ShadowHound is a PowerShell tool designed for mapping Active Directory environments without using known malicious binaries. It utilizes legitimate PowerShell modules for data collection through two methods: ADWS and LDAP.
A vulnerability was found in Inter7 Qmailadmin up to 1.0.5 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument QMAILADMIN_TEMPLATEDIR as part of Environment Variable leads to memory corruption.
This vulnerability is handled as CVE-2002-1414. An attack has to be approached locally. Furthermore, there is an exploit available.
Dive into the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated methods to bypass security measures.
The Evolution of Phishing Attacks
“I really like the saying that ‘This is out of scope’ said no hacker ever. Whether it’s tricks, techniques or technologies, hackers will do anything to evade detection and make sure their
We hear terms like “state-sponsored attacks” and “critical vulnerabilities” all the time, but what’s really going on behind those words? This week’s cybersecurity news isn’t just about hackers and headlines—it’s about how digital risks shape our lives in ways we might not even realize.
For instance, telecom networks being breached isn’t just about stolen data—it’s about power. Hackers are
Cybersecurity researchers have disclosed two new attack techniques against infrastructure-as-code (IaC) and policy-as-code (PaC) tools like HashiCorp's Terraform and Styra's Open Policy Agent (OPA) that leverage dedicated, domain-specific languages (DSLs) to breach cloud platforms and exfiltrate data.
"Since these are hardened languages with limited capabilities, they're supposed to be more
A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.11.7. Affected by this issue is the function dvb_register_device. The manipulation leads to out-of-bounds read.
This vulnerability is handled as CVE-2024-53063. The attack needs to be approached within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
A vulnerability was found in Linux Kernel up to 5.15.171/6.1.116/6.6.60/6.11.7. It has been classified as critical. Affected is the function dwc3_core_exit. The manipulation leads to denial of service.
This vulnerability is traded as CVE-2024-53070. The attack needs to be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
A vulnerability was found in Linux Kernel up to 5.15.170/6.1.115/6.6.59/6.11.6. It has been rated as problematic. Affected by this issue is the function stmmac_tx_clean. The manipulation leads to improper validation of array index.
This vulnerability is handled as CVE-2024-53058. The attack can only be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
A vulnerability was found in Linux Kernel up to 5.15.170/6.1.115/6.6.59/6.11.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory corruption.
This vulnerability is known as CVE-2024-53055. The attack can only be done within the local network. There is no exploit available.
It is recommended to upgrade the affected component.
A vulnerability was found in Linux Kernel up to 6.11.7 and classified as problematic. This issue affects the function search_nested_keyrings. The manipulation leads to out-of-bounds read.
The identification of this vulnerability is CVE-2024-50301. The attack needs to be initiated within the local network. There is no exploit available.
It is recommended to upgrade the affected component.