CVE-2022-42475 | Zero-Day: Heap overflow in Fortinet's SSLVPN PoC. This PoC has hardcoded valid which change from system to system.
https://github.com/scrt/cve-2022-42475
https://github.com/scrt/cve-2022-42475
GitHub
GitHub - scrt/cve-2022-42475: POC code to exploit the Heap overflow in Fortinet's SSLVPN daemon
POC code to exploit the Heap overflow in Fortinet's SSLVPN daemon - scrt/cve-2022-42475
■■■■□ Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets.
https://www.bleepingcomputer.com/news/security/google-finds-18-zero-day-vulnerabilities-in-samsung-exynos-chipsets/
https://www.bleepingcomputer.com/news/security/google-finds-18-zero-day-vulnerabilities-in-samsung-exynos-chipsets/
BleepingComputer
Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets
Project Zero, Google's zero-day bug-hunting team, discovered and reported 18 zero-day vulnerabilities in Samsung's Exynos chipsets used in mobile devices, wearables, and cars.
Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation.
https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem
https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem
Google Cloud Blog
Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation | Google Cloud Blog
A suspected Chinese actor used a zero-day vulnerability in FortiOS and multiple custom malware families as part of an espionage campaign.
aCropalypse vulnerability can recover sensitive information previously removed from Pixel screenshots.
https://www.xda-developers.com/acropalypse-vulnerability/
https://www.xda-developers.com/acropalypse-vulnerability/
XDA
aCropalypse vulnerability can recover sensitive information previously removed from Pixel screenshots
A newly revealed vulnerability could reveal previously redacted details from screenshots if the edits were made using a Pixel device.
Technical summary of breaking into Breach-Forums by FBI.
Apparently, Conor was using his personal internet connection to operate the darknet platform and apparently did not use TOR/VPN once in 2022 due to connection failure or forgetfulness. This IP led FBI to him.
It also seems that the FBI had access to the logs of the server somehow. Likely a Zero-day in the web component.
https://www.bleepingcomputer.com/news/security/fbi-confirms-access-to-breached-cybercrime-forum-database/
Apparently, Conor was using his personal internet connection to operate the darknet platform and apparently did not use TOR/VPN once in 2022 due to connection failure or forgetfulness. This IP led FBI to him.
It also seems that the FBI had access to the logs of the server somehow. Likely a Zero-day in the web component.
https://www.bleepingcomputer.com/news/security/fbi-confirms-access-to-breached-cybercrime-forum-database/
BleepingComputer
FBI confirms access to Breached cybercrime forum database
Today, the FBI confirmed they have access to the database of the notorious BreachForums (aka Breached) hacking forum after the U.S. Justice Department also officially announced the arrest of its owner
● An Android app from China executed a zero-day exploit on millions of devices.
Fast-growing e-commerce app Pinduoduo had an EvilParcel stow-away.
https://github-com.translate.goog/davinci1010/pinduoduo_backdoor
https://mp-weixin-qq-com.translate.goog/s/P_EYQxOEupqdU0BJMRqWsw
https://techcrunch.com/2023/03/20/google-flags-apps-made-by-popular-chinese-e-commerce-giant-as-malware/
https://arstechnica.com/information-technology/2023/03/android-app-from-china-executed-0-day-exploit-on-millions-of-devices/
Fast-growing e-commerce app Pinduoduo had an EvilParcel stow-away.
https://github-com.translate.goog/davinci1010/pinduoduo_backdoor
https://mp-weixin-qq-com.translate.goog/s/P_EYQxOEupqdU0BJMRqWsw
https://techcrunch.com/2023/03/20/google-flags-apps-made-by-popular-chinese-e-commerce-giant-as-malware/
https://arstechnica.com/information-technology/2023/03/android-app-from-china-executed-0-day-exploit-on-millions-of-devices/
TechCrunch
Google flags apps made by popular Chinese e-commerce giant as malware
Google has flagged several apps made by a Chinese e-commerce giant as malware, alerting users who had them installed, and suspended the company’s official app.
Wire-Tap by the Greece government on journalists and opposition parliamentarians by former PM after they used predator and other spyware softwares against civilians by botched law changes and legal loopholes.
https://youtu.be/SpitB6p7-W4
https://youtu.be/SpitB6p7-W4
YouTube
Greece’s spyware scandal | The Listening Post
Greece is facing an ongoing surveillance scandal after it was revealed that several journalists had their phones hacked by spyware employed for surveillance by the Greek intelligence service. While a scandal of this magnitude should typically attract the…
RedTeam: WinRAR SFX archives can run PowerShell without being detected.
https://www.bleepingcomputer.com/news/security/winrar-sfx-archives-can-run-powershell-without-being-detected/
https://www.bleepingcomputer.com/news/security/winrar-sfx-archives-can-run-powershell-without-being-detected/
BleepingComputer
WinRAR SFX archives can run PowerShell without being detected
Hackers are adding malicious functionality to WinRAR self-extracting archives that contain harmless decoy files, allowing them to plant backdoors without triggering the security agent on the target system.
