All posts in Uncategorized

■■■■■ CVE-2020-24227: Playground Sessions for Windows, stores the user credentials in plain text allowing anyone with access to C:\Users\AppData\Roaming\Playground\Local Store#SharedObjects\Playground.swf\UserProfiles.sol to extract the email and password. https://github.com/nathunandwani/CVE-2020-24227 | #0day #zeroday https://t.me/cKure/6135

■■□□□ Vulnerabilities in Checkpoint , ICA Management Tool. https://swarm.ptsecurity.com/vulnerabilities-in-checkpoint-ica-management-tool/ https://t.me/cKure/6134

■□□□□ Multiple actors are attempting to exploit MobileIron vulnerability CVE 2020-1550. https://www.ncsc.gov.uk/news/alert-multiple-actors-attempt-exploit-mobileiron-vulnerability https://t.me/cKure/6133

■■■■□ Tangalanga: the Zoom conference scanner hacking tool. https://github.com/elcuervo/tangalanga https://t.me/cKure/6132

■■□□□ Security researcher accidentally discovers Windows 7 and Windows Server 2008 #zeroday. https://www.zdnet.com/google-amp/article/security-researcher-accidentally-discloses-windows-7-and-windows-server-2008-zero-day/ | #0day https://t.me/cKure/6130

■■□□□ #DataLeak: Hackers accidentally expose Spotify user data they stole. https://www.cnet.com/news/hoard-of-spotify-user-data-exposed-by-hackers-careless-security-practices/ https://t.me/cKure/6129

■□□□□ Laser-Based Hacking from Afar Goes Beyond Amazon Alexa. https://threatpost.com/light-based-attacks-digital-home/161583/ https://t.me/cKure/6127

■■■■□ #DataLeak: Passwords exposed for almost 50,000 vulnerable Fortinet VPNs. https://www.bleepingcomputer.com/news/security/passwords-exposed-for-almost-50-000-vulnerable-fortinet-vpns/ https://t.me/cKure/6126

■■□□□ Credential and source code disclosure. https://hackerone.com/reports/898522 https://t.me/cKure/6125

■■■□□ #Privacy: Baidu’s Android Apps Caught Collecting and Leaking Sensitive User Data. https://thehackernews.com/2020/11/baidus-android-apps-caught-collecting.html https://t.me/cKure/6124