Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs

From bleepingcomputer.com

Today is Microsoft’s March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws.

This Patch Tuesday fixes only two critical vulnerabilities: Hyper-V remote code execution and denial of service flaws.

The number of bugs in each vulnerability category is listed below

  • 24 Elevation of Privilege Vulnerabilities
  • 3 Security Feature Bypass Vulnerabilities
  • 18 Remote Code Execution Vulnerabilities
  • 6 Information Disclosure Vulnerabilities
  • 6 Denial of Service Vulnerabilities
  • 2 Spoofing Vulnerabilities

The total count of 60 flaws does not include 4 Microsoft Edge flaws fixed on March 7th.

Furthermore, Microsoft did not disclose any zero-days as part of today’s Patch Tuesday updates.

To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5035853 update and the Windows 10 KB5035845 update.

Read more…

MobSF: Open-source security research platform for mobile apps

From helpnetsecurity.com

The Mobile Security Framework (MobSF) is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile.

MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and privacy evaluation. The Static Analyzer is adept at handling popular mobile app binaries such as APK, IPA, APPX, and source code. The Dynamic Analyzer is compatible with Android and iOS applications, providing a platform for instrumented testing that includes real-time data and network traffic analysis.

MobSF integrates into DevSecOps or CI/CD pipelines facilitated by REST APIs and CLI tools, enhancing your security workflow.

Read more…

Hackers Abuse Amazon & GitHub To Deploy Java-Based Malware

From gbhackers.com

Hackers target these platforms due to their hosting of valuable resources and data.

For financial gain or some other bad motive, the hackers intrude on these platforms to steal data, deploy malicious software, or launch other cyber attacks.

Cybersecurity analysts at FortiGuard Labs uncovered that hackers actively abuse Amazon and GitHub to deploy Java-based malware.

Read more…

RESEARCHERS FOUND MULTIPLE FLAWS IN CHATGPT PLUGINS

From securityaffairs.com

Researchers from Salt Security discovered three types of vulnerabilities in ChatGPT plugins that can be could have led to data exposure and account takeovers.

ChatGPT plugins are additional tools or extensions that can be integrated with ChatGPT to extend its functionalities or enhance specific aspects of the user experience. These plugins may include new natural language processing features, search capabilities, integrations with other services or platforms, text analysis tools, and more. Essentially, plugins allow users to customize and tailor the ChatGPT experience to their specific needs.

Plugins can allow users to interact with third-party services such as Github, Google Drive, and Saleforce.

By using plugins, users authorize ChatGPT to transmit sensitive data to third-party services. In some cases, this involves granting access to their private accounts on platforms they need to interact with

Read more…

WinSOS – Harnessing Trusted Binaries For Stealthy DLL Hijacking

From kalilinuxtutorials.com

WinSOS represents a sophisticated technique that turns the Windows operating system’s own features against it.

By manipulating executables in the WinSxS folder, a component trusted by Windows, attackers can discreetly execute malicious code.

This method, building on DLL Search Order Hijacking, does not require elevated privileges, making it a stealthy approach for infiltrating Windows 10 and 11 systems.

It stands out for its ability to bypass traditional defense mechanisms, leveraging the inherent trust in system binaries to conceal malicious activities.

This technique utilizes executables within the WinSxS folder, commonly trusted by Windows, to exploit the classic DLL Search Order Hijacking method.

Read more…

Awesome Hacking – An Amazing Project : The Ultimate Resource Guide For Cybersecurity Exploration

From kalilinuxtutorials.com

A curated list of awesome Hacking. Inspired by awesome-machine-learning

If you want to contribute to this list (please do), send me a pull request!

For a list of free hacking books available for download, go here

Table Of Contents

  • System
    • Tutorials
    • Tools
    • Docker
    • General
  • Reverse Engineering
    • Tutorials
    • Tools
    • General
  • Web
    • Tools
    • General
  • Network
    • Tools
  • Forensic
    • Tools
  • Cryptography
    • Tools
  • Wargame
    • System
    • Reverse Engineering
    • Web
    • Cryptography
    • Bug bounty
  • CTF
    • Competition
    • General
  • OS
    • Online resources
  • Post exploitation
    • tools
  • ETC

Read more…