Tag
#windows
### Summary The SSID is not sanitized when before it is passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID can be executed as OS commands. ### Details I have exploited this vulnerability in a Windows service using version 5.22.11 of the module, to escalate privileges (in an environment where I am authorized to do so). However, as far as I can see from the code, it is still present in master branch at time of writing, on line [403/404 of network.js](https://github.com/sebhildebrandt/systeminformation/blob/3a92931c7d46605ffddc1aacb97a9727273b2888/lib/network.js#L403). The SSID is obtained from `netsh wlan show interface ...` in `getWindowsWirelessIfaceSSID`, and then passed to `cmd.exe /d /s /c "netsh wlan show profiles ...` in `getWindowsIEEE8021x`, without sanitization. ### PoC First, the command injection payload should be included in the connected Wi-Fi SSID. For example create hotspot on mobile phone or other lap...
While a number of threat groups have used TP-Link bugs to infiltrate networks, a proposed ban of the company's popular routers is more about geopolitics than actual cybersecurity — and that may not be a bad thing.
Criminals are luring victims looking to download software and tricking them into running a malicious command.
In the last newsletter of the year, Thorsten recalls his tech-savvy gift to his family and how we can all incorporate cybersecurity protections this holiday season.
This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver (BYOVD) technique along with Cisco Talos’ series of posts about malicious Windows drivers.
KEY SUMMARY POINTS Cybersecurity researchers Dr. Web have uncovered a new and active Linux malware campaign aimed at…
Hackers are abusing legitimate Windows utilities to target Thai law enforcement with a novel malware that is a mix of sophistication and amateurishness.
SUMMARY Datadog Security Labs’ cybersecurity researchers have discovered a new, malicious year-long campaign from a threat actor identified…
SUMMARY Cicada3301, a ransomware group, has claimed responsibility for a data breach targeting Concession Peugeot (concessions.peugeot.fr), a prominent…
A thwarted attack demonstrates that threat actors using yet another delivery method for the malware, which already has been spread using phishing emails, malvertising, hijacking of instant messages, and SEO poisoning.