infosec.exchange
Open in
urlscan Pro
2a04:4e42:400::820
Public Scan
URL:
https://infosec.exchange/@screaminggoat/113314746053792994
Submission: On October 18 via api from IN — Scanned from DE
Submission: On October 18 via api from IN — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
Mastodon Konto erstellenAnmelden FRÜHERE SUCHANFRAGEN Keine früheren Suchanfragen SUCHOPTIONEN Nur verfügbar, wenn angemeldet. infosec.exchange ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst. A Mastodon instance for info/cyber security-minded people. VERWALTET VON: Jerry Bell @jerry SERVERSTATISTIK: 14 Tsd. aktive Profile infosec.exchange: Über · Profilverzeichnis · Datenschutzerklärung Mastodon: Über · App herunterladen · Tastenkombinationen · Quellcode anzeigen · v4.4.0-alpha.1+glitch BEITRÄGE UND ANTWORTEN Not Simon @screaminggoat ENHat eine VorschaukarteÖffentlich Microsoft Security Response Center (MSRC) security advisories: * CVE-2024-38208 [msrc.microsoft.com] (6.1 medium) Microsoft Edge for Android Spoofing Vulnerability (Note: Unknown if publicly disclosed since it's not populated) * CVE-2024-38209 [msrc.microsoft.com] (7.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability * CVE-2024-38210 [msrc.microsoft.com] (7.8 high) Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability * CVE-2024-41879 [msrc.microsoft.com] (score pending) Adobe: CVE-2024-41879 Adobe PDF Viewer Remote Code Execution Vulnerability * CVE-2024-43477 [msrc.microsoft.com] (7.5 high) Entra ID Elevation of Privilege Vulnerability (Note: The vulnerability documented by this CVE requires no customer action to resolve) * CVE-2024-7971 [msrc.microsoft.com] Chromium: CVE-2024-7971 Type confusion in V8 * Google is aware that an exploit for CVE-2024-7971 exists in the wild. * CVE-2024-38178 [msrc.microsoft.com] (7.5 high, disclosed 13 August 2024 as an exploited zero-day) Scripting Engine Memory Corruption Vulnerability (updated the acknowledgements only) Notes: * Microsoft Edge has been updated to version 128.0.2739.42, which is based on Chromium version 128.0.6613.84/.85. This includes patching against the actively exploited zero-day CVE-2024-7971. * Besides CVE-2024-7971, I skipped mentioning 19 other vulnerabilities that Google publicly announced yesterday [chromereleases.googleblog.com]. * It's worth noting that Microsoft credited AhnLab and National Cyber Security Center (NCSC), Republic of Korea for reporting CVE-2024-38178. AhnLab Security Emergency Response Center (ASEC) has historically tracked various North Korean state-sponsored APTs such as Kimsuky, Reaper (Scarcruft), Andariel, and Lazarus. This is speculation but it's likely that CVE-2024-38178 was exploited by North Korean APTs, even though it's not their usual flavor of zero-day vulnerabilities (Bring Your Own Vulnerable Driver). msrc.microsoft.comSecurity Update Guide - Microsoft Security Response Center #Microsoft#MSRC#vulnerability… und 12 weitere 23. Aug. Not Simon @screaminggoat ENDieser Toot ist eine AntwortHat eine VorschaukarteÖffentlich anyone read Korean? ASEC: ASEC and NCSC Release Joint Report on Microsoft Zero-Day Browser Vulnerability (CVE-2024-38178) [asec.ahnlab.com] See parent toot for information on CVE-2024-38178. AhnLab SEcurity intelligence Center (ASEC) and Korea's National Cyber Security Center (NCSC) published a joint report "Operation Code on Toast by TA-RedAnt" confirming that the DPRK actor known as Scarcruft (APT37) exploited CVE-2024-38178 as a zero-day: * This operation exploited a zero-day vulnerability in IE to utilize a specific toast ad program that is installed alongside various free software. * TA-RedAnt first attacked the Korean online advertising agency server for ad programs to download ad content. They then injected vulnerability code into the server’s ad content script. This vulnerability is exploited when the ad program downloads and renders the ad content. As a result, a zero-click attack occurred without any interaction from the user. * This vulnerability occurs when one type of data is mistakenly treated as another during the optimization process of IE’s JavaScript engine (jscript9.dll), allowing type confusion to occur. TA-RedAnt exploited this vulnerability to trick victims into downloading malware on their desktops with the toast ad program installed. After infecting the system, various malicious behaviors can be performed, such as remote commands. ASEC · 2 T.ASEC and NCSC Release Joint Report on Microsoft Zero-Day Browser Vulnerability (CVE-2024-38178) - ASECAhnLab SEcurity intelligence Center (ASEC) and the National Cyber Security Center (NCSC) have discovered a new zero-day vulnerability in the Microsoft Internet Explorer (IE) browser and have conducted a detailed analysis on attacks that exploit this vulnerability. This post shares the joint analysis report “Operation Code on Toast by TA-RedAnt” which details the findings of […] #northkorea#apt#scarcruft… und 11 weitere 2 T. Not Simon @screaminggoat@infosec.exchange Scarcruft/APT37 Indicators of Compromise: * ad_toast : e11bb2478930d0b5f6c473464f2a2B6e * 43 : b9d4702c1b72659f486259520f48b483 * 23 : b18a8ea838b6760f4857843cafe5717d * MOVE : da2a5353400bd5f47178cd7dae7879c5 * ban04.bak(top_08.bak,content) : bd2d599ab51f9068d8c8eccadaca103d * operating_system.rb : Varies by infected PC * 1st loader : Varies by infected PC * secondary loader : Varies by infected PC * RokRAT : Varies by infected PC #threatintel#northkorea#cyberespionage… und 7 weitere 16. Okt. 2024, 04:30·Öffentlich 2Mal geteilt·3Mal favorisiert EntdeckenLive-Feeds -------------------------------------------------------------------------------- Mastodon ist der beste Zugang, um auf dem Laufenden zu bleiben. Du kannst jedem im Fediverse folgen und alles in chronologischer Reihenfolge sehen. Keine Algorithmen, Werbung oder Clickbaits vorhanden. Konto erstellenAnmelden -------------------------------------------------------------------------------- Über Zum Hochladen hereinziehen