Adobe ColdFusion Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe ColdFusion Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a remote unauthenticated deserialization of...

ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection

A significant number of victims in the consumer and enterprise sectors located across Australia, Japan, the U.S., and India have been affected by an evasive information-stealing malware called ViperSoftX. ViperSoftX was first documented by Fortinet in 2020, with cybersecurity company Avast...

ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection

A significant number of victims in the consumer and enterprise sectors located across Australia, Japan, the U.S., and India have been affected by an evasive information-stealing malware called ViperSoftX. ViperSoftX was first documented by Fortinet in 2020, with cybersecurity company Avast...

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the...

Microsoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware

Microsoft has confirmed that the active exploitation of PaperCut servers is linked to attacks that are designed to deliver Cl0p and LockBit ransomware families. The tech giant's threat intelligence team is attributing a subset of the intrusions to a financially motivated actor it tracks under the...

Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers

Print management software provider PaperCut said that it has "evidence to suggest that unpatched servers are being exploited in the wild," citing two vulnerability reports from cybersecurity company Trend Micro. "PaperCut has conducted analysis on all customer reports, and the earliest signature ...

Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers

Print management software provider PaperCut said that it has "evidence to suggest that unpatched servers are being exploited in the wild," citing two vulnerability reports from cybersecurity company Trend Micro. "PaperCut has conducted analysis on all customer reports, and the earliest signature ...

PowerMeUp - A Small Library Of Powershell Scripts For Post Exploitation That You May Need Or Use!

This is a powershell reverse shell that executes the commands and or scripts that you add to the powerreverse.ps1 file as well as a small library of Post-Exploitation scripts. This also can be used for post exploitation and lateral movement even. Please use at your own risk I am not and will not ...

Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered

The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. "The group is known for using a variety of sophisticated attack techniques, including custom malware, social...

Blind Eagle Cyber Espionage Group Strikes Again: New Attack Chain Uncovered

The cyber espionage actor tracked as Blind Eagle has been linked to a new multi-stage attack chain that leads to the deployment of the NjRAT remote access trojan on compromised systems. "The group is known for using a variety of sophisticated attack techniques, including custom malware, social...

Update Rollup 5 for System Center 2019 Operations Manager

Update Rollup 5 for System Center 2019 Operations Manager Introduction This article describes the new features and issues that are fixed in System Center Operations Manager 2019 Update Rollup 5. This article also contains the installation instructions for this update. For the list of features tha...

New QBot Banking Trojan Campaign Hijacks Business Emails to Spread Malware

A new QBot malware campaign is leveraging hijacked business correspondence to trick unsuspecting victims into installing the malware, new findings from Kaspersky reveal. The latest activity, which commenced on April 4, 2023, has primarily targeted users in Germany, Argentina, Italy, Algeria, Spai...

Living Off the Land (LOTL) attacks: Detecting ransomware gangs hiding in plain sight

Regular readers of our monthly ransomware review read our April edition here know that Ransomware-as-a-Service RaaS gangs have been making headlines globally with their disruptive attacks on organizations. Sometimes, though, its not enough to merely know about of the problem. In order to truly...

Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration

Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks. "Threat actors TAs using built-in data exfiltration methods like living off the...

Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration

Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks. "Threat actors TAs using built-in data exfiltration methods like living off the...

Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month,...

Cryptocurrency Stealer Malware Distributed via 13 NuGet Packages

Cybersecurity researchers have detailed the inner workings of the cryptocurrency stealer malware that was distributed via 13 malicious NuGet packages as part of a supply chain attack targeting .NET developers. The sophisticated typosquatting campaign, which was uncovered by JFrog late last month,...

Automating Citrix Probe Agent Installation and Configuration

Purpose This article contains instructions on using PowerShell to automate the installation and configuration of Citrix Probe Agent. The PowerShell script can be downloaded from this page. The same script can also be used to update the configured values for an existing installation of Probe Agent...

Provide Server 14.4 XSS / Cross Site Request Forgery / Code Execution

Provide Server v. 14.4 CVE-2023-23286 Vulnerabilities: CWE-79: Improper Neutralization of Input During Web Page Generation Unauthenticated stored XSS in server-log delivered via username field from login-form CWE-352: Cross-Site Request Forgery CSRF-token exposed in javascript, making it possible...

Hackers Using Self-Extracting Archives Exploit for Stealthy Backdoor Attacks

An unknown threat actor used a malicious self-extracting archive SFX file in an attempt to establish persistent backdoor access to a victim's environment, new findings from CrowdStrike show. SFX files are capable of extracting the data contained within them without the need for dedicated software...