Double zero-day vulnerabilities in Chrome and Edge – check your versions now.
CVE-2023-2033: Type confusion in V8 in Google Chrome prior to 112.0.5615.121. A remote attacker could potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High.
CVE-2023-2136: Integer overflow in Skia in Google Chrome prior to 112.0.5615.137. A remote attacker who had compromised the renderer process could potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High.
https://nakedsecurity.sophos.com/2023/04/24/double-zero-day-in-chrome-and-edge-check-your-versions-now/
CVE-2023-2033: Type confusion in V8 in Google Chrome prior to 112.0.5615.121. A remote attacker could potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High.
CVE-2023-2136: Integer overflow in Skia in Google Chrome prior to 112.0.5615.137. A remote attacker who had compromised the renderer process could potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High.
https://nakedsecurity.sophos.com/2023/04/24/double-zero-day-in-chrome-and-edge-check-your-versions-now/
Sophos News
Naked Security – Sophos News
● Satellite hacking [14Ts227]: Russia uses uplink/downlink jamming via Tobol program to disable StarLink in Ukraine amid ongoing war.
Starlink appears to be immune to EW at satellite frequencies, it has GPS in its structure, which is vulnerable to electronic interference. If the GPS signal is jammed, Starlink cannot register, and even after successful registration, its speed is reduced until the connection is completely lost.
https://dzen.ru/a/ZEFpV9yMqWP8Kuui
https://www.thespacereview.com/article/4060/1
https://www.washingtonpost.com/national-security/2023/04/18/discord-leaks-starlink-ukraine/
https://eurasiantimes.com/russias-tobol-ew-system-cuts-off-starlink-from-its-ground-terminals/
https://www.washingtonpost.com/world/2023/04/20/bakhmut-ukraine-war-leaked-documents/
Starlink appears to be immune to EW at satellite frequencies, it has GPS in its structure, which is vulnerable to electronic interference. If the GPS signal is jammed, Starlink cannot register, and even after successful registration, its speed is reduced until the connection is completely lost.
https://dzen.ru/a/ZEFpV9yMqWP8Kuui
https://www.thespacereview.com/article/4060/1
https://www.washingtonpost.com/national-security/2023/04/18/discord-leaks-starlink-ukraine/
https://eurasiantimes.com/russias-tobol-ew-system-cuts-off-starlink-from-its-ground-terminals/
https://www.washingtonpost.com/world/2023/04/20/bakhmut-ukraine-war-leaked-documents/
Send My: Arbitrary data transmission via Apple's Find My network.
https://positive.security/blog/send-my
https://positive.security/blog/send-my
positive.security
Send My: Arbitrary data transmission via Apple's Find My network | Positive Security
Apple AirTags: Arbitrary data can be uploaded from non-internet-connected devices by sending Find My BLE broadcasts to nearby Apple devices. We're releasing an ESP32 firmware that turns the microcontroller into an (upload only) modem, and a macOS application…
Microsoft Excel Remote Code Execution Vulnerability.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24953
https://twitter.com/TecR0c/status/1656306296931471365
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24953
https://twitter.com/TecR0c/status/1656306296931471365
Twitter
Discovered a Microsoft Excel Remote Code Execution vulnerability: CVE-2023-24953 🚨 Now patched in MS May Patch Tuesday :->
https://t.co/fJhjOytZpQ
Thanks @msftsecresponse in addressing this vulnerability!
https://t.co/fJhjOytZpQ
Thanks @msftsecresponse in addressing this vulnerability!
The Dangers of Google’s .zip TLD. First URL is of the domain .zip as an example.
https://medium.com/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5
https://github.com∕kubernetes∕kubernetes∕archive∕refs∕tags∕@v1271.ziphttps://github.com/kubernetes/kubernetes/archive/refs/tags/v1.27.1.ziphttps://medium.com/@bobbyrsec/the-dangers-of-googles-zip-tld-5e1e675e59a5
Medium
The Dangers of Google’s .zip TLD
Can you quickly tell which of the URLs below is legitimate and which one is a malicious phish that drops evil.exe?
CVE-2023-28204 (Safari zero-day, may have been actively exploited) - commit e34edaa
https://github.com/WebKit/WebKit/commit/e34edaa74575ee13efcebdb7672b949a743ab32a
RegExpGlobalData::performMatch issue leading to OOB read https://github.com/WebKit/WebKit/commit/e34edaa74575ee13efcebdb7672b949a743ab32a
GitHub
[JSC] RegExpGlobalData::performMatch issue leading to OOB read · WebKit/WebKit@e34edaa
https://bugs.webkit.org/show_bug.cgi?id=254930
rdar://107436732
Reviewed by Alexey Shvayka.
Fixed two issues:
1) In YarrInterpreter.cpp::matchAssertionBOL() we were advancing the string position ...
rdar://107436732
Reviewed by Alexey Shvayka.
Fixed two issues:
1) In YarrInterpreter.cpp::matchAssertionBOL() we were advancing the string position ...
CVE-2022-3723_PoC.js
668 B
CVE-2022-3723 Exploit PoC: Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
● @ckure has not verified the authenticity of the exploit.
● @ckure has not verified the authenticity of the exploit.
⚠️ ‘Despicable’ iPhone Hacks In Armenia Find NSO Spyware ‘In Active Warzone’.
