Posted by malvuln on Jun 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/5a83f8b8c8a8b7a85b3ff632aa60e793.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Shark.btu
Vulnerability: Insecure Permissions
Description: The malware writes multiple PE files to c drive granting
change (C) permissions to the authenticated user group. Standard users can
rename the executable…

Read More

Posted by malvuln on Jun 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/13e878ed7e547523cffc5728f6ba4190.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Yashma Ransomware Builder v1.2
Vulnerability: Insecure Permissions
Description: The malware creates PE files with insecure permissions when
writing to c: drive, granting change (C) permissions to the authenticated
user group. Standard…

Read More

Posted by chan chan on Jun 27

Hi FullDisclosure,

I would like to publish an exploit that I found on AnyDesk as follows.

# Exploit Title: AnyDesk allow arbitrary file write by symbolic link
attack lead to denial-of-service attack on local machine
# Google Dork: [if applicable]
# Date: 24/5/2022
# Exploit Author: Erwin Chan
# Vendor Homepage: https://anydesk.com/en
# Software Link: https://anydesk.com/en
# Version: 7.0.9
# Tested on: Windows 11

It was found that AnyDesk…

Read More

Posted by Mattias Bååth via Fulldisclosure on Jun 27

Hey all

It’s now less than two weeks to submit a talk to SEC-T 2022, at least if
you want to be part of the first talk selection round (recommended) that
we kick off July first.

SEC-T is non-profit, non-corporate, two day, single track, con in
Stockholm, Sweden. We pay travel, accommodation and an honorary to all
speakers.

If you have something fun you’d like to present, send us a submission
before July 1st… or at least before…

Read More

Posted by Jose Nicolas Castellano via Fulldisclosure on Jun 27

No cON Name 2022 – Barcelona

************************************
*****  Call For Papers        ******
************************************

https://www.noconname.org/call-for-papers/

Exact place not disclosed until a few weeks before due celebration.

    * INTRODUCTION
The organization has  opened CFP proposals. No cON Name is the eldest
Hacking
and Security Conference in Span. Our goal is to get highly qualified
requests
for…

Read More

FEDORA-2022-cd37732349

Packages in this update:

dotnet3.1-3.1.420-1.fc35

Update description:

This is the June 2022 monthly update for .NET Core 3.1. It updates the SDK to version 3.1.420 and Runtime to 3.1.26

It includes fixes for CVE-2022-30184

Upstream release notes for .NET Core 3.1.26: https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.26/3.1.26.md

Read More

FEDORA-2022-5508547b1e

Packages in this update:

dotnet3.1-3.1.420-1.fc36

Update description:

This is the June 2022 monthly update for .NET Core 3.1. It updates the SDK to version 3.1.420 and Runtime to 3.1.26

It includes fixes for CVE-2022-30184

Upstream release notes for .NET Core 3.1.26: https://github.com/dotnet/core/blob/main/release-notes/3.1/3.1.26/3.1.26.md

Read More