All posts by cK-bot

■■■■□ Safari Zero-Day Used in Malicious LinkedIn Campaign. Researchers shed light on how attackers exploited Apple web browser vulnerabilities to target government officials in Western Europe. https://threatpost.com/safari-zero-day-linkedin/167814/ https://t.me/cKure/8573

■□□□□ CVE to be assigned for the issue. It is a non typical case of privilege escalation via XXE. This is not a remote attack. https://t.me/cKure/8572

■■■□□ Linux PoC / Google. https://github.com/google/security-research/tree/master/pocs/linux/cve-2021-22555 https://t.me/cKure/8571

● Zero-Day: A critical bug (***) in the installer file of Kaspersky has been identified. It leads to sensitive information disclosure and privilege escalation in Windows operating system. https://t.me/cKure/8569

■■■□□ Ransomware Giant REvil’s Sites Disappear amid US president’s request to Russian counterpart. Russia 🇷🇺 / United States 🇺🇸 Ransomware Giant REvil’s Sites Disappear https://t.me/cKure/8568

■■□□□ Chinese Hackers Exploit Latest SolarWinds 0-Day to Target U.S. Defense Firms. United States / China https://t.me/cKure/8567

■■■□□ Update Your Windows PCs to Patch 117 New Flaws, Including 9 Zero-Days. https://thehackernews.com/2021/07/update-your-windows-pcs-to-patch-117.html https://t.me/cKure/8566

■■■■■ PayPal CSP Bypass by Sergey Bobrov. https://t.me/cKure/8565

■■■■■ ModiPwn attack gives full control over Modicon programmable logic controllers (PLC) as researchers warn of unpatched remote code execution flaws in Schneider Electric industrial gear. https://go.theregister.com/feed/www.theregister.com/2021/07/13/armis_schneider_electric_flaw/ https://t.me/cKure/8564

■□□□□ Putin agrees to do something about ransomware coming out of Russia https://t.me/cKure/8563