Exploiting Social Media: TikTok Links Used to Hijack Microsoft Accounts
https://cofense.com/blog/exploiting-social-media-tiktok-links-used-to-hijack-microsoft-accounts
https://cofense.com/blog/exploiting-social-media-tiktok-links-used-to-hijack-microsoft-accounts
Cofense
Exploiting Social Media: TikTok Links Used to Hijack
In the fast-paced world of social media, new threats are emerging every day, and not all of them come from where you’d expect. The Cofense Phishing Defense Center (PDC) intelligence team recently
New Outlook app is far more tightly integrated with the cloud than a user might expect, opening up the scope of potential Microsoft data collection. This represents a significant privacy issue..:
https://www.xda-developers.com/privacy-implications-new-microsoft-outlook/
https://www.xda-developers.com/privacy-implications-new-microsoft-outlook/
XDA
Microsoft's new Outlook client quietly moves your email to the cloud
Microsoft’s new version of Outlook introduces some controversial data-sharing features
Critical Exploit in MediaTek Wi-Fi Chipsets: Zero-Click Vulnerability (CVE-2024-20017) Threatens Routers and Smartphones:
https://blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/
Detailed analysis for - 4 exploits, 1 bug: exploiting cve-2024-20017 4 different ways
Affected chipsets:
- MT6890, MT7915, MT7916, MT7981, MT7986, MT7622
Affected software:
- SDK version 7.4.0.1 and before (for MT7915) / SDK version 7.6.7.0 and before (for MT7916, MT7981 and MT7986) / OpenWrt 19.07, 21.02
http://0.0.0.0:4000/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html
PoC:
https://github.com/mellow-hype/cve-2024-20017
https://blog.sonicwall.com/en-us/2024/09/critical-exploit-in-mediatek-wi-fi-chipsets-zero-click-vulnerability-cve-2024-20017-threatens-routers-and-smartphones/
Detailed analysis for - 4 exploits, 1 bug: exploiting cve-2024-20017 4 different ways
Affected chipsets:
- MT6890, MT7915, MT7916, MT7981, MT7986, MT7622
Affected software:
- SDK version 7.4.0.1 and before (for MT7915) / SDK version 7.6.7.0 and before (for MT7916, MT7981 and MT7986) / OpenWrt 19.07, 21.02
http://0.0.0.0:4000/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html
PoC:
https://github.com/mellow-hype/cve-2024-20017
Novel Exploit Chain Enables Windows UAC Bypass
https://www.darkreading.com/vulnerabilities-threats/exploit-chain-windows-uac-bypass
https://www.darkreading.com/vulnerabilities-threats/exploit-chain-windows-uac-bypass
IT_Security_Management_Checklist_9_Key_Recommendations_to_Keep_Your.pdf
835.5 KB
IT Security Management
Checklist
9 Key Recommendations to Keep Network Safe
Checklist
9 Key Recommendations to Keep Network Safe
MMSF - Mobile framework that combines functionalities from frida, objection, drozer, and many more.
Massive Mobile Security Framework:
- https://github.com/St3v3nsS/MMSF
Massive Mobile Security Framework:
- https://github.com/St3v3nsS/MMSF
Locally saved Word files with capitalized file extensions or # in the noscript may be deleted after save
https://support.microsoft.com/en-us/office/locally-saved-word-files-with-capitalized-file-extensions-or-in-the-noscript-may-be-deleted-after-save-5e28f8c2-32d0-487b-b237-9c7c74d25f84
https://support.microsoft.com/en-us/office/locally-saved-word-files-with-capitalized-file-extensions-or-in-the-noscript-may-be-deleted-after-save-5e28f8c2-32d0-487b-b237-9c7c74d25f84
TOP 5 ANOMALY DETECTION LIBRARIES.pdf
6.8 MB
TOP 5 - Anomaly Detection Libraries
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines.
Firefox
https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
Firefox
https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
Mozilla
Security Vulnerability fixed in Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1
Взлом робота-пылесоса и слежка за хозяином в прямом эфире (Hacking a robot vacuum cleaner and spying on its owner live)
- https://habr.com/ru/companies/cloud4y/articles/849294/
- https://habr.com/ru/companies/cloud4y/articles/849294/
Хабр
Взлом робота-пылесоса и слежка за хозяином в прямом эфире
Крупный производитель домашней робототехники не смог устранить проблемы безопасности своих роботов‑пылесосов, хотя получил предупреждение о рисках ещё в прошлом году. Даже...
SeamlessPass - Leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO
https://github.com/Malcrove/SeamlessPass/tree/main
https://github.com/Malcrove/SeamlessPass/tree/main
GitHub
GitHub - Malcrove/SeamlessPass: A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO
A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO - Malcrove/SeamlessPass
Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions
..red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity:
https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html
EDRSilencer:
https://github.com/netero1010/EDRSilencer
..red team tool that threat actors are attempting to abuse for its ability to block EDR traffic and conceal malicious activity:
https://www.trendmicro.com/en_us/research/24/j/edrsilencer-disrupting-endpoint-security-solutions.html
EDRSilencer:
https://github.com/netero1010/EDRSilencer
Trend Micro
Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions
WhatsApp may expose the OS you use to run it – which could expose you to crooks
Messaging service creates persistent user IDs that have different qualities on each device
https://www.theregister.com/2024/10/16/whatsapp_privacy_concerns/
Messaging service creates persistent user IDs that have different qualities on each device
https://www.theregister.com/2024/10/16/whatsapp_privacy_concerns/
The Register
WhatsApp may expose the OS you use to run it – which could expose you to crooks
Meta knows messaging service creates persistent user IDs that have different qualities on each device