FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

By: Newsroom
A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as CVE-2024-34359 (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. "If exploited, it could allow attackers to execute arbitrary code on your system,

New Coyote Trojan Targets 61 Brazilian Banks with Nim-Powered Attack

By: Newsroom
Sixty-one banking institutions, all of them originating from Brazil, are the target of a new banking trojan called Coyote. "This malware utilizes the Squirrel installer for distribution, leveraging Node.js and a relatively new multi-platform programming language called Nim as a loader to complete its infection," Russian cybersecurity firm Kaspersky said in a Thursday report. What

Node.js Users Beware: Manifest Confusion Attack Opens Door to Malware

By: Ravie Lakshmanan
The npm registry for the Node.js JavaScript runtime environment is susceptible to what's called aΒ manifest confusionΒ attack that could potentially allow threat actors to conceal malware in project dependencies or perform arbitrary script execution during installation. "A npm package's manifest is published independently from its tarball," Darcy Clarke, a former GitHub and npm engineering manager

Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware

By: Ravie Lakshmanan
Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware calledΒ TurkoRat. The packages – named nodejs-encrypt-agent and nodejs-cookie-proxy-agent – were collectively downloaded approximately 1,200 times and were available for more than two months before they were identified and taken down. ReversingLabs, which broke

Jscythe - Abuse The Node.Js Inspector Mechanism In Order To Force Any Node.Js/Electron/V8 Based Process To Execute Arbitrary Javascript Code

By: noreply@blogger.com (Unknown)


jscythe abuses the node.js inspector mechanism in order to force any node.js/electron/v8 based process to execute arbitrary javascript code, even if their debugging capabilities are disabled.

Tested and working against Visual Studio Code, Discord, any Node.js application and more!

How

  1. Locate the target process.
  2. Send SIGUSR1 signal to the process, this will enable the debugger on a port (depending on the software, sometimes it's random, sometimes it's not).
  3. Determine debugging port by diffing open ports before and after sending SIGUSR1.
  4. Get the websocket debugging URL and session id from http://localhost:<port>/json.
  5. Send a Runtime.evaluate request with the provided code.
  6. Profit.

Building

cargo build --release

Running

Target a specific process and execute a basic expression:

./target/debug/jscythe --pid 666 --code "5 - 3 + 2"

Execute code from a file:

./target/debug/jscythe --pid 666 --script example_script.js

The example_script.js can require any node module and execute any code, like:

require('child_process').spawnSync('/System/Applications/Calculator.app/Contents/MacOS/Calculator', { encoding : 'utf8' }).stdout

Search process by expression:

./target/debug/jscythe --search extensionHost --script example_script.js

Other options

Run jscythe --help for the complete list of options.

License

This project is made with β™₯ by @evilsocket and it is released under the GPL3 license.


❌