IT Security News Bulletin #56

Date
January 25, 2021 Posted By
Gianni Gnesa

Categories

IT Security News Bulletin

Latest Infosec News and Articles

Weblogic Remote Code Execution Exploiting CVE-2019-2725 https://blog.cybercastle.io/weblogic-remote-code-execution-exploiting-cve-2019-2725/
Microsoft Teams and Skype Logging Privacy Issue https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/microsoft-teams-and-skype-logging-privacy-issue/
Bypassing and exploiting Bucket Upload Policies and Signed URLs https://labs.detectify.com/2018/08/02/bypassing-exploiting-bucket-upload-policies-signed-urls/
Pentesting the ELK Stack https://insinuator.net/2021/01/pentesting-the-elk-stack/
Arbitrium is a cross-platform, fully undetectable remote access trojan, to control Android, Windows and Linux and doesn’t require any firewall exceptions or port forwarding rules https://github.com/BenChaliah/Arbitrium-RAT
Python module for viewing Portable Executable (PE) files in a tree-view using pefile and PyQt5. Can also be used with IDA Pro and Rekall to dump in-memory PE files and reconstruct imports https://github.com/blackberry/pe_tree
Finding 0day to hack Apple https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md
Malspam with Word docs uses macro to run Powershell script and steal system data https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md
Unauthenticated XSS to Remote Code Execution Chain in Mautic < 3.2.4 https://www.horizon3.ai/disclosures/mautic-unauth-xss-to-rce.html
Shellcode Injection using Nim and Syscalls https://ajpc500.github.io/nim/Shellcode-Injection-using-Nim-and-Syscalls/

Latest Vulnerabilities, POCs, and Exploit

WordPress Plugin Simple Job Board 2.9.3 – Authenticated File Read (Metasploit) https://www.exploit-db.com/exploits/49450
Voting System 1.0 – File Upload RCE (Authenticated Remote Code Execution) https://www.exploit-db.com/exploits/49445
ChurchRota 2.6.4 – RCE (Authenticated) https://www.exploit-db.com/exploits/49443
Inteno IOPSYS 3.16.4 – root filesystem access via sambashare (Authenticated) https://www.exploit-db.com/exploits/49438
Cisco UCS Manager 2.2(1d) – Remote Command Execution https://www.exploit-db.com/exploits/49436

IT Security News Bulletin #59

February 15, 2021

Latest Infosec News and Articles Red Team

IT Security News Bulletin #58

February 8, 2021

Latest Infosec News and Articles Learning Linux

IT Security News Bulletin #57

February 1, 2021

Latest Infosec News and Articles Learning Linux

IT Security News Bulletin #56

January 25, 2021

Latest Infosec News and Articles Weblogic Remote

IT Security News Bulletin #55

January 18, 2021

Latest Infosec News and Articles Win32k System

IT Security News Bulletin #54

January 11, 2021

Latest Infosec News and Articles Red Team

Getting Started with WinDbg

January 5, 2021

https://www.youtube.com/watch?v=c492-BMacZ0 The Windows Debugger, also known as

IT Security News Bulletin #52

January 4, 2021

Latest Infosec News and Articles Analyzing Cobalt

IT Security News Bulletin #50

December 21, 2020

Latest Infosec News and Articles Finding Hidden

IT Security News Bulletin #49

December 14, 2020

Latest Infosec News and Articles 403Bypasser: bypass

Copyright © 2019 - Ptrace Security GmbH