All posts tagged cyber

CVE-2023-23397-POC-Powershell exploit [untested]. https://github.com/api0cradle/CVE-2023-23397-POC-Powershell https://t.me/cKure/12212

■□□□□ The critical Microsoft Outlook vulnerability is triggered when an attacker sends a message with an extended MAPI property with a UNC path to an SMB (TCP 445) share on a threat actor-controlled server. No interaction is required. https://t.me/cKure/12211

■□□□□ CVE-2023-22899: Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. https://t.me/cKure/12210

CVE-2022-42475 | Zero-Day: Heap overflow in Fortinet’s SSLVPN PoC. This PoC has hardcoded valid which change from system to system. https://github.com/scrt/cve-2022-42475 https://t.me/cKure/12209

■■■□□ Russian hackers targeted European military and transport organizations in newly discovered spying campaign. https://edition.cnn.com/2023/03/15/politics/russian-hackers-europe-military-organizations-microsoft/index.html https://t.me/cKure/12208

■■■■■ Data-Leak from the United States: ‘Nobody is Safe’: In Wild Hacking Spree, Hackers Accessed Federal Law Enforcement Database. https://www.vice.com/en/article/pkae7g/nobody-is-safe-in-wild-hacking-spree-hackers-accessed-federal-law-enforcement-database https://t.me/cKure/12207

■■■□□ Data-Leak: Security Security giant Rubrik says hackers used Fortra zero-day to steal internal data. https://techcrunch.com/2023/03/14/security-giant-rubrik-says-hackers-used-fortra-zero-day-to-steal-internal-data/ https://t.me/cKure/12204

■■■■□ Microsoft fixes Outlook zero-day used by Russian hackers since April 2022. https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-zero-day-used-by-russian-hackers-since-april-2022/ https://t.me/cKure/12203

AMSI Bypass New Way 2023. https://infosecwriteups.com/amsi-bypass-new-way-2023-d506345944e9 https://t.me/cKure/12201

■□□□□ Cytaka CTF UAE registration link. https://www.gisec.ae/world-cyber-championship https://t.me/cKure/12200