via @dotnet : .NET and .NET Framework June 2025 servicing releases updates
https://ift.tt/oAfZOuP
#DotNet #DotNetFramework #SecurityUpdates #CVE202530399 #RemoteCodeExecution #Developers #SoftwareUpdates #ASPNetCore #EntityFrameworkCore #WinForms #WPF #ReleaseNo…
The Sharp Taste of Mimo'lette: Analyzing Mimo's Latest Campaign targeting Craft CMS
Between February and May, multiple exploitations of CVE-2025-32432, a Remote Code Execution vulnerability in Craft CMS, were observed. The attack chain involves deploying a webshell, downloading an infection script, and executing malicious payloads including a loader, crypto miner, and residential proxyware. The Mimo intrusion set is believed responsible, using distinctive identifiers like '4l4md4r' and 'n1tr0'. The group deploys XMRig for cryptomining and IPRoyal for bandwidth monetization. Two potential operators, 'EtxArny' and 'N1tr0', were identified through social media analysis. While showing interest in Middle Eastern affairs, the group's primary motivation appears financial. Detection opportunities include monitoring for unusual processes in temporary directories and kernel module alterations.
Pulse ID: 68360c3f4169ef29b7c93f6f
Pulse Link: https://otx.alienvault.com/pulse/68360c3f4169ef29b7c93f6f
Pulse Author: AlienVault
Created: 2025-05-27 19:02:23
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
China-Nexus Threat Actor Actively Exploiting Ivanti Endpoint Manager Mobile (CVE-2025-4428) Vulnerability
A critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM) is being actively exploited by a China-nexus threat actor, UNC5221. The exploitation targets internet-facing EPMM deployments across various sectors including healthcare, telecommunications, and government. The attackers utilize unauthenticated remote code execution to gain initial access, followed by the deployment of KrustyLoader malware for persistence. They leverage hardcoded MySQL credentials to exfiltrate sensitive data from the EPMM database. The threat actor also uses the Fast Reverse Proxy (FRP) tool for network reconnaissance and lateral movement. The compromised systems span multiple countries in Europe, North America, and Asia-Pacific, indicating a global espionage campaign likely aligned with Chinese state interests.
Pulse ID: 682e5bbc1075b03f94642762
Pulse Link: https://otx.alienvault.com/pulse/682e5bbc1075b03f94642762
Pulse Author: AlienVault
Created: 2025-05-21 23:03:24
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Critical Flaw in ASUS DriverHub Exposes Devices to Remote Code Execution
A recently discovered vulnerability in ASUS's DriverHub utility could allow malicious websites to execute commands with administrative rights on user devices. This flaw, identified by cybersecurity re...
Critical SonicWall VPN Vulnerabilities Demand Immediate Action from Admins
SonicWall has issued an urgent call for administrators to patch three significant vulnerabilities in its Secure Mobile Access (SMA) appliances. These flaws, which allow for remote code execution, have...
AirPlay-Sicherheitslücken bedrohen Millionen Geräte – auch Drittanbieter betroffen
Eine neue Analyse der Sicherheitsfirma Oligo offenbart gravierende Schwachstellen im AirPlay-Protokoll von App
https://www.apfeltalk.de/magazin/feature/airplay-sicherheitsluecken-bedrohen-millionen-geraete-auch-drittanbieter-betroffen/
#Feature #iPhone #AirPlay #Apple #CarPlay #CVE #Drittanbieter #iOS #ITSicherheit #macOS #Malware #Netzwerksicherheit #Oligo #RemoteCodeExecution #Sicherheitslcke #Update
Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day – Source: www.techrepublic.com https://ciso2ciso.com/patch-tuesday-microsoft-fixes-134-vulnerabilities-including-1-zero-day-source-www-techrepublic-com/ #rssfeedpostgeneratorecho #SecurityonTechRepublic #SecurityTechRepublic #remotecodeexecution #CyberSecurityNews #MicrosoftOffice #International #Microsoft #Security #Tenable #Fortra #Apple #CLFS #LDAP #News
WhatsApp for Windows Spoofing Flaw Opens Door to Remote Malware Attacks
#WhatsApp #CyberSecurity #WindowsSecurity #CVE202530401 #Infosec #DataProtection #Meta #Vulnerability #RemoteCodeExecution
WhatsApp for Windows is under attack—a seemingly harmless file might hide a malicious payload thanks to a critical flaw. Are you sure your app’s updated? Discover how a tiny oversight could open the door for cyber threats.
https://thedefendopsdiaries.com/understanding-the-whatsapp-for-windows-vulnerability-cve-2025-30401/
#whatsappvulnerability
#cve202530401
#cybersecurity
#remotecodeexecution
#windowssecurity
1/ War heute im @blnensemble und habe mir #RCE angesehen. Ich hatte den Roman von Sibylle Berg ja letztes Jahr gelesen. War sehr gut. Wir waren auch bei der Einführung:
Aus dem 700seitigen Roman wurde mit KI eine 50seitige Zusammenfassung erzeugt. Diese wurde dann mit Text to Speech vorgelesen. Ein Mensch hat Musik darufgepackt. Mehrere Videokünstler aus verschiedenen europäischen Ländern haben dann mit KI Videos und Bilder dazu gemacht.
Das Stück ist ein dystopisches mit Revolution durch Nerds. Alles ist digitalisiert und dadurch angreifbar. Stromnetze, Transport, Lebensmittelversorgung, Heizung im #Smarthome.
Laut Aussage des Einführenden gab es auch bei den Proben Stromausfälle. Das Buch ist der Bauplan für die Weltrevolution.
