All posts tagged hack

■■■■□ Internal AWS credentials swiped by researcher via SQL payload. https://portswigger.net/daily-swig/internal-aws-credentials-swiped-by-researcher-via-sql-payload https://t.me/cKure/11210

■■□□□ High severity local privilege escalation bug in the Windows Common Log File System Driver. Tracked as CVE-2022-24521, the Zero-Day was reported by CrowdStrike and NSA. https://t.me/cKure/11209

■■■□□ How a YouTube Video lead to pwning a web application via SQL Injection worth $4324 bounty. https://infosecwriteups.com/how-a-youtube-video-lead-to-pwning-a-web-application-via-sql-injection-worth-4324-bounty-285f0a9b9f6c https://t.me/cKure/11208

■□□□□ Wind Turbine Giant Nordex Hit By Cyber-Attack. Update on cyber security incident https://www.infosecurity-magazine.com/news/wind-turbine-nordex-cyber-attack/ https://t.me/cKure/11207

■■□□□ Obfuscated obfuscation. https://blog.lexfo.fr/dexguard.html#decrypting-the-class-loader https://t.me/cKure/11206

■■■□□ DoS exploit for CVE-2022-21907. Untested. https://github.com/polakow/CVE-2022-21907 https://t.me/cKure/11205

■■■□□ DoS exploit for CVE-2022-21907. Untested. https://github.com/polakow/CVE-2022-21907 https://t.me/cKure/11204

Kernel RCE in FreeBSD via WiFi frames. https://www.freebsd.org/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc Also affects pfSense / OPNsense / etc. https://t.me/cKure/11202

■■■■■ Zero-Day: CVE-2022-26809 – Windows RPC Wormable Remote Code Execution. Shodan: product:”Microsoft RPC Endpoint Mapper” Censys: https://censys.io/cve-2022-26809/ https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809 https://t.me/cKure/11200

■■■■□ Zero-Day: Critical VMware Workspace ONE Access CVE-2022-22954 flaw actively exploited. There are around 800 public instances of the vulnerable software. https://securityaffairs.co/wordpress/130188/hacking/vmware-workspace-one-access-flaw-attacks.html https://t.me/cKure/11199