/ VMware ESXi TCP/IP Memory Corruption Remote Code Execution Vulnerability

https://www.zerodayinitiative.com/advisories/ZDI-22-1021/

P.S. Thx dear subscriber for the link ✌️

Boundary tool - Identity-based access for zero trust security

* https://www.boundaryproject.io/

/ Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits

https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/

Samba 4.16.4, 4.15.9 and 4.14.14 Security Releases are available for Download

These are Security Releases in order to address CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745 and CVE-2022-32746.

https://www.samba.org/samba/latest_news.html#4.16.4

Old cat, new tricks, bad habits

An analysis of Charming Kitten’s new tools and OPSEC errors

The Telegram grabber tool is written in C++ and uses the open source Telegram Database Library (TDLib), a cross-platform Telegram client typically used to create custom apps for the platform... and many another interesting research info..:

https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/old-cat-new-tricks.html

System Administrator Appreciation Day

Be Strong, Be Healthy, Be Smart ✌️

/ Vulnerability in Dahua’s ONVIF Implementation Threatens IP Camera Security

https://www.nozominetworks.com/blog/vulnerability-in-dahua-s-onvif-implementation-threatens-ip-camera-security/

/ Living Off Windows Defender | LockBit Ransomware Sideloads Cobalt Strike Through Microsoft Security Tool

https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool/

/ DNS settings to avoid email spoofing and phishing for unused domain

https://www.cyberciti.biz/security/dns-settings-to-avoid-email-spoofing-and-phishing-for-unused-domain/

/ Multiple vulnerabilities were privately reported to VMware. (critical)

Patches are available to remediate these vulnerabilities in affected VMware products:

https://www.vmware.com/security/advisories/VMSA-2022-0021.html

/ CVE-2022-29154: Rsync client-side arbitrary file write vulnerability

https://www.openwall.com/lists/oss-security/2022/08/02/1

/ XSS vulnerabilities in Google Cloud, Google Play could lead to account hijacks

Article does not has any tecnical analysys, but has discovering information:

https://portswigger.net/daily-swig/xss-vulnerabilities-in-google-cloud-google-play-could-lead-to-account-hijacks

/ GitLab plans to delete dormant projects in free accounts

🙁

https://www.theregister.com/2022/08/04/gitlab_data_retention_policy

/ Hijacking email with Cloudflare Email Routing
…
Cloudflare Email Routing was in closed beta back when I discovered this vulnerability, with only a few domains having been granted access. Sadly, I was not invited to the party, so I was simply going to have to crash it instead.
…

https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/

Fourteen Ways to Read the PID for the Local Security Authority Subsystem Service (LSASS)

Process enumeration is necessary prior to injecting shellcode or dumping memory. Threat actors tend to favour using CreateToolhelp32Snapshot with Process32First and Process32Next to gather a list of running processes. And if they’re a bit more tech-savvy, they’ll use the NtQuerySystemInformation system call directly.

Although this post will focus on obtaining a PID specifically for LSASS, the methods described here can be adapted to resolve PIDs for any process. Some of these are well known and have been discussed before, but there’s also a few new ones that many readers won’t be familiar with…

* https://www.mdsec.co.uk/2022/08/fourteen-ways-to-read-the-pid-for-the-local-security-authority-subsystem-service-lsass/

/ CyRC Vulnerability Advisory: Local privilege escalation in Kaspersky VPN

https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/

/ Zimbra Email - Stealing Clear-Text Credentials via Memcache injection

https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/

/ Notice about Slack password resets

On August 4, 2022, we notified approximately 0.5% of Slack users that we reset their passwords in response to a bug that occurred when users created or revoked a Shared Invite Link for their workspace. When a user performed either of these actions, Slack transmitted a hashed version of their password to other workspace members. This hashed password was not visible in any Slack clients; discovering it required actively monitoring encrypted network traffic coming from Slack’s servers. This bug was discovered by an independent security researcher and disclosed to us on July 17, 2022. It affected all users who created or revoked Shared Invite Links between April 17, 2017 and July 17, 2022.

https://slack.com/blog/news/notice-about-slack-password-resets

/ An incident impacting some accounts and private information on Twitter

We want to let you know about a vulnerability that allowed someone to enter a phone number or email address into the log-in flow in the attempt to learn if that information was tied to an existing Twitter account, and if so, which specific account.

https://privacy.twitter.com/en/blog/2022/an-issue-affecting-some-anonymous-accounts

/ Multiple vulnerabilities were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products (critical)

https://www.vmware.com/security/advisories/VMSA-2022-0021.html