Explore >> Select a destination
|
You are here 
|
eligrey.com | ||
| | | | |
m417z.com
|
|
| | | | | This is a write-up of a vulnerability that I discovered in Windows. The vulnerability was patched in December's Patch Tuesday, and the CVE assigned to it is CVE-2023-36003. The vulnerability allows a non-elevated process to inject a DLL into an elevated or otherwise inaccessible process, allowing for privilege escalation. The vulnerability is caused by a lack of security checks in the InitializeXamlDiagnosticsEx API, which is used for inspecting applications that use Extensible Application Markup Language (XAML) for their UI. XAML is the recommended way to build user interfaces in new Windows applications, and is used by more and more built-in applications, including Task Manager and Windows Terminal. | |
| | | | |
malgregator.com
|
|
| | | | | Dutch security researcher Victor Gevers found misconfigured MongoDB database containing facial recognition and other sensitive information about the Uyghur Muslim minority in China. Looks like the company behind the database is Chinese surveillance company SenseNets. | |
| | | | |
blog.netlab.360.com
|
|
| | | | | The Log4j vulnerability that came to light at the end of the year can undoubtedly be considered a major event in the security community. