Found 331 bookmarks
Custom sorting
PROPHET SPIDER Exploits Citrix ShareFile
PROPHET SPIDER Exploits Citrix ShareFile
At the start of 2022, CrowdStrike Intelligence and CrowdStrike Services investigated an incident in which PROPHET SPIDER exploited CVE-2021-22941 — a remote code execution (RCE) vulnerability impacting Citrix ShareFile Storage Zones Controller — to compromise a Microsoft Internet Information Services (IIS) web server. The adversary exploited the vulnerability to deploy a webshell that enabled the downloading of additional tools. This incident highlights how PROPHET SPIDER continues to evolve their tradecraft while continuing to exploit known web-server vulnerabilities.
#CrowdStrike#PROPHETSPIDER#EN#2022#CVE-2021-22941RCE#webshell#ShareFile#vulnerability#Citrix
·crowdstrike.com·
PROPHET SPIDER Exploits Citrix ShareFile
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
#CVE-2022-0847#dirtypipe#Linux#Kernel#arbitrary#privilege#escalation#vulnerability#EN#2022
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
Leaky Vessels flaws allow hackers to escape Docker, runc containers
Leaky Vessels flaws allow hackers to escape Docker, runc containers
Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system. The flaws were discovered by Snyk security researcher Rory McNamara in November 2023, who reported them to impacted parties for fixing. Snyk has found no signs of active exploitation of the Leaky Vessels flaws in the wild, but the publicity could change the exploitation status, so all impacted system admins are recommended to apply the available security updates as soon as possible.
#bleepingcomputer#EN#2024#Cloud#Container#Container-Escape#Docker#Leaky-Vessels#Vulnerability#CVE-2024-21626#CVE-2024-23651#CVE-2024-23652#CVE-2024-23653
·bleepingcomputer.com·
Leaky Vessels flaws allow hackers to escape Docker, runc containers
Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines
Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines
Malicious code hiding in seemingly innocent PyPI packages steals your passwords, crypto & more #attacks #breach #computer #cyber #data #hack #hacker #hacking #how #information #malware #network #news #ransomware #security #software #the #to #today #updates #vulnerability
#hacking#attacks#information#network#data#to#updates#malware#cyber#today#news#ransomware#breach#security#software#hack#the#hacker#how#computer#vulnerability
·thehackernews.com·
Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines
CVE-2024-21591 - Juniper J-Web OOB Write vulnerability
CVE-2024-21591 - Juniper J-Web OOB Write vulnerability
  • Juniper Networks recently patched a critical pre-authentication Remote Code Execution (RCE) vulnerability in the J-Web configuration interface across all versions of Junos OS on SRX firewalls and EX switches. Unauthenticated actors could exploit this vulnerability to gain root access or initiate Denial of Service (DoS) attacks on devices that have not been patched. Ensure your systems are updated promptly to mitigate this risk. Check for exposed J-Web configuration interfaces using this Censys Search query: services.software.uniform_resource_identifier: cpe:2.3:a:juniper:jweb:*:*:*:*:*:*:*:*. * As emphasized last year in CISA’s BOD 23-02 guidance, exposed network management interfaces continue to pose a significant risk. Restrict access to these interfaces from the public internet wherever possible.
#censys#EN#2024#CVE-2024-21591#Juniper#J-Web#OOB#vulnerability#RCE#exposed
·censys.com·
CVE-2024-21591 - Juniper J-Web OOB Write vulnerability
smith (CVE-2023-32434)
smith (CVE-2023-32434)
This write-up presents an exploit for a vulnerability in the XNU kernel: Assigned CVE-2023-32434. Fixed in iOS 16.5.1 and macOS 13.4.1. Reachable from the WebContent sandbox and might have been actively exploited. *Note that this CVE fixed multiple integer overflows, so it is unclear whether or not the integer overflow used in my exploit was also used in-the-wild. Moreover, if it was, it might not have been exploited in the same way. The exploit has been successfully tested on: iOS 16.3, 16.3.1, 16.4 and 16.5 (iPhone 14 Pro Max) macOS 13.1 and 13.4 (MacBook Air M2 2022) All code snippets shown below are from xnu-8792.81.2.
#Poulin-Bélanger#EN#2023#exploit#analysis#vulnerability#github#macos#ios#CVE-2023-32434
·github.com·
smith (CVE-2023-32434)
CVE-2022-35650 Analysis
CVE-2022-35650 Analysis
CVE-2022-35650 The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. This insufficient path checks results in arbitrary file read risk. This vulnerability allows a remote attacker to perform directory traversal attacks. The capability to access this feature is only available to teachers, managers and admins by default.
#Anna#0x1337#CVE-2022-35650#Analysis#Moodle#vulnerability#PHP
·0x1337.ninja·
CVE-2022-35650 Analysis
PROPHET SPIDER Exploits Citrix ShareFile
PROPHET SPIDER Exploits Citrix ShareFile
At the start of 2022, CrowdStrike Intelligence and CrowdStrike Services investigated an incident in which PROPHET SPIDER exploited CVE-2021-22941 — a remote code execution (RCE) vulnerability impacting Citrix ShareFile Storage Zones Controller — to compromise a Microsoft Internet Information Services (IIS) web server. The adversary exploited the vulnerability to deploy a webshell that enabled the downloading of additional tools. This incident highlights how PROPHET SPIDER continues to evolve their tradecraft while continuing to exploit known web-server vulnerabilities.
#CrowdStrike#PROPHETSPIDER#EN#2022#CVE-2021-22941RCE#webshell#ShareFile#vulnerability#Citrix
·crowdstrike.com·
PROPHET SPIDER Exploits Citrix ShareFile
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
#CVE-2022-0847#dirtypipe#Linux#Kernel#arbitrary#privilege#escalation#vulnerability#EN#2022
·dirtypipe.cm4all.com·
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
7 December 2023 - Apache Struts version 6.3.0.2 General Availability
7 December 2023 - Apache Struts version 6.3.0.2 General Availability
7 December 2023 - Apache Struts version 6.3.0.2 General Availability The Apache Struts group is pleased to announce that Apache Struts version 6.3.0.2 is available as a “General Availability” release. The GA designation is our highest quality grade. The Apache Struts is an elegant, extensible framework for creating enterprise-ready Java web applications. The framework has been designed to streamline the full development cycle, from building, to deploying, to maintaining applications over time. This version addresses a potential security vulnerability identified as CVE-2023-50164 and described in S2-066 - please read the mentioned security bulletins for more details. This is a drop-in replacement and upgrade should be straightforward.
#apache.org#EN#2023#CVE-2023-50164#Apache#Struts#annonce#Vulnerability
·struts.apache.org·
7 December 2023 - Apache Struts version 6.3.0.2 General Availability
QNAP VioStor NVR vulnerability actively exploited by malware botnet
QNAP VioStor NVR vulnerability actively exploited by malware botnet
A Mirai-based botnet named 'InfectedSlurs' is exploiting a remote code execution (RCE) vulnerability in QNAP VioStor NVR (Network Video Recorder) devices to hijack and make them part of its DDoS (distributed denial of service) swarm. #Actively #Botnet #Computer #Exploited #FXC #InfectedSlurs #InfoSec #Malware #QNAP #Router #Security #Vulnerability
#bleepingcomputer#EN#2023#FXC#QNAP#InfectedSlurs#Actively#Botnet#Malware#Exploited#Computer#Router#Vulnerability
·bleepingcomputer.com·
QNAP VioStor NVR vulnerability actively exploited by malware botnet