Obfu[DE]scate is a de-obfuscation tool for Android APKs that uses fuzzy comparison logic to identify similarities between functions.
https://github.com/user1342/Obfu-DE-Scate
https://github.com/user1342/Obfu-DE-Scate
GitHub
GitHub - user1342/Obfu-DE-Scate: Obfu[DE]scate is a de-obfuscation tool for Android APKs that uses fuzzy comparison logic to identify…
Obfu[DE]scate is a de-obfuscation tool for Android APKs that uses fuzzy comparison logic to identify similarities between functions, even if they have been renamed as part of obfuscation. It compar...
CVE-2022-42845: 20-Year-Old XNU Use After Free Vulnerability in ndrv.c
https://adamdoupe.com/blog/2022/12/13/cve-2022-42845-xnu-use-after-free-vulnerability-in-ndrv-dot-c/
https://adamdoupe.com/blog/2022/12/13/cve-2022-42845-xnu-use-after-free-vulnerability-in-ndrv-dot-c/
Adamdoupe
CVE-2022-42845: 20-Year-Old XNU Use After Free Vulnerability in ndrv.c - Adam Doupé
I’ve been on a sabbatical this academic year, and my goal is to understand the state-of-the art in exploitation and vulnerability analysis by …
Spyware vendor QuaDream closes down after our citizenlab report.
● So they likely change their name and keep spreading corruption throughout the land.
https://twitter.com/jsrailton/status/1647649372069412867
● So they likely change their name and keep spreading corruption throughout the land.
https://twitter.com/jsrailton/status/1647649372069412867
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible.
https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
Google Cloud Blog
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible…
Double zero-day vulnerabilities in Chrome and Edge – check your versions now.
CVE-2023-2033: Type confusion in V8 in Google Chrome prior to 112.0.5615.121. A remote attacker could potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High.
CVE-2023-2136: Integer overflow in Skia in Google Chrome prior to 112.0.5615.137. A remote attacker who had compromised the renderer process could potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High.
https://nakedsecurity.sophos.com/2023/04/24/double-zero-day-in-chrome-and-edge-check-your-versions-now/
CVE-2023-2033: Type confusion in V8 in Google Chrome prior to 112.0.5615.121. A remote attacker could potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High.
CVE-2023-2136: Integer overflow in Skia in Google Chrome prior to 112.0.5615.137. A remote attacker who had compromised the renderer process could potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High.
https://nakedsecurity.sophos.com/2023/04/24/double-zero-day-in-chrome-and-edge-check-your-versions-now/
Sophos News
Naked Security – Sophos News
● Satellite hacking [14Ts227]: Russia uses uplink/downlink jamming via Tobol program to disable StarLink in Ukraine amid ongoing war.
Starlink appears to be immune to EW at satellite frequencies, it has GPS in its structure, which is vulnerable to electronic interference. If the GPS signal is jammed, Starlink cannot register, and even after successful registration, its speed is reduced until the connection is completely lost.
https://dzen.ru/a/ZEFpV9yMqWP8Kuui
https://www.thespacereview.com/article/4060/1
https://www.washingtonpost.com/national-security/2023/04/18/discord-leaks-starlink-ukraine/
https://eurasiantimes.com/russias-tobol-ew-system-cuts-off-starlink-from-its-ground-terminals/
https://www.washingtonpost.com/world/2023/04/20/bakhmut-ukraine-war-leaked-documents/
Starlink appears to be immune to EW at satellite frequencies, it has GPS in its structure, which is vulnerable to electronic interference. If the GPS signal is jammed, Starlink cannot register, and even after successful registration, its speed is reduced until the connection is completely lost.
https://dzen.ru/a/ZEFpV9yMqWP8Kuui
https://www.thespacereview.com/article/4060/1
https://www.washingtonpost.com/national-security/2023/04/18/discord-leaks-starlink-ukraine/
https://eurasiantimes.com/russias-tobol-ew-system-cuts-off-starlink-from-its-ground-terminals/
https://www.washingtonpost.com/world/2023/04/20/bakhmut-ukraine-war-leaked-documents/
Send My: Arbitrary data transmission via Apple's Find My network.
https://positive.security/blog/send-my
https://positive.security/blog/send-my
positive.security
Send My: Arbitrary data transmission via Apple's Find My network | Positive Security
Apple AirTags: Arbitrary data can be uploaded from non-internet-connected devices by sending Find My BLE broadcasts to nearby Apple devices. We're releasing an ESP32 firmware that turns the microcontroller into an (upload only) modem, and a macOS application…