Forwarded from GO-TO CVE
CVE-2023-38831-week-54.pdf
588.3 KB
بررسی CVE-2023-38831 – فقط یه فایل RAR باز کن… بوم! 🎯💣
سلام به همه عزیزان و عاشقان مهندسی معکوس! خوش اومدین به اپیزود ۵۴ از برنامهی هفتگی GO-TO CVE! 🎙💻
این هفته رفتیم سراغ یه آسیبپذیری واقعی و پر سر و صدا اما قدیمی در یکی از محبوبترین ابزارهای فشردهسازی دنیا WinRAR! 🎯
🔹 Week: 54
🔹 CVE: CVE-2023-38831
🔹 Type: RCE via Archive Trick
🔹 Target: WinRAR < v6.23
⚒️ Patch چی بوده؟
توی نسخه 6.23 و بالاتر، تیم WinRAR منطق اولویتدهی به فایل و فولدر با نام یکسان رو اصلاح کرده. حالا دیگه فولدر همنام فایل نمیتونه باعث override رفتار کلیک بشه، و این یعنی پایان ترفند RCE با اسمگذاری هوشمندانه!
🎯 توی اپیزود ۵۴ از کانال GO-TO CVE با هم بررسی کردیم:
📬 عضویت در کانال + هر هفته یه باگ باحال برای تحلیل:
https://news.1rj.ru/str/GOTOCVE
#week_54
سلام به همه عزیزان و عاشقان مهندسی معکوس! خوش اومدین به اپیزود ۵۴ از برنامهی هفتگی GO-TO CVE! 🎙💻
این هفته رفتیم سراغ یه آسیبپذیری واقعی و پر سر و صدا اما قدیمی در یکی از محبوبترین ابزارهای فشردهسازی دنیا WinRAR! 🎯
🔹 Week: 54
🔹 CVE: CVE-2023-38831
🔹 Type: RCE via Archive Trick
🔹 Target: WinRAR < v6.23
⚒️ Patch چی بوده؟
توی نسخه 6.23 و بالاتر، تیم WinRAR منطق اولویتدهی به فایل و فولدر با نام یکسان رو اصلاح کرده. حالا دیگه فولدر همنام فایل نمیتونه باعث override رفتار کلیک بشه، و این یعنی پایان ترفند RCE با اسمگذاری هوشمندانه!
🎯 توی اپیزود ۵۴ از کانال GO-TO CVE با هم بررسی کردیم:
📬 عضویت در کانال + هر هفته یه باگ باحال برای تحلیل:
https://news.1rj.ru/str/GOTOCVE
#week_54
❏ </Mr. SAM/> ❏
░▒▓█ cybersecurity █▓▒░
CISA Releases Four ICS Advisories Surrounding Vulnerabilities, and Exploits
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ cybersecurity █▓▒░
CISA Releases Four ICS Advisories Surrounding Vulnerabilities, and Exploits
🔗 ➢➣➤ More ...
@NullError_ir 📢
Cyber Security News
CISA Releases Four ICS Advisories Surrounding Vulnerabilities, and Exploits
CISA issued four comprehensive Industrial Control Systems (ICS) advisories on August 19, 2025, highlighting serious vulnerabilities affecting critical infrastructure sectors including energy and manufacturing.
❏ </Mr. SAM/> ❏
░▒▓█ Unit42 █▓▒░
Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ Unit42 █▓▒░
Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth
🔗 ➢➣➤ More ...
@NullError_ir 📢
Unit 42
Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth
A campaign leverages CVE-2024-36401 to stealthily monetize victims' bandwidth where legitimate software development kits (SDKs) are deployed for passive income. Software development kits (SDKs) are deployed for passive income in a campaign leveraging CVE…
❏ </Mr. SAM/> ❏
░▒▓█ cybersecurity █▓▒░
DragonForce Ransomware Attack Analysis – Targets, TTPs and IoCs
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ cybersecurity █▓▒░
DragonForce Ransomware Attack Analysis – Targets, TTPs and IoCs
🔗 ➢➣➤ More ...
@NullError_ir 📢
Cyber Security News
DragonForce Ransomware Attack Analysis – Targets, TTPs and IoCs
DragonForce represents a sophisticated and rapidly evolving ransomware operation that has emerged as a significant threat in the cybersecurity landscape since late 2023.
❏ </Mr. SAM/> ❏
░▒▓█ TheHackersNews █▓▒░
Weak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ TheHackersNews █▓▒░
Weak Passwords and Compromised Accounts: Key Findings from the Blue Report 2025
🔗 ➢➣➤ More ...
