■■■■■ #CodeExecution in #TeamViewer; #Patch released.
Technical description of Flaw:-
Once the service is loaded, it calls the WSAStringToAddressW WinAPI function (which causes the process to load the ws2_32.dll library) Next, the ws2_32.dll library loads the mswsock.dll library, and after a few calls it gets to the SockLoadHelperDll function, which tries to load wshtcpip.dll using LoadLibraryExW. The library tried to load the mentioned DLL files using LoadLibraryExW without flags.
latesthackingnews.com/2019/11/18/code-execution-vulnerability-found-in-teamviewer-patch-now
Technical description of Flaw:-
Once the service is loaded, it calls the WSAStringToAddressW WinAPI function (which causes the process to load the ws2_32.dll library) Next, the ws2_32.dll library loads the mswsock.dll library, and after a few calls it gets to the SockLoadHelperDll function, which tries to load wshtcpip.dll using LoadLibraryExW. The library tried to load the mentioned DLL files using LoadLibraryExW without flags.
latesthackingnews.com/2019/11/18/code-execution-vulnerability-found-in-teamviewer-patch-now
cKure
■■■■■ #Breaking #HackingTeam #Italy #PhineasFisher #CNBT #Cayman National Bank and Trust serving Isle of Man #CyberAttack #CyberWar #Hacktivism https://unicornriot.ninja/2019/massive-hack-strikes-offshore-cayman-national-bank-and-trust/
Sherwood.torrent
1.3 MB
The torrent file was not verified before sharing in this channel.
Users are responsible for their own actions at their risk.
Users are responsible for their own actions at their risk.
■□□□□ #DataBreach
https://www.darkreading.com/attacks-breaches/disney+-credentials-land-in-dark-web-hours-after-service-launch/d/d-id/1336395
https://www.darkreading.com/attacks-breaches/disney+-credentials-land-in-dark-web-hours-after-service-launch/d/d-id/1336395
Dark Reading
Cyberattacks & Data Breaches recent news | Dark Reading
Explore the latest news and expert commentary on Cyberattacks & Data Breaches, brought to you by the editors of Dark Reading
■■■■■ #GoodRead: #Facebook took 4 hours, 13 minutes to fix the security issue from initial report by bug hunter.
https://www.josipfranjkovic.com/blog/facebook-friendlist-paymentcard-leak
https://www.josipfranjkovic.com/blog/facebook-friendlist-paymentcard-leak
JosipFranjkovic
Getting any Facebook user's friend list and partial payment card details
I enjoy breaking websites.
■■■□□ #GoodRead #Exploit
https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module
https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module
NLnet Labs
Unbound - Security Advisories
We take security very seriously. If you have found a security issue in Unbound, please submit a security report. Possible domain hijacking via promiscuous records in the authority section Date:2025-10-22 (updated: 2025-11-26) CVE:CVE-2025-11411 Credit:Yuxiao…
■■■■□ #GoodRead #Windows #LPE; local privilege escalation
https://www.zerodayinitiative.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege
https://www.zerodayinitiative.com/blog/2019/11/19/thanksgiving-treat-easy-as-pie-windows-7-secure-desktop-escalation-of-privilege
Zero Day Initiative
Zero Day Initiative — Thanksgiving Treat: Easy-as-Pie Windows 7 Secure Desktop Escalation of Privilege
Not much interesting so far, just Yes and No buttons, a password input field, and an X button. You can click the upper-left corner of the window and get the standard, little-used “window menu”, having just Move and Close commands. The password input field…
■■■■□ #GitHub automatic security update
Automated security updates are now available to all developers 🙌
GitHub: We’ll monitor repository dependencies for known security vulnerabilities and then automatically open pull requests to update them. Another step in helping you build and secure your code.
https://github.com/features/security
Automated security updates are now available to all developers 🙌
GitHub: We’ll monitor repository dependencies for known security vulnerabilities and then automatically open pull requests to update them. Another step in helping you build and secure your code.
https://github.com/features/security
GitHub
GitHub Advanced Security · Built-in protection for every repository
Fix vulnerabilities and safeguard your software supply chain with built-in, AI-powered security.
■■□□□ #DataBreach
https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/
https://arstechnica.com/information-technology/2019/11/password-data-dumped-online-for-2-2-million-users-of-currency-and-gaming-sites/
Ars Technica
Password data for ~2.2 million users of currency and gaming sites dumped online
Researcher confirms data belongs to users of Gatehub and EpicBot services.
■■■■□ #Malware #Keylogger #AV #evasion #Phoenix
https://www.zdnet.com/google-amp/article/new-phoenix-keylogger-tries-to-stop-over-80-security-products-to-avoid-detection/
https://www.zdnet.com/google-amp/article/new-phoenix-keylogger-tries-to-stop-over-80-security-products-to-avoid-detection/
ZDNET
New Phoenix Keylogger tries to stop over 80 security products to avoid detection
Phoenix linked to more than 10,000 infections since the malware's launch on a hacking forum in July.