For the first time, the Israeli company’s spyware has been used in a conflict zone, according to researchers.
In mid-2021, Apple sent a warning to Anna Naghdalyan, then a spokesperson for Armenia’s foreign affairs agency, that her iPhone had possibly been hacked by a foreign government.
https://www.forbes.com/sites/thomasbrewster/2023/05/25/iphone-hacks-in-armenia-show-nso-spyware-in-warzone/?sh=4b76625f1a56
For the first time, the Israeli company’s spyware has been used in a conflict zone, according to researchers.
In mid-2021, Apple sent a warning to Anna Naghdalyan, then a spokesperson for Armenia’s foreign affairs agency, that her iPhone had possibly been hacked by a foreign government.
https://www.forbes.com/sites/thomasbrewster/2023/05/25/iphone-hacks-in-armenia-show-nso-spyware-in-warzone/?sh=4b76625f1a56
Forbes
‘Despicable’ iPhone Hacks In Armenia Find NSO Spyware ‘In Active Warzone’
For the first time, the Israeli company’s spyware has been used in a conflict zone, according to researchers.
Money message ransomware group hacks MSI and steals BIOS / Intel keys which will enable bad actors to code sign the firmware and send as an update to MSI systems.
MSI Signing Keys for Intel Boot Guard we're released by the group.
Now anyone can sign device firmware with MSI private keys. This represents a long-term persistent risk to be considered by all users.
The data is leaked after MSI ignored to pay the group.
https://vt.tiktok.com/ZSLNqWmTx/
https://www.bleepingcomputer.com/news/security/money-message-ransomware-gang-claims-msi-breach-demands-4-million/
https://www.kaspersky.com/blog/msi-firmware-keys-leak/48300/
https://socradar.io/money-message-ransomware-leaks-msi-signing-keys-for-intel-boot-guard/
MSI Signing Keys for Intel Boot Guard we're released by the group.
Now anyone can sign device firmware with MSI private keys. This represents a long-term persistent risk to be considered by all users.
The data is leaked after MSI ignored to pay the group.
https://vt.tiktok.com/ZSLNqWmTx/
https://www.bleepingcomputer.com/news/security/money-message-ransomware-gang-claims-msi-breach-demands-4-million/
https://www.kaspersky.com/blog/msi-firmware-keys-leak/48300/
https://socradar.io/money-message-ransomware-leaks-msi-signing-keys-for-intel-boot-guard/
CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability). PoC released for the bug exploited in attacks.
https://blog.avast.com/avast-patches-microsoft-vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336
https://www.bleepingcomputer.com/news/security/poc-released-for-windows-win32k-bug-exploited-in-attacks/
https://blog.avast.com/avast-patches-microsoft-vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336
https://www.bleepingcomputer.com/news/security/poc-released-for-windows-win32k-bug-exploited-in-attacks/
Avast
Avast discovers and helps patch a major vulnerability
Avast researchers discovered a dangerous vulnerability in Microsoft software, then worked with Microsoft to rapidly patch it.
cKure Red
CVE-2023-29336 (Win32k Elevation of Privilege Vulnerability). PoC released for the bug exploited in attacks. https://blog.avast.com/avast-patches-microsoft-vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29336 https://www.b…
YouTube
CVE-2023-29336 Exploit Demo on Windows Server 2016
CVE-2023-29336 - Win32k Elevation of Privilege Vulnerability.
Our researcher just developed the exploit and passed testing on Windows Server 2016
Our researcher just developed the exploit and passed testing on Windows Server 2016
Zero-Day: Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away (AirGap).
https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/
https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/
Ars Technica
Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away
Key-leaking side channels are a fact of life. Now they can be done by video-recording power LEDs.
Chinese hackers use DNS-over-HTTPS for Linux malware communication.
ChamelGang and ChamelDoH: A DNS-over-HTTPS implant
https://stairwell.com/news/chamelgang-and-chameldoh-a-dns-over-https-implant/
https://www.bleepingcomputer.com/news/security/chinese-hackers-use-dns-over-https-for-linux-malware-communication/
ChamelGang and ChamelDoH: A DNS-over-HTTPS implant
https://stairwell.com/news/chamelgang-and-chameldoh-a-dns-over-https-implant/
https://www.bleepingcomputer.com/news/security/chinese-hackers-use-dns-over-https-for-linux-malware-communication/
Stairwell
ChamelGang and ChamelDoH: A DNS-over-HTTPS implant — Stairwell
Exploiting CVE-2023-33476 for remote code execution.
https://blog.coffinsec.com/0day/2023/06/19/minidlna-cve-2023-33476-exploits.html
https://blog.coffinsec.com/0day/2023/06/19/minidlna-cve-2023-33476-exploits.html
hyprblog
chonked pt.2: exploiting cve-2023-33476 for remote code execution
second part in a two-part series going over heap overflow in MiniDLNA (CVE-2023-33476). this post provides a walkthrough of steps taken to write an exploit for this vulnerability in order to achieve remote code execution and pop a shell.
DNS Analyzer - Finding DNS vulnerabilities with Burp Suite.
https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite
https://sec-consult.com/blog/detail/dns-analyzer-finding-dns-vulnerabilities-with-burp-suite
SEC Consult
DNS Analyzer - Finding DNS vulnerabilities with Burp Suite
A brand-new Burp Suite extension for discovering DNS vulnerabilities in web applications.