Paar so Fetzen aus dem Stück:
„Es braucht eine Revolution zu der man tanzen kann.“
„Nerds retten die Welt.“
„Verzichten kann wieder Spass machen.“
Nach dem Stück haben alle geklatscht und sind dann nach Hause gefahren.
Sie träumen davon, dass die Nerds demnächst Revolution machen.
Vielleicht träumen sie auch nichts, weil sie zu viel Alkohol trinken oder zu starke Schlaftabletten nehmen.
Wenn Ihr weder träumt noch schlaft, dann lest mal #RemoteCodeExecution. Ist lustig. Oder traurig. Je nachdem, wie Ihr so seid.
Ach so: Wir waren uns nicht ganz einig, ob die erste Zusammenfassung mit KI gemacht wurde, oder per Hand. Vielleicht kann das BE das ja noch mal aufklären.
Ich finde es auf einer Meta-Ebene lustig, dass die Menschen, die Angst davor haben, von KI ersetzt zu werden, diese benutzen, um die dystopische Welt zu zeigen.
Unmasking the new persistent attacks on Japan
An unknown attacker has been targeting organizations in Japan since January 2025, exploiting CVE-2024-4577, a remote code execution vulnerability in PHP-CGI on Windows. The attacker uses the Cobalt Strike kit 'TaoWu' for post-exploitation activities, including reconnaissance, privilege escalation, persistence establishment, and credential theft. Targeted sectors include technology, telecommunications, entertainment, education, and e-commerce. The attack involves exploiting the vulnerability, executing PowerShell scripts, and using various tools for system compromise. The attacker's techniques are similar to those of the 'Dark Cloud Shield' group, but attribution remains uncertain. A pre-configured installer script found on the C2 server deploys multiple adversarial tools and frameworks, indicating potential for future attacks.
Pulse ID: 67c9f6c4232a8b4665784c45
Pulse Link: https://otx.alienvault.com/pulse/67c9f6c4232a8b4665784c45
Pulse Author: AlienVault
Created: 2025-03-06 19:25:56
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Further insights into Ivanti CSA 4.6 vulnerabilities exploitation
This analysis examines the exploitation of critical vulnerabilities in Ivanti Cloud Service Appliance (CSA) 4.6 between October 2024 and January 2025. It confirms widespread exploitation leading to webshell deployments in September and October 2024. The report provides details on malicious activities conducted within a targeted organization in September 2024 after compromising an Ivanti CSA device. A cluster of associated implants and infrastructure is identified. A root cause analysis of CVE-2024-8963 reveals it stems from URL parsing issues in Ivanti's proprietary web server and PHP CGI configuration. The vulnerability allowed unauthenticated remote code execution. Various webshell variants deployed by attackers are described. Over 1,100 vulnerable Ivanti CSA devices were found online, with webshells on nearly half of them.
Pulse ID: 67aad6551764d380d0f060a8
Pulse Link: https://otx.alienvault.com/pulse/67aad6551764d380d0f060a8
Pulse Author: AlienVault
Created: 2025-02-11 04:47:17
Be advised, this data is unverified and should be considered preliminary. Always do further verification.
Gestern das Theaterstück zu #rce von Sybille Berg im Berliner Ensemble gesehen und ich bin immer noch geflasht. Großes Kino.
(Foto von Marcel Urlaub, https://www.berliner-ensemble.de/inszenierung/rce)
#BErce #RemoteCodeExecution
John Iwasz has graciously 
returned to share highlights from Black Hat & DEFCON conferences, demo a remote code execution attack, & discuss migrating away from BinaryFormatter with .NET 9. 
Die Ergebnisse der nachtkritik.de-Umfrage zum Theatertreffen 2025 sind da...
Aus Berlin sind unter den ersten Zehn gelandet:
Ja nichts ist ok von René Pollesch und Fabian Hinrichs
Regie: René Pollesch und Fabian Hinrichs
#Volksbühne Berlin
RCE #Remotecodeexecution von @SibylleBerg
Regie: Kay Voges
@blnensemble
Alle Ergebnisse gibt es hier:
https://nachtkritik.de/interview2/nachtkritik-theatertreffen/nachtkritik-theatertreffen-2025#begruendung-der-nominierung-9
via @dotnet : .NET and .NET Framework January 2025 servicing releases updates
https://ift.tt/eR6NaGf
#DotNet #DotNetFramework #January2025 #SecurityUpdates #CVE #RemoteCodeExecution #DenialOfService #ElevationOfPrivilege #ASPNetCore #EFCore #ReleaseNotes #Softwa…
A $100,000 Discovery: How a Security Flaw Nearly Compromised Facebook's Ad Infrastructure
In a startling revelation, security researcher Ben Sadeghipour uncovered a critical vulnerability in Facebook's ad platform that granted him control over internal servers. This discovery not only earn...
#Apache fixes #remotecodeexecution bypass in #Tomcat #webserver
Apache Tomcat is an open-source web server and servlet container widely used to deploy and run Java-based web applications. It provides a runtime environment for Java Servlets, JavaServer Pages (JSP), and Java WebSocket technologies. https://www.bleepingcomputer.com/news/security/apache-fixes-remote-code-execution-bypass-in-tomcat-web-server/
Hör mal in dieses Album rein: RCE #RemoteCodeExecution - Music from and inspired by the theatre play by Sibylle Berg, directed by Kay Voges at Berliner Ensemble (Original Motion Picture Soundtrack) https://open.spotify.com/album/58LrCOEULf3PPYurvLZVvP?si=SBYE-5zhQPGxdbFUIvyb6g
Für alle, die sich auch einen Ohrwurm verpassen lassen wollen. 
Solange es noch geht: Kultur in #Berlin von der wunderbaren @SibylleBerg #RemoteCodeExecution #berlinistkultur
