🛡️ Upgrading Your SIEM: A Guide to Modern Cybersecurity

https://undercodenews.com/upgrading-your-siem-a-guide-to-modern-cybersecurity/

@Undercode_News

#Windows 11's Evolving Start Menu: A Step Forward, But Still a Nudge Too Far

https://undercodenews.com/windows-11s-evolving-start-menu-a-step-forward-but-still-a-nudge-too-far/

@Undercode_News

Getting RCE via Worst Fit 🤦

If you watched the Black Hat talk from Orange Tsai and Splitline last week in London, you might have found yourself shocked to see that a code snippet like the one below can lead to RCE.

Why can this be hacked? 🤔

Well, because you can inject double quotes... But can you? Not really, because 'subprocess.run()' would handle them securely. What you can do instead though is inject the odd fullwidth quotation mark: ＂

This shouldn't be a problem because surely shells wouldn't interpret this, right?

Wrong. Since Windows historically stores a lot of things, like cmdlines, environment variables, etc., in both ANSI and UTF-16, we run into a problem... How can you represent a value in ANSI if that value doesn't actually exist in the character set?

Meet "Best Fit". Which converts certain UTF-16 characters to similar-looking ANSI characters (such as converting a ∞ to an 8. Or converting a ¥ to a backslash. Or converting a ＂to a normal double quote).

This means that you can pwn this code snippet by injecting something like:

＂ --use-askpass=calc ＂

This pops calculator.

If you want to play around a bit with this, you may want to check out this PoC that I've created: https://lnkd.in/dBgeFscq

Also, you may want to check out https://worst[.]fit/ which tracks a list of Windows binaries vulnerable to this attack.

The worst part? Microsoft says this isn't a Windows vulnerability while open-source library maintainers say it is. So who is gonna fix it? 🤷‍♂️

Ref: Florian Walter
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🔍 Serbia's #Spyware Scandal: A Deep Dive into the NoviSpy Affair

https://undercodenews.com/serbias-spyware-scandal-a-deep-dive-into-the-novispy-affair/

@Undercode_News

🔴 ColdFusion Improper Access Control (#CVE-2024-20767) - HIGH

https://dailycve.com/coldfusion-improper-access-control-cve-2024-20767-high/

@DailyCVE

🔴 #Windows Kernel-Mode Driver Elevation of Privilege Vulnerability (#CVE-2024-XXXX) (Critical)

https://dailycve.com/windows-kernel-mode-driver-elevation-of-privilege-vulnerability-cve-2024-xxxx-critical/

@Daily_CVE

Winnti Group's Glutton: A Multi-Layered PHP Backdoor with a Twist

https://undercodenews.com/winnti-groups-glutton-a-multi-layered-php-backdoor-with-a-twist/

@Undercode_News

Farewell, Dragon! #SpaceX Cargo Ship Departs Space Station

https://undercodenews.com/farewell-dragon-spacex-cargo-ship-departs-space-station/

@Undercode_News

Dragon Departs the International Space Station: Witness Its Undocking Live on #NASA+!

https://undercodenews.com/dragon-departs-the-international-space-station-witness-its-undocking-live-on-nasa/

@Undercode_News

🚨 Internet-Exposed HMIs: A Growing Threat to Water and Wastewater Systems

https://undercodenews.com/internet-exposed-hmis-a-growing-threat-to-water-and-wastewater-systems/

@Undercode_News

🦑 𝟏𝟎 𝐁𝐥𝐮𝐞 𝐓𝐞𝐚𝐦 𝐓𝐫𝐚𝐢𝐧𝐢𝐧𝐠 𝐅𝐑𝐄𝐄 𝐂𝐨𝐮𝐫𝐬𝐞𝐬

1- Cybersecurity for Students: lnkd.in/g4YmXP9J
2- SOC Fundamentals: lnkd.in/gVfUGNR3
3- Phishing Email Analysis: lnkd.in/giQWrn3a
4- Detecting Web Attacks: lnkd.in/gUTFXRzM
5- Malware Traffic Analysis with Wireshark: lnkd.in/g5Ze-iwU
6- Linux for Blue Team: lnkd.in/gvpWMdea
7-Building a Malware Analysis Lab: lnkd.in/gGXunp4q
8-📊 Splunk for SOC: lnkd.in/gkZMam_n
9-🔐 Introduction to Cryptology: lnkd.in/g3jbE84W
10-💼 Job Hunting: lnkd.in/g9MeH9P7

Ref: Mohamed Hamdi
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

🚨 Rhode Island's RIBridges System Compromised in #Ransomware Attack

https://undercodenews.com/rhode-islands-ribridges-system-compromised-in-ransomware-attack/

@Undercode_News

🛡️ Agile Business, Agile Security: How #AI and Zero Trust Work Together

https://undercodenews.com/agile-business-agile-security-how-ai-and-zero-trust-work-together/

@Undercode_News

🖥️ Beware Graphic Designers: Malicious Ads Targeting You with Fake #Software

https://undercodenews.com/beware-graphic-designers-malicious-ads-targeting-you-with-fake-software/

@Undercode_News

🚨 Iranian Cyberweapon Targets Critical Infrastructure: Decoding the IOCONTROL Threat

https://undercodenews.com/iranian-cyberweapon-targets-critical-infrastructure-decoding-the-iocontrol-threat/

@Undercode_News

🔧 GOWATT MagSafe Dock: A Sleek and Functional Charging Solution

https://undercodenews.com/gowatt-magsafe-dock-a-sleek-and-functional-charging-solution/

@Undercode_News

⚡️ #iOS 183 Beta Released: What's New?

https://undercodenews.com/ios-183-beta-released-whats-new/

@Undercode_News