Post Content
Monthly Archives: January 2024
GLSA 202401-04: WebKitGTK+: Multiple Vulnerabilities
GLSA 202401-05: RDoc: Command Injection
GLSA 202401-03: BlueZ: Privilege Escalation
GLSA 202401-02: c-ares: Multiple Vulnerabilities
RansomLord v2 – Anti-Ransomware Exploitation Tool / New Release
Posted by hyp3rlinx on Jan 04
RansomLord v2 – Anti-Ransomware Exploitation Tool
[Description]
RansomLord is a proof-of-concept Anti-Ransomware exploitation tool that
generates PE files, used to exploit vulnerable Ransomware pre-encryption.
Lang: C
SHA256 : 8EA83752C4096C778709C14B60B9735CC68A5971DCDB0028A0BB167550554769
This version now intercepts and terminates malware tested from 43 different
threat groups.
Adding Wagner, Hakbit, Paradise, Jaff, DoubleZero, Blacksnake,…
Windows PowerShell Single Quote Code Execution / Event Log Bypass
Posted by hyp3rlinx on Jan 04
[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WINDOWS_POWERSHELL_SINGLE_QUOTE_CODE_EXEC_EVENT_LOG_BYPASS.txt
[+] twitter.com/hyp3rlinx
[+] twitter.com/malvuln
[+] ISR: ApparitionSec
[Vendor]
www.microsoft.com
[Product]
Microsoft Windows PowerShell
Built on the . NET Framework, Windows PowerShell helps IT professionals and
power users control and automate the…
ppp-2.4.9-10.fc38
FEDORA-2024-f0f2f19820
Packages in this update:
ppp-2.4.9-10.fc38
Update description:
Fixed improper validation of array index of the component pppdump (CVE-2022-4603).
chromium-120.0.6099.199-1.fc39
FEDORA-2024-210776b8c7
Packages in this update:
chromium-120.0.6099.199-1.fc39
Update description:
update to 120.0.6099.199
CVE-2023-6879 aom: heap-buffer-overflow on frame size change
CVE-2023-7104 sqlite: heap-buffer-overflow at sessionfuzz
CVE-2024-0222: Use after free in ANGLE
CVE-2024-0223: Heap buffer overflow in ANGLE
CVE-2024-0224: Use after free in WebAudio
CVE-2024-0225: Use after free in WebGPU
Cybersecurity firm Mandiant has its Twitter account hacked to promote cryptocurrency scam
Google-owned cybersecurity company Mandiant has found itself in the awkward position of having to wrestle back control of its Twitter account, after it was hijacked by scammers yesterday.