cyber – Page 224 – Cyber Security News Aggregator

February 23, 2023 at 09:57AM

February 23, 2023cK-botUncategorized

■■■■□ CVE-2022-39952 (CVSS score 9.8) and CVE-2021-42756 are respectively an external control of file name or path in Fortinet FortiNAC and a collection of stack-based buffer overflow issues in the proxy daemon of FortiWeb. https://securityaffairs.com/142553/hacking/poc-exploit-code-fortinet-fortinac.html https://t.me/cKure/12128

February 23, 2023 at 09:52AM

February 23, 2023cK-botUncategorized

■■■■□ The X64 Stack. https://wp.me/pchJ1h-i4 https://t.me/cKure/12127

February 23, 2023 at 02:37AM

February 22, 2023cK-botUncategorized

■■■■□ Interesting thread on Google’s Gmail address leak. https://twitter.com/IvanoSomaini/status/1628254420625506304 https://t.me/cKure/12126

February 22, 2023 at 01:45AM

February 21, 2023cK-botUncategorized

■■■■■ Zero-Day: Trellix Advanced Research Center Discovers a New Privilege Escalation Bug Class on macOS and iOS. https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html https://t.me/cKure/12124

February 22, 2023 at 01:15AM

February 21, 2023cK-botUncategorized

■■■□□ Post exploitation of Domain Admin (Windows). https://infosecwriteups.com/you-got-domain-admin-now-what-aab749c4200d https://t.me/cKure/12123

February 21, 2023 at 08:48PM

February 21, 2023cK-botUncategorized

■■■■□ Data-Leak: Unsecured DoD sever was spilling terabytes of internal United States’ military emails to the open internet for the past two weeks. https://techcrunch.com/2023/02/21/sensitive-united-states-military-emails-spill-online/ https://t.me/cKure/12122

February 21, 2023 at 06:14PM

February 21, 2023cK-botUncategorized

■■■■□ TOR Project Moves Away from Infrastructure Ran by Internet Monitoring Firm after Motherboard announced Team Cymru sold internet monitoring tools to the U.S. military, the Tor Project announced it would stop using infrastructure donated by the company. https://www.vice.com/en/article/z34jbj/tor-projects-moves-away-from-team-cymru-infrastructure https://t.me/cKure/12121

February 21, 2023 at 06:05PM

February 21, 2023cK-botUncategorized

■■■■■ Fortinet FortiNAC CVE-2022-39952 Deep-Dive, PoC and IOCs. An external control of file name or path vulnerability [CWE-73] in FortiNAC webserver may allow an unauthenticated attacker to perform arbitrary write on the system. PoC exploit here. Usage: python3 CVE-2022-39952.py –target IP –file payload https://t.me/cKure/12119

February 21, 2023 at 02:02PM

February 21, 2023cK-botUncategorized

■■■□□ Exploiting a SUID logic bug. https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/ https://t.me/cKure/12118

February 21, 2023 at 09:04AM

February 21, 2023cK-botUncategorized

■■■■□ HTML Smuggling: Recent observations of threat actor techniques. https://blog.delivr.to/html-smuggling-recent-observations-of-threat-actor-techniques-74501d5c8a06?gi=bb7ac222e3e7 https://t.me/cKure/12117