All posts by cK-bot

■■■■■ Multiple one-click vulnerabilities have been discovered across a variety of popular software applications, allowing an attacker to potentially execute arbitrary code on target systems. The issues were discovered by Positive Security researchers Fabian Bräunlein and Lukas Euler and affect apps like Telegram, Nextcloud, VLC, LibreOffice, OpenOffice, Bitcoin/Dogecoin Wallets, Wireshark, and Mumble. https://positive.security/blog/url-open-rce https://thehackernews.com/2021/04/1-click-hack-found-in-popular-desktop.html https://t.me/cKure/7620

■■■□□ Swissknife – Scriptable VSCode Extension To Generate Or Manipulate Data. https://github.com/luisfontes19/vscode-swissknife/ https://t.me/cKure/7619

■□□□□ AppSpace Zero-Days 1. XSS – Stored https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27989 2. Broken Auth https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27990 Credits: https://www.linkedin.com/in/syedsohaibkarim https://t.me/cKure/7618

■■■■□ WhatsApp exposure of TLS 1.2 cryptographic material to third party apps. https://census-labs.com/news/2021/04/14/whatsapp-exposure-of-cryptographic-material-to-third-party-apps/ https://t.me/cKure/7617

■■■■■ Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027). https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/ https://t.me/cKure/7615

■■■■■ For the second time in a week, a Chromium zero-day remote code execution exploit code has been released on Twitter, multiple browsers impacted. https://github.com/avboy1337/1195777-chrome0day https://securityaffairs.co/wordpress/116844/hacking/google-chromium-zero.html https://t.me/cKure/7614

■□□□□ Vulnerabilities in 17+ Elementor Add-on Plugins for WordPress. https://www.searchenginejournal.com/wordpress-elementor-plugin-vulnerabilities/402330/ https://t.me/cKure/7613

■■□□□ Security Bug Allows Attackers to Brick Kubernetes Clusters. The vulnerability is triggered when a cloud container pulls a malicious image from a registry. https://threatpost.com/security-bug-brick-kubernetes-clusters/165413/ https://t.me/cKure/7612

■■■■□ United States : Australia based Azimuth unlocked the iPhone at the center of an epic legal battle between the FBI and Apple. Now, Apple is suing the company co-founded by one of the hackers behind the unlock. https://www.washingtonpost.com/technology/2021/04/14/azimuth-san-bernardino-apple-iphone-fbi/ https://t.me/cKure/7611

■■■■■ WhatsApp addressed two security vulnerabilities in its app for Android that could have been exploited to remotely hack the victim’s device. https://securityaffairs.co/wordpress/116833/hacking/whatsapp-flaws-remote-hack.html https://t.me/cKure/7610