CVE-2024-20656 – Local Privilege Escalation in the VSStandardCollectorService150 Service https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/
MDSec
CVE-2024-20656 - Local Privilege Escalation in the VSStandardCollectorService150 Service - MDSec
Overview Visual Studio is a complex and powerful IDE developed by Microsoft and comes with a lot of features that can be interesting from a red team perspective. During this...
Inside CVE-2024-20656: PoC Exploit Threatens Visual Studio Security https://securityonline.info/inside-cve-2024-20656-poc-exploit-threatens-visual-studio-security/
Cybersecurity News
Inside CVE-2024-20656: PoC Exploit Threatens Visual Studio Security
Details and proof-of-concept (PoC) exploit code have emerged about a now-patched security flaw, CVE-2024-20656, in Microsoft Visual Studio
Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin https://www.wordfence.com/blog/2024/01/type-juggling-leads-to-two-vulnerabilities-in-post-smtp-mailer-wordpress-plugin/
Day 9 - XDR Incident Response insights https://github.com/LearningKijo/SecurityResearcher-Note/blob/main/SecurityResearcher-Note-Folder/Day09-XDR-Insights-part1.md
GitHub
SecurityResearcher-Note/SecurityResearcher-Note-Folder/Day09-XDR-Insights-part1.md at main · LearningKijo/SecurityResearcher-Note
Cover various security approaches to attack techniques and also provides new discoveries about security breaches. - LearningKijo/SecurityResearcher-Note
👏1
Analysis of Android settings during a forensic investigation https://blog.digital-forensics.it/2024/01/analysis-of-android-settings-during.html
blog.digital-forensics.it
Analysis of Android settings during a forensic investigation
DFIR research
🥱1
New Findings Challenge Attribution in Denmark's Energy Sector Cyberattacks https://thehackernews.com/2024/01/new-findings-challenge-attribution-in.html
Rooting the FiiO M6 - Part 1 - Using the "World's Worst Fuzzer" To Find A Kernel Bug https://stigward.github.io/posts/fiio-m6-kernel-bug/
Stigward’s Security Journal
Rooting the FiiO M6 - Part 1 - Using the “World’s Worst Fuzzer” To Find A Kernel Bug
Overview: A few months ago, I was cleaning off my hardware workbench when I came across my FiiO M6, an Android-based “portable high-resolution lossless music player”. I originally purchased the device to aid in my language learning studies and dabble in the…
Rooting the FiiO M6 - Part 2 - Writing an LPE Exploit For Our Overflow Bug https://stigward.github.io/posts/fiio-m6-exploit/
Stigward’s Security Journal
Rooting the FiiO M6 - Part 2 - Writing an LPE Exploit For Our Overflow Bug
Overview:
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html
Trend Micro
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
This blog delves into the Phemedrone Stealer campaign's exploitation of CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability, for its defense evasion and investigates the malware's payload.
Linux Kernel Teaching¶ https://linux-kernel-labs.github.io/refs/heads/master/index.html
Android-based PAX POS vulnerabilities (Part 1) https://blog.stmcyber.com/pax-pos-cves-2023/
STM Cyber Blog
Android-based PAX POS vulnerabilities (Part 1) - STM Cyber Blog
In this article, we present details of 6 vulnerabilities on the Android POS devices made by the worldwide known company PAX Technology.
PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack. https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
Quarkslab
PixieFail: Nine vulnerabilities in Tianocore's EDK II IPv6 network stack. - Quarkslab's blog
This blog post provides details about nine vulnerabilities affecting the IPv6 network protocol stack of EDK II, TianoCore's open source reference implementation of UEFI.
Hacking into a Toyota/Eicher Motors insurance company by exploiting their premium calculator website https://eaton-works.com/2024/01/17/ttibi-email-hack/
Eaton-Works
Hacking into a Toyota/Eicher Motors insurance company by exploiting their premium calculator website
A vulnerable API on Toyota Tsusho Insurance Broker India’s premium calculator website exposed Microsoft corporate cloud credentials.
*nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 1 of 2 https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-one/
JFrog
*nix libX11: Uncovering and exploiting a 35-year-old vulnerability - Part 1 of 2
Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.
New Microsoft Incident Response guides help security teams analyze suspicious activity https://www.microsoft.com/en-us/security/blog/2024/01/17/new-microsoft-incident-response-guides-help-security-teams-analyze-suspicious-activity/
Microsoft News
New Microsoft Incident Response guides help security teams analyze suspicious activity
Access the first two cloud investigation guides from Microsoft Incident Response to improve triage and analysis of data in Microsoft 365 and Microsoft Entra ID.
⚡1
Artifact Reference Guide (created by the Microsoft Incident Response Team) https://www.microsoft.com/content/dam/microsoft/final/en-us/microsoft-brand/documents/MSFT-IR-UAL-Entra-Guide-JAN24.pdf
Reversing and Tooling a Signed Request Hash in Obfuscated JavaScript https://buer.haus/2024/01/16/reversing-and-tooling-a-signed-request-hash-in-obfuscated-javascript/
👍2
Security Brief: TA866 Returns with a Large Email Campaign https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta866-returns-large-email-campaign
Proofpoint
Security Brief: TA866 Returns with a Large Email Campaign | Proofpoint US
What happened Proofpoint researchers identified the return of TA866 to email threat campaign data, after a nine-month absence. On January 11, 2024, Proofpoint blocked a large volume