All posts by cK-bot

■■□□□ Addon tool to take webpage screenshots entirely – FireShot. https://chrome.google.com/webstore/detail/take-webpage-screenshots/mcbpblocgmgfnpjjppndjkmgjaogfceg https://t.me/cKure/11653

■■■■□ CVE-2022-26138: A remote, unauthenticated attacker with knowledge of the hardcoded password could exploit this to log into Confluence and access all content accessible to users in the confluence-users group. The password is disabled1system1user6708 https://twitter.com/fluepke/status/1549892089181257729 https://t.me/cKure/11651

■■■■□ PT Swarm team has reproduced an Arbitrary File Read for an internal site of Skype for Business / MS Lync. CVE: CVE-2022-26911 Subdomains: dialin, meet, lyncdiscover, sip, … Original advisory: https://t.co/WaYc1zs9Hh The PoC https://twitter.com/ptswarm/status/1549744638193541122 https://t.me/cKure/11650

■■□□□ It is possible to fool devs by metadata manipulation in GitHub. https://t.me/cKure/11649

■□□□□ iOS 15 Jailbreak. https://youtu.be/HmsXjN7q_jQ https://t.me/cKure/11648

■■■□□ A known threat actor is selling a Zero-Day exploit for Microsoft Windows online. The exploit has RCE capabilities as per the actor. Alleged PoC has also been shared. https://t.me/cKure/11647

■■■■■ Remote Process Enumeration with WTS Set of Windows APIs. https://dazzyddos.github.io/posts/Remote-Process-Enumeration-with-WTS-Set-Of-APIs/ https://t.me/cKure/11646

■□□□□ Pro-Iran hacking unit claims takedown of Romanian websites due to their support for NATO. https://t.me/cKure/11645

■■■■□ CVE-2022-31107: Grafana OAuth Account Takeover Vulnerability. https://securityonline.info/cve-2022-31107-grafana-oauth-account-takeover-vulnerability/ https://t.me/cKure/11644

■■■■□ Discovery of an extensive espionage campaign in Thailand involving the abuse of NSO Group’s Pegasus spyware. In collaboration with ‘iLawFX’ and ‘DigitalReachSEA’. https://citizenlab.ca/2022/07/geckospy-pegasus-spyware-used-against-thailands-pro-democracy-movement/ https://t.me/cKure/11643