⚡️ #Windows 11 Build 261002605: A Closer Look at the Latest Patch Tuesday #Update

https://undercodenews.com/windows-11-build-261002605-a-closer-look-at-the-latest-patch-tuesday-update/

@Undercode_News

⚡️ #Windows 11's Final 2024 Security #Update: A Closer Look

https://undercodenews.com/windows-11s-final-2024-security-update-a-closer-look/

@Undercode_News

⚡️ #Microsoft Releases Final #Windows 10 Security #Update for 2024

https://undercodenews.com/microsoft-releases-final-windows-10-security-update-for-2024/

@Undercode_News

🛡️ #Microsoft Purview: Your Comprehensive Data Protection and Governance Solution

https://undercodenews.com/microsoft-purview-your-comprehensive-data-protection-and-governance-solution/

@Undercode_News

#NASA's Lucy Spacecraft Prepares for a Gravity Assist

https://undercodenews.com/nasas-lucy-spacecraft-prepares-for-a-gravity-assist/

@Undercode_News

🔋 #Samsung's The Frame: Art Mode Meets QLED Excellence

https://undercodenews.com/samsungs-the-frame-art-mode-meets-qled-excellence/

@Undercode_News

⚡️ Informative #Samsung's Tough New Phone: #Galaxy Xcover 8 Pro Battery Details Revealed

https://undercodenews.com/informative-samsungs-tough-new-phone-galaxy-xcover-8-pro-battery-details-revealed/

@Undercode_News

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Google Dork : intext:"siemens" & inurl:"/portal/portal.mwsl"

locate Siemens S7 PLC (Programmable Logic Controller) web interfaces through publicly accessible search

This Google dork, intext:"siemens" & inurl:"/portal/portal.mwsl", reveals
the web interfaces of Siemens S7 series PLC controllers. These interfaces
provide access to critical control and monitoring functions of industrial
systems. Unauthorized access can lead to significant operational
disruptions and security risks in industrial environments.

Proof Of Concept (PoC):
Steps to Reproduce:
1.Open Google Search.
2.Enter the dork query: intext:"siemens" & inurl:"/portal/portal.mwsl".
3.Review the search results to find URLs of Siemens S7 PLC web interfaces.
4. Click on a search result to access the web interface of the PLC.
5.Attempt to log in using default or commonly known credentials (if login
is required).

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🛡️ #Tesla's Self-Driving Taxi Might Get a Remote Control Safety Net

https://undercodenews.com/teslas-self-driving-taxi-might-get-a-remote-control-safety-net/

@Undercode_News

🚨 Patch Your WPForms Now: Millions of Sites Vulnerable to Payment Fraud (#CVE-2024-11205)

https://undercodenews.com/patch-your-wpforms-now-millions-of-sites-vulnerable-to-payment-fraud-cve-2024-11205/

@Undercode_News

🦑CSP Bypass Search:

https://cspbypass.com/

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🚀 Support & Share: t.me/undercodecommunity

This is the hub for developers and tech enthusiasts:
💻 Topics We Cover:

🔐 CVE News & Databases
📰 Hacker & Tech News
🛡 Cybersecurity, Hacking, and Secret Methods
🌟 Our Mission:
Share your knowledge, collaborate, and grow together in a community designed for innovation and learning.

🔗 Join now: Let's build the future together!

