Backdoor.Win32.Shark.btu / Insecure Permissions

Read Time:19 Second

Posted by malvuln on Jun 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/5a83f8b8c8a8b7a85b3ff632aa60e793.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Shark.btu
Vulnerability: Insecure Permissions
Description: The malware writes multiple PE files to c drive granting
change (C) permissions to the authenticated user group. Standard users can
rename the executable…

Read More

Yashma Ransomware Builder v1.2 / Insecure Permissions

Read Time:19 Second

Posted by malvuln on Jun 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/13e878ed7e547523cffc5728f6ba4190.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Yashma Ransomware Builder v1.2
Vulnerability: Insecure Permissions
Description: The malware creates PE files with insecure permissions when
writing to c: drive, granting change (C) permissions to the authenticated
user group. Standard…

Read More

AnyDesk Public Exploit Disclosure – Arbitrary file write by symbolic link attack lead to denial-of-service attack on local machine

Read Time:24 Second

Posted by chan chan on Jun 27

Hi FullDisclosure,

I would like to publish an exploit that I found on AnyDesk as follows.

# Exploit Title: AnyDesk allow arbitrary file write by symbolic link
attack lead to denial-of-service attack on local machine
# Google Dork: [if applicable]
# Date: 24/5/2022
# Exploit Author: Erwin Chan
# Vendor Homepage: https://anydesk.com/en
# Software Link: https://anydesk.com/en
# Version: 7.0.9
# Tested on: Windows 11

It was found that AnyDesk…

Read More

SEC-T CFP ongoing

Read Time:27 Second

Posted by Mattias Bååth via Fulldisclosure on Jun 27

Hey all

It’s now less than two weeks to submit a talk to SEC-T 2022, at least if
you want to be part of the first talk selection round (recommended) that
we kick off July first.

SEC-T is non-profit, non-corporate, two day, single track, con in
Stockholm, Sweden. We pay travel, accommodation and an honorary to all
speakers.

If you have something fun you’d like to present, send us a submission
before July 1st… or at least before…

Read More

CFP No cON Name 2022 – Barcelona

Read Time:19 Second

Posted by Jose Nicolas Castellano via Fulldisclosure on Jun 27

No cON Name 2022 – Barcelona

************************************
*****  Call For Papers        ******
************************************

https://www.noconname.org/call-for-papers/

Exact place not disclosed until a few weeks before due celebration.

    * INTRODUCTION
The organization has  opened CFP proposals. No cON Name is the eldest
Hacking
and Security Conference in Span. Our goal is to get highly qualified
requests
for…

Read More