Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
β‘οΈ #Windows 11 Build 261002605: A Closer Look at the Latest Patch Tuesday #Update
https://undercodenews.com/windows-11-build-261002605-a-closer-look-at-the-latest-patch-tuesday-update/
@Undercode_News
https://undercodenews.com/windows-11-build-261002605-a-closer-look-at-the-latest-patch-tuesday-update/
@Undercode_News
UNDERCODE NEWS
Windows 11 Build 261002605: A Closer Look at the Latest Patch Tuesday Update - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
β‘οΈ #Windows 11's Final 2024 Security #Update: A Closer Look
https://undercodenews.com/windows-11s-final-2024-security-update-a-closer-look/
@Undercode_News
https://undercodenews.com/windows-11s-final-2024-security-update-a-closer-look/
@Undercode_News
UNDERCODE NEWS
Windows 11's Final 2024 Security Update: A Closer Look - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
β‘οΈ #Microsoft Releases Final #Windows 10 Security #Update for 2024
https://undercodenews.com/microsoft-releases-final-windows-10-security-update-for-2024/
@Undercode_News
https://undercodenews.com/microsoft-releases-final-windows-10-security-update-for-2024/
@Undercode_News
UNDERCODE NEWS
Microsoft Releases Final Windows 10 Security Update for 2024 - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π‘οΈ #Microsoft Purview: Your Comprehensive Data Protection and Governance Solution
https://undercodenews.com/microsoft-purview-your-comprehensive-data-protection-and-governance-solution/
@Undercode_News
https://undercodenews.com/microsoft-purview-your-comprehensive-data-protection-and-governance-solution/
@Undercode_News
UNDERCODE NEWS
Microsoft Purview: Your Comprehensive Data Protection and Governance Solution - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
#NASA's Lucy Spacecraft Prepares for a Gravity Assist
https://undercodenews.com/nasas-lucy-spacecraft-prepares-for-a-gravity-assist/
@Undercode_News
https://undercodenews.com/nasas-lucy-spacecraft-prepares-for-a-gravity-assist/
@Undercode_News
UNDERCODE NEWS
NASA's Lucy Spacecraft Prepares for a Gravity Assist - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π #Samsung's The Frame: Art Mode Meets QLED Excellence
https://undercodenews.com/samsungs-the-frame-art-mode-meets-qled-excellence/
@Undercode_News
https://undercodenews.com/samsungs-the-frame-art-mode-meets-qled-excellence/
@Undercode_News
UNDERCODE NEWS
Samsung's The Frame: Art Mode Meets QLED Excellence - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
β‘οΈ Informative #Samsung's Tough New Phone: #Galaxy Xcover 8 Pro Battery Details Revealed
https://undercodenews.com/informative-samsungs-tough-new-phone-galaxy-xcover-8-pro-battery-details-revealed/
@Undercode_News
https://undercodenews.com/informative-samsungs-tough-new-phone-galaxy-xcover-8-pro-battery-details-revealed/
@Undercode_News
UNDERCODE NEWS
Informative Samsung's Tough New Phone: Galaxy Xcover 8 Pro Battery Details Revealed - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE TESTING
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Google Dork : intext:"siemens" & inurl:"/portal/portal.mwsl"
locate Siemens S7 PLC (Programmable Logic Controller) web interfaces through publicly accessible search
This Google dork, intext:"siemens" & inurl:"/portal/portal.mwsl", reveals
the web interfaces of Siemens S7 series PLC controllers. These interfaces
provide access to critical control and monitoring functions of industrial
systems. Unauthorized access can lead to significant operational
disruptions and security risks in industrial environments.
Proof Of Concept (PoC):
Steps to Reproduce:
1.Open Google Search.
2.Enter the dork query: intext:"siemens" & inurl:"/portal/portal.mwsl".
3.Review the search results to find URLs of Siemens S7 PLC web interfaces.
4. Click on a search result to access the web interface of the PLC.
5.Attempt to log in using default or commonly known credentials (if login
is required).
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Google Dork : intext:"siemens" & inurl:"/portal/portal.mwsl"
locate Siemens S7 PLC (Programmable Logic Controller) web interfaces through publicly accessible search
This Google dork, intext:"siemens" & inurl:"/portal/portal.mwsl", reveals
the web interfaces of Siemens S7 series PLC controllers. These interfaces
provide access to critical control and monitoring functions of industrial
systems. Unauthorized access can lead to significant operational
disruptions and security risks in industrial environments.
Proof Of Concept (PoC):
Steps to Reproduce:
1.Open Google Search.
