infosec.exchange Open in urlscan Pro
2a04:4e42:400::820  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Mastodon
Create accountLogin

RECENT SEARCHES

No recent searches

SEARCH OPTIONS

Only available when logged in.
infosec.exchange is one of the many independent Mastodon servers you can use to
participate in the fediverse.

A Mastodon instance for info/cyber security-minded people.

ADMINISTERED BY:

Merry Jerry ️ @jerry

SERVER STATS:

14K
active users


infosec.exchange: About · Profiles directory · Privacy policy

Mastodon: About · Get the app · Keyboard shortcuts · View source code ·
v4.4.0-alpha.1+glitch


POSTS AND REPLIES




Not Simon @screaminggoat
ENFeatures an attached preview cardPublic

Microsoft Security Response Center (MSRC) security advisories:

 * CVE-2024-38208 [msrc.microsoft.com] (6.1 medium) Microsoft Edge for Android
   Spoofing Vulnerability (Note: Unknown if publicly disclosed since it's not
   populated)
 * CVE-2024-38209 [msrc.microsoft.com] (7.8 high) Microsoft Edge
   (Chromium-based) Remote Code Execution Vulnerability
 * CVE-2024-38210 [msrc.microsoft.com] (7.8 high) Microsoft Edge
   (Chromium-based) Remote Code Execution Vulnerability
 * CVE-2024-41879 [msrc.microsoft.com] (score pending) Adobe: CVE-2024-41879
   Adobe PDF Viewer Remote Code Execution Vulnerability
 * CVE-2024-43477 [msrc.microsoft.com] (7.5 high) Entra ID Elevation of
   Privilege Vulnerability (Note: The vulnerability documented by this CVE
   requires no customer action to resolve)
 * CVE-2024-7971 [msrc.microsoft.com] Chromium: CVE-2024-7971 Type confusion in
   V8
   * Google is aware that an exploit for CVE-2024-7971 exists in the wild.
 * CVE-2024-38178 [msrc.microsoft.com] (7.5 high, disclosed 13 August 2024 as an
   exploited zero-day) Scripting Engine Memory Corruption Vulnerability (updated
   the acknowledgements only)

Notes:

 * Microsoft Edge has been updated to version 128.0.2739.42, which is based on
   Chromium version 128.0.6613.84/.85. This includes patching against the
   actively exploited zero-day CVE-2024-7971.
 * Besides CVE-2024-7971, I skipped mentioning 19 other vulnerabilities that
   Google publicly announced yesterday [chromereleases.googleblog.com].
 * It's worth noting that Microsoft credited AhnLab and National Cyber Security
   Center (NCSC), Republic of Korea for reporting CVE-2024-38178. AhnLab
   Security Emergency Response Center (ASEC) has historically tracked various
   North Korean state-sponsored APTs such as Kimsuky, Reaper (Scarcruft),
   Andariel, and Lazarus. This is speculation but it's likely that
   CVE-2024-38178 was exploited by North Korean APTs, even though it's not their
   usual flavor of zero-day vulnerabilities (Bring Your Own Vulnerable Driver).


msrc.microsoft.comSecurity Update Guide - Microsoft Security Response Center
#Microsoft#MSRC#vulnerability…and 12 more

Aug 22

Not Simon @screaminggoat
ENThis toot is a replyFeatures an attached preview cardPublic

anyone read Korean? ASEC: ASEC and NCSC Release Joint Report on Microsoft
Zero-Day Browser Vulnerability (CVE-2024-38178) [asec.ahnlab.com]
See parent toot for information on CVE-2024-38178. AhnLab SEcurity intelligence
Center (ASEC) and Korea's National Cyber Security Center (NCSC) published a
joint report "Operation Code on Toast by TA-RedAnt" confirming that the DPRK
actor known as Scarcruft (APT37) exploited CVE-2024-38178 as a zero-day:

 * This operation exploited a zero-day vulnerability in IE to utilize a specific
   toast ad program that is installed alongside various free software.
 * TA-RedAnt first attacked the Korean online advertising agency server for ad
   programs to download ad content. They then injected vulnerability code into
   the server’s ad content script. This vulnerability is exploited when the ad
   program downloads and renders the ad content. As a result, a zero-click
   attack occurred without any interaction from the user.
 * This vulnerability occurs when one type of data is mistakenly treated as
   another during the optimization process of IE’s JavaScript engine
   (jscript9.dll), allowing type confusion to occur. TA-RedAnt exploited this
   vulnerability to trick victims into downloading malware on their desktops
   with the toast ad program installed. After infecting the system, various
   malicious behaviors can be performed, such as remote commands.


ASEC · Oct 15ASEC and NCSC Release Joint Report on Microsoft Zero-Day Browser
Vulnerability (CVE-2024-38178) - ASECAhnLab SEcurity intelligence Center (ASEC)
and the National Cyber Security Center (NCSC) have discovered a new zero-day
vulnerability in the Microsoft Internet Explorer (IE) browser and have conducted
a detailed analysis on attacks that exploit this vulnerability. This post shares
the joint analysis report “Operation Code on Toast by TA-RedAnt” which details
the findings of […]
#northkorea#apt#scarcruft…and 11 more

Oct 15

Not Simon @screaminggoat@infosec.exchange

Scarcruft/APT37 Indicators of Compromise:

 * ad_toast : e11bb2478930d0b5f6c473464f2a2B6e
 * 43 : b9d4702c1b72659f486259520f48b483
 * 23 : b18a8ea838b6760f4857843cafe5717d
 * MOVE : da2a5353400bd5f47178cd7dae7879c5
 * ban04.bak(top_08.bak,content) : bd2d599ab51f9068d8c8eccadaca103d
 * operating_system.rb : Varies by infected PC
 * 1st loader : Varies by infected PC
 * secondary loader : Varies by infected PC
 * RokRAT : Varies by infected PC

#threatintel#northkorea#cyberespionage…and 7 more
Oct 15, 2024, 07:30 PM·Public
1boost·3favorites

ExploreLive feeds

--------------------------------------------------------------------------------

Mastodon is the best way to keep up with what's happening.

Follow anyone across the fediverse and see it all in chronological order. No
algorithms, ads, or clickbait in sight.

Create accountLogin

--------------------------------------------------------------------------------

About





Drag & drop to upload