■■■■■ #Untested CVE-2023-26818: Exploit MacOS TCC Bypass W/ Telegram. You can read the vulnerability analysis Part 1 and Part 2 for sandbox bypass. https://github.com/Zeyad-Azima/CVE-2023-26818 https://t.me/cKure/12817
All posts tagged cyber
September 1, 2023 at 11:30AM
■■■■□ CVE-2023-41717: Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions. https://github.com/federella/CVE-2023-41717 https://t.me/cKure/12816
September 1, 2023 at 11:16AM
■■■■■ Infamous Chisel: A collection of components associated with Sandworm designed to enable remote access and exfiltrate information from Android phones. Infamous Chisel also provides remote access by configuring and executing Tor with a hidden service which forwards to a modified Dropbear binary providing a SSH connection. https://github.com/blackorbird/APT_REPORT/blob/master/Sandworm/NCSC-MAR-Infamous-Chisel.pdf https://t.me/cKure/12815
September 1, 2023 at 11:13AM
■■■■■ Window-Hijack Exploring the Ingenious Utilization of Overwolf’s Overlay Framework While Preserving its Native Window Flags Employing SetWindowsHookEx for Acquiring Keyboard and Mouse Inputs. https://github.com/SurgeGotTappedAgain/Window-Hijack https://t.me/cKure/12814
September 1, 2023 at 09:54AM
■■■■□ Supernova – Shellcode Encrypter. https://github.com/nickvourd/Supernova https://t.me/cKure/12813
August 31, 2023 at 10:04PM
■■■■□ Privacy: India is sniffing internet traffic inside undersea cables, says a report by FT. Cyber-Crime, surveillance. ✓ The tools for surveillance have been provided by companies like Cognyte and Septier. ✓ The fresh report raises mass surveillance fears. https://www.indiatoday.in/technology/news/story/report-says-india-sniffing-internet-traffic-passing-through-undersea-cables-raises-surveillance-risk-2429311-2023-08-31 https://t.me/cKure/12812
August 30, 2023 at 10:31PM
■■■□□ 5G security – how to minimise the threats to a 5G network. https://research.nccgroup.com/2023/08/28/5g-security-how-to-minimise-the-threats-to-a-5g-network/ https://t.me/cKure/12810
August 30, 2023 at 03:07PM
MalDoc in PDF – Detection bypass by embedding a malicious Word file into a PDF file. https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html https://t.me/cKure/12808
August 30, 2023 at 02:59PM
■■■■■ 2023-08 Out-of-Cycle Security Bulletin: Junos OS: SRX Series and EX Series: Multiple vulnerabilities in J-Web can be combined to allow a preAuth Remote Code Execution. https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution https://t.me/cKure/12807
August 30, 2023 at 02:56PM
■■■■■ HTML Smuggling Leads to Domain Wide Ransomware. https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/ https://t.me/cKure/12806