCheck aka CAPIBAR or GAMEDAY that's capable of delivering next-stage payloads. The Microsoft threat intelligence team, in collaboration with the Computer Emergency Response Team of...

How to Send a Test Email Notification Using PowerShell

This article documents a method for sending a simple email via PowerShell...

Exploit for Race Condition in Microsoft

CVE-2023-36884-Checker Script to check for CVE-2023-36884 har...

CERT-UA Uncovers Gamaredon's Rapid Data Exfiltration Tactics Following Initial Compromise

The Russia-linked threat actor known as Gamaredon has been observed conducting data exfiltration activities within an hour of the initial compromise. "As a vector of primary compromise, for the most part, emails and messages in messengers Telegram, WhatsApp, Signal are used, in most cases, using...

PicassoLoader Malware Used in Ongoing Attacks on Ukraine and Poland

Government entities, military organizations, and civilian users in Ukraine and Poland have been targeted as part of a series of campaigns designed to steal sensitive data and gain persistent remote access to the infected systems. The intrusion set, which stretches from April 2022 to July 2023,...