@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

⚠️ #Alphabet's CapitalG Invests in Insider Risk Firm Dtex Systems

https://undercodenews.com/alphabets-capitalg-invests-in-insider-risk-firm-dtex-systems/

@Undercode_News

🛡️ Fortifying the Telecom Fortress: Wyden's Proposal to Bolster Cybersecurity

https://undercodenews.com/fortifying-the-telecom-fortress-wydens-proposal-to-bolster-cybersecurity/

@Undercode_News

🚨 Beware of Smishing Scams: Protect Yourself from Text Message Threats

https://undercodenews.com/beware-of-smishing-scams-protect-yourself-from-text-message-threats/

@Undercode_News

🛡️ Cyber Security Transparency: A Flawed System

https://undercodenews.com/cyber-security-transparency-a-flawed-system/

@Undercode_News

Informative Enhancing Code Integrity with Persistent Commit Signature Verification

https://undercodenews.com/informative-enhancing-code-integrity-with-persistent-commit-signature-verification/

@Undercode_News

Scammers Cash In: Americans Lose Billions to Government and Tech Support Impersonators

https://undercodenews.com/scammers-cash-in-americans-lose-billions-to-government-and-tech-support-impersonators/

@Undercode_News

Target Discounts Gift Cards, Bath & Body Works Candle Day Returns, and More Holiday Deals

https://undercodenews.com/target-discounts-gift-cards-bath-body-works-candle-day-returns-and-more-holiday-deals/

@Undercode_News

▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🦑Advanced Hacking: file hijacking caused by directory permissions:

In Windows systems, improper permissions on certain directories or files allow attackers to implant malicious files or execute files in these directories. Since these directories lack effective access control and security review, attackers can exploit vulnerabilities to modify, replace or inject files, or even hijack legitimate processes or services in the system.

In Windows systems, there are some typical weak-permission directories, such as C:\Windows\Temp, C:\ProgramDataetc. These directories are usually used to store temporary files. However, many applications and users do not set sufficient permission control for these directories when using them. Attackers can implement file hijacking attacks by placing malicious executable files in these directories, thereby executing code or elevating system permissions.

Several file hijacking cases to understand the security issues caused by weak permission directories. Before going into specific cases, let's start with the CreateProcess API.

1️⃣. Unsafe use of CreateProcess
CreateProcessThe API is the basic function used to create a new process in Windows. Its working mechanism is crucial to program startup and path resolution. This API has multiple parameters, among which lpApplicationNameand lpCommandLineare key parameters, which together affect the behavior of process creation, especially how to parse and execute the passed executable file path.

CreateProcessBasic usage

CreateProcessThe prototype is as follows:

BOOL CreateProcess(
  LPCWSTR lpApplicationName, 
  LPWSTR lpCommandLine,        
  LPSECURITY_ATTRIBUTES lpProcessAttributes,  
  LPSECURITY_ATTRIBUTES lpThreadAttributes,   
  BOOL bInheritHandles,         
  DWORD dwCreationFlags,       
  LPVOID lpEnvironment,        
  LPCWSTR lpCurrentDirectory,  
  LPSTARTUPINFO lpStartupInfo,  
  LPPROCESS_INFORMATION lpProcessInformation  
);

2️⃣ lpApplicationName: Specifies the path to the application (optional). If NULL, the system will lpCommandLineparse the application path from the first space-delimited item of .
lpCommandLine: Command line arguments passed to the new process. If lpApplicationName, NULLthis argument must include the full path to the application or command name.
lpApplicationNameNULLPath resolution for

When lpApplicationNameis NULL, the system must lpCommandLineparse the executable file path from . This process involves path parsing and processing, which may involve the problem of file names containing spaces.

Path resolution order on the command line:

Let's look at an example from Microsoft's official documentation. Suppose that lpCommandLineit contains something like the following:

c:\program files\sub dir\program name

3️⃣CreateProcess executes the path without quotes, and lpApplicationNamethe NULLsystem will parse the path in the following order:

c:\program.exe: The system first attempts to parse the path by truncating it from the beginning of the string c:\program.exe.
c:\program files\sub.exe: If the first resolution fails, the system attempts to resolve the path to c:\program files\sub.exe.
c:\program files\sub dir\program.exe: Next, the system tries to resolve the entire path, thinks program.exeit is an executable file name, and tries to execute it.
c:\program files\sub dir\program name.exe: Finally, the system attempts to resolve program nameas an executable file name and appends .exethe extension to it.