@NullError_ir 📢
Telegram
Mr. SAM
یکشنبه
۷ ( دی = ۱۰ ) ۱٤۰٤
28 ( دسامبر = december = 12 ) 2025
تکنیکها ، کالبدشکافی ، درک عمیق ، یک قدم جلوتر ...
https://news.1rj.ru/str/boost/NullError_ir
۷ ( دی = ۱۰ ) ۱٤۰٤
28 ( دسامبر = december = 12 ) 2025
تکنیکها ، کالبدشکافی ، درک عمیق ، یک قدم جلوتر ...
https://news.1rj.ru/str/boost/NullError_ir
❏ </Mr. SAM/> ❏
░▒▓█ SecurityWeek █▓▒░
Orange Belgium Data Breach Impacts 850,000 Customers
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ SecurityWeek █▓▒░
Orange Belgium Data Breach Impacts 850,000 Customers
🔗 ➢➣➤ More ...
@NullError_ir 📢
SecurityWeek
Orange Belgium Data Breach Impacts 850,000 Customers
Orange Belgium says hackers accessed data pertaining to 850,000 customer accounts during a July cyberattack.
❏ </Mr. SAM/> ❏
░▒▓█ cybersecurity █▓▒░
FBI Warns of Russian Government Hackers Attacking Networking Devices of Critical Infrastructure
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ cybersecurity █▓▒░
FBI Warns of Russian Government Hackers Attacking Networking Devices of Critical Infrastructure
🔗 ➢➣➤ More ...
@NullError_ir 📢
Cyber Security News
FBI Warns of Russian Government Hackers Attacking Networking Devices of Critical Infrastructure
FBI warns FSB hackers exploit Cisco CVE-2018-0171 & SNMP flaws to breach US and global infrastructure via unpatched network devices.
❏ </Mr. SAM/> ❏
░▒▓█ SecurityWeek █▓▒░
Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ SecurityWeek █▓▒░
Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI
🔗 ➢➣➤ More ...
@NullError_ir 📢
SecurityWeek
Russian APT Exploiting 7-Year-Old Cisco Vulnerability: FBI
Russian state-sponsored hackers tracked as Static Tundra continue to target Cisco devices affected by CVE-2018-0171.
❏ </Mr. SAM/> ❏
░▒▓█ Schneier █▓▒░
Jim Sanborn Is Auctioning Off the Solution to Part Four of the Kryptos Sculpture
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ Schneier █▓▒░
Jim Sanborn Is Auctioning Off the Solution to Part Four of the Kryptos Sculpture
🔗 ➢➣➤ More ...
@NullError_ir 📢
Schneier on Security
Jim Sanborn Is Auctioning Off the Solution to Part Four of the Kryptos Sculpture - Schneier on Security
Well, this is interesting: The auction, which will include other items related to cryptology, will be held Nov. 20. RR Auction, the company arranging the sale, estimates a winning bid between $300,000 and $500,000. Along with the original handwritten plain…
❏ </Mr. SAM/> ❏
░▒▓█ hackday █▓▒░
CAL 3D Printing Spins Resin Right Round, Baby
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ hackday █▓▒░
CAL 3D Printing Spins Resin Right Round, Baby
🔗 ➢➣➤ More ...
@NullError_ir 📢
Hackaday
CAL 3D Printing Spins Resin Right Round, Baby
Computed Axial Lithography (CAL) is a lighting-fast form of volumetric 3D printing that holds incredible promise for the future, and [The Action Lab] filmed it in action at a Berkeley team’s …
❏ </Mr. SAM/> ❏
░▒▓█ BleepingComputer █▓▒░
FBI warns of Russian hackers exploiting 7-year-old Cisco flaw
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ BleepingComputer █▓▒░
FBI warns of Russian hackers exploiting 7-year-old Cisco flaw
🔗 ➢➣➤ More ...
@NullError_ir 📢
BleepingComputer
FBI warns of Russian hackers exploiting 7-year-old Cisco flaw
The Federal Bureau of Investigation (FBI) has warned that hackers linked to Russia's Federal Security Service (FSB) are targeting critical infrastructure organizations in attacks exploiting a 7-year-old vulnerability in Cisco devices.
❏ </Mr. SAM/> ❏
░▒▓█ cybersecurity █▓▒░
Threat Actors Weaponize PDF Editor With New Torjan to Turn Device Into Proxy
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ cybersecurity █▓▒░
Threat Actors Weaponize PDF Editor With New Torjan to Turn Device Into Proxy
🔗 ➢➣➤ More ...
@NullError_ir 📢
Cyber Security News
Threat Actors Weaponize PDF Editor With New Torjan to Turn Device Into Proxy
Fake PDF editor signed by GLINT SOFTWARE drops ‘ManualFinder’ trojan, turning devices into residential proxies via multi-stage attack.
❏ </Mr. SAM/> ❏
░▒▓█ TheRecord █▓▒░
Scattered Spider affiliate given 10 year sentence, ordered to pay $13 million in restitution
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ TheRecord █▓▒░
Scattered Spider affiliate given 10 year sentence, ordered to pay $13 million in restitution
🔗 ➢➣➤ More ...
