All posts in Uncategorized

■■□□□ A hacker group called RipperSec, identifying themselves as ‘Muslim Hacktivists,’ has claimed responsibility for leaking data from two companies in Singapore. https://t.me/cKure/14405

■■■□□ PoC for CVE-2024-36991: This exploit will attempt to read Splunk /etc/passwd file. https://github.com/bigb0x/CVE-2024-36991 https://t.me/cKure/14403

■■■■□ PoC Exploit Released for VMware vCenter Server RCE Vulnerability. https://cybersecuritynews.com/vmware-vcenter-server-poc-exploit/ https://t.me/cKure/14402

■□□□□ Facebook sets a new policy in violation of the United Nations General Assembly Resolution 3379, Determining that Zionism is a form of racism and racial discrimination. The criminal act will be now supported by Meta and all their subsidiaries, and any negative mention this racism (Zionism) will be against Meta and Meta shall support…

■■■□□ VMware has fixed the critical SQL injection vulnerability CVE-2024-22280 (CVSS 8.5) in Aria Automation. VMware Aria Automation is a modern cloud automation platform that simplifies and streamlines the deployment, management and governance of cloud infrastructure and applications. It provides a unified platform for automating tasks across multiple cloud environments, including VMware Cloud on AWS,…

■■■■■ Header Enrichment: A technique used by Telco operators to acquire MSISDN (phone number) through a website (HTTP-GET is enough). It can be used to trace users and target them for ads by the ISP or their associated vendors. And if the API key is leaked through a vendor or ISP itself. Scenarios: 1. The…

■■■■■ CVE-2024-38021: Critical Zero-click RCE Vulnerability Impacts Microsoft Outlook Applications. https://cybersecuritynews.com/outlook-zero-click-rce-vulnerability/ https://t.me/cKure/14391

■■□□□ Google cloud listed as sponsor of Israeli military conducting an ongoing genocide in the Middle East. Google’s logo was later removed from the sponsor list of “IT for IDF 2024,” but is still listed as a client of the conference organizer. https://www.404media.co/google-cloud-listed-then-removed-as-sponsor-of-israeli-military-tech-conference/ https://t.me/cKure/14390

■■■■■Spyware attributed to pro-Houthi hackers used against militaries across Middle East. https://therecord.media/pro-houthi-hackers-yemen-spyware-middle-east-militaries https://www.lookout.com/threat-intelligence/article/guardzoo-houthi-android-surveillanceware https://www.recordedfuture.com/research/oilalpha-spyware-used-to-target-humanitarian-aid-groups https://t.me/cKure/14388

■■■■□ Kimsuky Hackers Attacking Organizations Using Weaponized EXE & DOCX Files. https://cybersecuritynews.com/kimsuky-hackers-exe-docx-attacks/ https://t.me/cKure/14387