All posts tagged cyber

Zero-Day: Critical Remote Code Execution issue impacts popular post-exploitation toolkit Cobalt Strike . https://securityaffairs.co/wordpress/137284/hacking/cobalt-strike-rce.html https://t.me/cKure/11862

Converting LFI into RCE by chaining PHP encoding filters. https://www.synacktiv.com/publications/php-filters-chain-what-is-it-and-how-to-use-it.html https://t.me/cKure/11860

■□□□□ Use of noVNC for phishing campaigns. https://adepts.of0x.cc/novnc-phishing/ https://t.me/cKure/11859

■■■■□ Facebook CSRF. https://lokeshdlk77.medium.com/facebook-sms-captcha-was-vulnerable-to-csrf-attack-8db537b1e980 https://t.me/cKure/11858

■■■■□ CVE-2022-40684 – Auth bypass extract admin users and LDAP config – This PoC do only read-only actions. https://github.com/carlosevieira/CVE-2022-40684 https://t.me/cKure/11857

■■■□□ Data-Leak: AFP classified documents hacked in data leak, exposing agents fighting drug cartels. https://www.abc.net.au/news/2022-10-14/afp-data-leak-hackers-expose-drug-cartel-information/101535312 https://t.me/cKure/11856

■■■■□ Lazarus Group Uses the DLL Side-Loading Technique (mi.dll). https://asec.ahnlab.com/en/39828/ https://t.me/cKure/11855

■□□□□ The Indian Embassy of Ireland (@IndiainIreland) Twitter account has been hijacked. The individuals who stole it are using it to shill various cryptocurrency scams and pretending to be Elon Musk. Source: vk (twitter). https://t.me/cKure/11854

■■■■□ FortiOS, FortiProxy, and FortiSwitchManager Authentication Bypass IOCs (CVE-2022-40684). https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/ https://t.me/cKure/11853

■■■□ Largest Bug-Bounty (physical) has a Guiness record. ● I was part of this event. https://www.guinnessworldrecords.com/world-records/696037-largest-bug-bounty-competition https://t.me/cKure/11852