2.Enter the dork query: intext:"siemens" & inurl:"/portal/portal.mwsl".
3.Review the search results to find URLs of Siemens S7 PLC web interfaces.
4. Click on a search result to access the web interface of the PLC.
5.Attempt to log in using default or commonly known credentials (if login
is required).
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π‘οΈ #Tesla's Self-Driving Taxi Might Get a Remote Control Safety Net
https://undercodenews.com/teslas-self-driving-taxi-might-get-a-remote-control-safety-net/
@Undercode_News
https://undercodenews.com/teslas-self-driving-taxi-might-get-a-remote-control-safety-net/
@Undercode_News
UNDERCODE NEWS
Tesla's Self-Driving Taxi Might Get a Remote Control Safety Net - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π¨ Patch Your WPForms Now: Millions of Sites Vulnerable to Payment Fraud (#CVE-2024-11205)
https://undercodenews.com/patch-your-wpforms-now-millions-of-sites-vulnerable-to-payment-fraud-cve-2024-11205/
@Undercode_News
https://undercodenews.com/patch-your-wpforms-now-millions-of-sites-vulnerable-to-payment-fraud-cve-2024-11205/
@Undercode_News
UNDERCODE NEWS
Patch Your WPForms Now: Millions of Sites Vulnerable to Payment Fraud (CVE-2024-11205) - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE TESTING
β β β Uππ»βΊπ«Δπ¬πβ β β β
π Support & Share: t.me/undercodecommunity
This is the hub for developers and tech enthusiasts:
π» Topics We Cover:
π CVE News & Databases
π° Hacker & Tech News
π‘ Cybersecurity, Hacking, and Secret Methods
π Our Mission:
Share your knowledge, collaborate, and grow together in a community designed for innovation and learning.
π Join now: Let's build the future together!
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
π Support & Share: t.me/undercodecommunity
This is the hub for developers and tech enthusiasts:
π» Topics We Cover:
π CVE News & Databases
π° Hacker & Tech News
π‘ Cybersecurity, Hacking, and Secret Methods
π Our Mission:
Share your knowledge, collaborate, and grow together in a community designed for innovation and learning.
π Join now: Let's build the future together!
@UndercodeCommunity
β β β Uππ»βΊπ«Δπ¬πβ β β β
Telegram
UNDERCODE COMMUNITY
π¦ Undercode Cyber World!
@UndercodeCommunity
FREE
- Hackers Post Monitor:
Latest Bug bounty Methods, Tools Updates, AI, Courses! @Undercode_Testing
- Cyber & Tech NEWS:
@Undercode_News
- CVE: @Daily_CVE
β¨Official Web & Services:
β Undercode.help
@UndercodeCommunity
FREE
- Hackers Post Monitor:
Latest Bug bounty Methods, Tools Updates, AI, Courses! @Undercode_Testing
- Cyber & Tech NEWS:
@Undercode_News
- CVE: @Daily_CVE
β¨Official Web & Services:
β Undercode.help
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
β οΈ #Alphabet's CapitalG Invests in Insider Risk Firm Dtex Systems
https://undercodenews.com/alphabets-capitalg-invests-in-insider-risk-firm-dtex-systems/
@Undercode_News
https://undercodenews.com/alphabets-capitalg-invests-in-insider-risk-firm-dtex-systems/
@Undercode_News
UNDERCODE NEWS
Alphabet's CapitalG Invests in Insider Risk Firm Dtex Systems - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π‘οΈ Fortifying the Telecom Fortress: Wyden's Proposal to Bolster Cybersecurity
https://undercodenews.com/fortifying-the-telecom-fortress-wydens-proposal-to-bolster-cybersecurity/
@Undercode_News
https://undercodenews.com/fortifying-the-telecom-fortress-wydens-proposal-to-bolster-cybersecurity/
@Undercode_News
UNDERCODE NEWS
Fortifying the Telecom Fortress: Wyden's Proposal to Bolster Cybersecurity - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π¨ Beware of Smishing Scams: Protect Yourself from Text Message Threats
https://undercodenews.com/beware-of-smishing-scams-protect-yourself-from-text-message-threats/
@Undercode_News
https://undercodenews.com/beware-of-smishing-scams-protect-yourself-from-text-message-threats/
@Undercode_News
UNDERCODE NEWS
Beware of Smishing Scams: Protect Yourself from Text Message Threats - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
π‘οΈ Cyber Security Transparency: A Flawed System
https://undercodenews.com/cyber-security-transparency-a-flawed-system/
@Undercode_News
https://undercodenews.com/cyber-security-transparency-a-flawed-system/
@Undercode_News
UNDERCODE NEWS
Cyber Security Transparency: A Flawed System - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Informative Enhancing Code Integrity with Persistent Commit Signature Verification
https://undercodenews.com/informative-enhancing-code-integrity-with-persistent-commit-signature-verification/
@Undercode_News
