Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse

North Korean hackers break ground with new exploitation techniques for Windows and macOS.

DARKReading
Open in Source
#vulnerability#ios#mac#windows#apple#microsoft#intel#perl#auth
Expired Redis Service Abused to Use Metasploit Meterpreter Maliciously

Attackers have compromised an 8-year-old version of the cloud platform to distribute various malware that can take over infected systems.

Windows Kernel Subkey List Use-After-Free

The Windows Kernel suffers from a subkey list use-after-free vulnerability due to a mishandling of partial success in CmpAddSubKeyEx.

Siemens Telecontrol Server Basic

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: Telecontrol Server Basic Vulnerabilities: Inadequate Encryption Strength, Double Free, Integer Overflow or Wraparound, External Control of File Name or Path, Path Traversal, Improper Input Validation, Missing Encryption of Sensitive Data, Use After Free, Improper Certificate Validation, Inefficient Regular Expression Complexity, Improper Check for Unusual or Exceptional Conditions, NULL Pointer Dereference, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of this vulnerability could 3. TEC...

GHSA-hjq6-52gw-2g7p: yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)

### Summary The [patch that addressed CVE-2023-40581](https://github.com/yt-dlp/yt-dlp/commit/de015e930747165dbb8fcd360f8775fd973b7d6e) attempted to prevent RCE when using `--exec` with `%q` by replacing double quotes with two double quotes. However, this escaping is not sufficient, and still allows expansion of environment variables. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version [2021.04.11](https://github.com/yt-dlp/yt-dlp/releases/tag/2021.04.11). ```cmd > yt-dlp "https://youtu.be/42xO6rVqf2E" --ignore-config -f 18 --exec "echo %(title)q" [youtube] Extracting URL: https://youtu.be/42xO6rVqf2E [youtube] 42xO6rVqf2E: Downloading webpage [youtube] 42xO6rVqf2E: Downloading ios player API JSON [youtube] 42xO6rVqf2E: Downloading android player API JSON [youtube] 42xO6rVqf2E: Downloading m3u8 information [info] 42xO6rVqf2E: Downloading 1 format(s): 18 [download] Destination: %CMDCMDLINE:~-1%&echo pwned&calc.exe [4...

CHAOS RAT 5.0.1 Remote Command Execution

CHAOS RAT web panel version 5.0.1 is vulnerable to command injection, which can be triggered from a cross site scripting attack, allowing an attacker to takeover the RAT server.

Joomla SP Page Builder 5.2.7 SQL Injection

Joomla SP Page Builder component version 5.2.7 suffers from a remote SQL injection vulnerability.

Cagey Phishing Campaign Delivers Multiple RATs to Steal Windows Data

Various anti-detection features, including the use of the ScrubCrypt antivirus-evasion tool, fuel an attack that aims to take over Microsoft Windows machines.