All posts tagged cyber

■■■□□ How did Clop get its hands on the MOVEit zero-day? https://therecord.media/clop-moveit-zero-day-dustin-childs-interview https://t.me/cKure/12827

■■■■□ Malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework. https://thehackernews.com/2023/08/hackers-can-exploit-windows-container.html https://t.me/cKure/12826

■■■□□ Data-Leak: Forever 21 has about 500 retail locations and an online store. It’s the second data breach in recent years after a massive theft of credit card numbers from its store point-of-sale machines in 2017. https://techcrunch.com/2023/08/31/forever-21-data-breach-half-million/ https://t.me/cKure/12825

■■■■□ CVE-2023–28072: Local Privilege Escalation in Alienware Command Center. https://medium.com/@matterpreter/cve-2023-28072-local-privilege-escalation-in-alienware-command-center-a836607762ba https://t.me/cKure/12824

■■□□□ CVE-2023-36250: CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record. https://github.com/BrunoTeixeira1996/CVE-2023-36250 https://t.me/cKure/12823

■■□□□ Shambles: The Next-Generation IoT Reverse Engineering Tool to Discover Zero-Day Vulnerabilities. https://boschko.ca/shambles/ https://t.me/cKure/12822

■□□□□ Apple BLE Proximity Pairing Message Spoofing. https://github.com/ECTO-1A/AppleJuice https://t.me/cKure/12821

■■□□□ Session Hijacking Visual Exploitation is a tool that allows for the hijacking of user sessions by injecting malicious JavaScript code. https://github.com/doyensec/Session-Hijacking-Visual-Exploitation https://t.me/cKure/12820

■■■□□ Interesting thread on SQLi. https://twitter.com/therceman/status/1643863898485841920 https://t.me/cKure/12819

■■■■■ Pwn2Own Vancouver 2023 Ubuntu LPE exploit. https://github.com/Synacktiv/CVE-2023-35001 https://t.me/cKure/12818