@NullError_ir 📢
therecord.media
Scattered Spider affiliate given 10 year sentence, ordered to pay $13 million in restitution
A Florida judge ignored prosecutors’ request for an eight-year sentence and gave Noah Michael Urban 10 years in prison with three years of supervised release, and ordered him to pay $13 million in restitution to more than 30 victims.
❏ </Mr. SAM/> ❏
░▒▓█ DarkReading █▓▒░
DARPA: Closing the Open Source Security Gap With AI
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ DarkReading █▓▒░
DARPA: Closing the Open Source Security Gap With AI
🔗 ➢➣➤ More ...
@NullError_ir 📢
Dark Reading
DARPA: Closing the Open Source Security Gap With AI
DARPA's Kathleen Fisher discusses the AI Cyber Challenge at DEF CON 33, and the results that proved how automation can help patch vulnerabilities at scale.
❏ </Mr. SAM/> ❏
░▒▓█ SecurityWeek █▓▒░
Scattered Spider Hacker Sentenced to Prison
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ SecurityWeek █▓▒░
Scattered Spider Hacker Sentenced to Prison
🔗 ➢➣➤ More ...
@NullError_ir 📢
SecurityWeek
Scattered Spider Hacker Sentenced to Prison
Noah Urban was sentenced to 10 years in prison for his role in the notorious cybercriminal operation known as Scattered Spider.
❏ </Mr. SAM/> ❏
░▒▓█ BleepingComputer █▓▒░
Why Certified VMware Pros Are Driving the Future of IT
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ BleepingComputer █▓▒░
Why Certified VMware Pros Are Driving the Future of IT
🔗 ➢➣➤ More ...
@NullError_ir 📢
BleepingComputer
Why Certified VMware Pros Are Driving the Future of IT
From hybrid cloud to AI, IT complexity and security risks are accelerating. Certified VMware pros bring clarity and resilience that keep teams ahead. See why CIOs are making certification a workforce strategy with VMUG.
❏ </Mr. SAM/> ❏
░▒▓█ cybersecurity █▓▒░
Internet Archive Abused for Hosting Stealthy JScript Loader Malware
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ cybersecurity █▓▒░
Internet Archive Abused for Hosting Stealthy JScript Loader Malware
🔗 ➢➣➤ More ...
@NullError_ir 📢
Cyber Security News
Internet Archive Abused for Hosting Stealthy JScript Loader Malware
Malspam JScript uses PowerShell to fetch PNG from archive.org hiding a .NET loader, abusing Internet Archive to evade detection.
❏ </Mr. SAM/> ❏
░▒▓█ DarkReading █▓▒░
Tailing Hackers, Columbia University Uses Logging to Improve Security
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ DarkReading █▓▒░
Tailing Hackers, Columbia University Uses Logging to Improve Security
🔗 ➢➣➤ More ...
@NullError_ir 📢
Dark Reading
Columbia University Uses Logging to Improve Security
Logging netflows provided valuable insight about attacker tactics during a breach by state-sponsored hackers targeting Columbia's research labs.
❏ </Mr. SAM/> ❏
░▒▓█ BleepingComputer █▓▒░
Microsoft asks customers for feedback on SSD failure issues
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ BleepingComputer █▓▒░
Microsoft asks customers for feedback on SSD failure issues
🔗 ➢➣➤ More ...
@NullError_ir 📢
BleepingComputer
Microsoft asks customers for feedback on reported SSD failures
Microsoft is seeking further information from customers who reported failure and data corruption issues affecting their solid-state drives (SSDs) and hard disk drives (HDDs) after installing the August 2025 security update.
❏ </Mr. SAM/> ❏
░▒▓█ cybersecurity █▓▒░
Threat Actors Abuse AI Website Creation App to Deliver Malware
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ cybersecurity █▓▒░
Threat Actors Abuse AI Website Creation App to Deliver Malware
🔗 ➢➣➤ More ...
@NullError_ir 📢
Cyber Security News
Threat Actors Abuse AI Website Creation App to Deliver Malware
Hackers abuse AI site builder Lovable to craft phishing pages and malware hubs, lowering barriers to cybercrime with text-based prompts.
❏ </Mr. SAM/> ❏
░▒▓█ DarkReading █▓▒░
Prepping the Front Line for MFA Social Engineering Attacks
🔗 ➢➣➤ More ...
@NullError_ir 📢
░▒▓█ DarkReading █▓▒░
Prepping the Front Line for MFA Social Engineering Attacks
🔗 ➢➣➤ More ...
@NullError_ir 📢
Dark Reading
Prepping Front Line for MFA Social Engineering Attacks
With the right mix of training, support, and trust, frontline help-desk agents can become your biggest security assets.