https://undercodenews.com/informative-enhancing-code-integrity-with-persistent-commit-signature-verification/
@Undercode_News
UNDERCODE NEWS
Informative Enhancing Code Integrity with Persistent Commit Signature Verification - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Scammers Cash In: Americans Lose Billions to Government and Tech Support Impersonators
https://undercodenews.com/scammers-cash-in-americans-lose-billions-to-government-and-tech-support-impersonators/
@Undercode_News
https://undercodenews.com/scammers-cash-in-americans-lose-billions-to-government-and-tech-support-impersonators/
@Undercode_News
UNDERCODE NEWS
Scammers Cash In: Americans Lose Billions to Government and Tech Support Impersonators - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from UNDERCODE NEWS (Copyright & Fact Checker)
Target Discounts Gift Cards, Bath & Body Works Candle Day Returns, and More Holiday Deals
https://undercodenews.com/target-discounts-gift-cards-bath-body-works-candle-day-returns-and-more-holiday-deals/
@Undercode_News
https://undercodenews.com/target-discounts-gift-cards-bath-body-works-candle-day-returns-and-more-holiday-deals/
@Undercode_News
UNDERCODE NEWS
Target Discounts Gift Cards, Bath & Body Works Candle Day Returns, and More Holiday Deals - UNDERCODE NEWS
Undercode News was founded in order to provide the most useful information in the world of hacking and technology. Staffed 24/24 hours, seven days a week by a dedicated team in undercode around the world, so it can provide an environment of information andβ¦
Forwarded from Exploiting Crew (Pr1vAt3)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Advanced Hacking: file hijacking caused by directory permissions:
In Windows systems, improper permissions on certain directories or files allow attackers to implant malicious files or execute files in these directories. Since these directories lack effective access control and security review, attackers can exploit vulnerabilities to modify, replace or inject files, or even hijack legitimate processes or services in the system.
Several file hijacking cases to understand the security issues caused by weak permission directories. Before going into specific cases, let's start with the CreateProcess API.
1οΈβ£. Unsafe use of CreateProcess
CreateProcessThe API is the basic function used to create a new process in Windows. Its working mechanism is crucial to program startup and path resolution. This API has multiple parameters, among which lpApplicationNameand lpCommandLineare key parameters, which together affect the behavior of process creation, especially how to parse and execute the passed executable file path.
CreateProcessBasic usage
CreateProcessThe prototype is as follows:
π¦Advanced Hacking: file hijacking caused by directory permissions:
In Windows systems, improper permissions on certain directories or files allow attackers to implant malicious files or execute files in these directories. Since these directories lack effective access control and security review, attackers can exploit vulnerabilities to modify, replace or inject files, or even hijack legitimate processes or services in the system.
In Windows systems, there are some typical weak-permission directories, such as C:\Windows\Temp, C:\ProgramDataetc. These directories are usually used to store temporary files. However, many applications and users do not set sufficient permission control for these directories when using them. Attackers can implement file hijacking attacks by placing malicious executable files in these directories, thereby executing code or elevating system permissions.
Several file hijacking cases to understand the security issues caused by weak permission directories. Before going into specific cases, let's start with the CreateProcess API.
1οΈβ£. Unsafe use of CreateProcess
CreateProcessThe API is the basic function used to create a new process in Windows. Its working mechanism is crucial to program startup and path resolution. This API has multiple parameters, among which lpApplicationNameand lpCommandLineare key parameters, which together affect the behavior of process creation, especially how to parse and execute the passed executable file path.
CreateProcessBasic usage
CreateProcessThe prototype is as follows:
BOOL CreateProcess(
LPCWSTR lpApplicationName,
LPWSTR lpCommandLine,
LPSECURITY_ATTRIBUTES lpProcessAttributes,
LPSECURITY_ATTRIBUTES lpThreadAttributes,
BOOL bInheritHandles,
DWORD dwCreationFlags,
LPVOID lpEnvironment,
LPCWSTR lpCurrentDirectory,
LPSTARTUPINFO lpStartupInfo,
LPPROCESS_INFORMATION lpProcessInformation
);