OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf

The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. "The group utilizes sophisticated tactics that include deploying a...

Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw

Cybersecurity researchers are warning about active exploitation attempts targeting a newly disclosed security flaw in Synacor's Zimbra Collaboration. Enterprise security firm Proofpoint said it began observing the activity starting September 28, 2024. The attacks seek to exploit CVE-2024-45519, a...

DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe

A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization SEO rank manipulation. The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimolog...

DragonRank, a Chinese-speaking SEO manipulator service provider

Key Takeaways Cisco Talos is disclosing a new threat called "DragonRank" that primarily targets countries in Asia and a few in Europe, operating PlugX and BadIIS for search engine optimization SEO rank manipulation. DragonRank exploits targets' web application services to deploy a web shell and...

Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East

Unnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023. "Sighting this group's Tactics, Techniques, and Procedures in critical governmental entities in the Middle East,...

Tropic Trooper spies on government entities in the Middle East

Executive summary Tropic Trooper also known as KeyBoy and Pirate Panda is an APT group active since 2011. This group has traditionally targeted sectors such as government, healthcare, transportation and high-tech industries in Taiwan, the Philippines and Hong Kong. Our recent investigation has...

MAL-2024-8788 Malicious code in nginerrer-web-shell (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cebffceb78bdb2f84e42e92350d51334a89f0f543977e469c226c40ca2601117 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-8330

6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server...

CVE-2024-8330

CVE-2024-8330 affects Gether Technology’s 6SHR System. Multiple connected sources (NVD, CVE listing, CNNVD, PT- security) confirm an improper validation of uploaded file types, enabling remote attackers with regular privileges to upload web shell scripts and execute arbitrary system commands on t...

PT-2024-38945 · Gether Technology · 6Shr System

Name of the Vulnerable Software and Affected Versions: 6SHR system from Gether Technology affected versions not specified Description: The 6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scrip...

Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors

The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day exploitation of a recently disclosed high-severity security flaw impacting Versa Director. The attacks targeted four U.S. victims and one non-U.S. victim in the Internet...

Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo_Lms

CVE-2023-4220 Python exploit for Chamilo Unrestricted File Upl...

APT41 Hackers Use ShadowPad, Cobalt Strike in Taiwanese Institute Cyber Attack

A Taiwanese government-affiliated research institute that specializes in computing and associated technologies was breached by nation-state threat actors with ties to China, according to new findings from Cisco Talos. The unnamed organization was targeted as early as mid-July 2023 to deliver a...

GHSA-G872-JWWR-VGGM Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...

Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...

Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment

Description: Remote Code Execution Vulnerability has been identified in the Message module of the Admidio Application, where it is possible to upload a PHP file in the attachment. The uploaded file can be accessed publicly through the URL admidiobaseurl/admmyfiles/messagesattachments/filename. Th...

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

Summary The U.S. Federal Bureau of Investigation FBI and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea DPRK’s Reconnaissance General Bureau RGB 3rd Bureau based in Pyongyan...

Exploit for Unrestricted Upload of File with Dangerous Type in Chamilo Chamilo_Lms

CVE-2023-4220 POC More about CVE-2023-4220: StarLabs Advisor...

CVE-2024-37420

Unrestricted Upload of File with Dangerous Type vulnerability in WPZita Zita Elementor Site Library allows Upload a Web Shell to a Web Server.This issue affects Zita Elementor Site Library: from n/a through 1.6.1...

CVE-2024-37418

Unrestricted Upload of File with Dangerous Type vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.4.6...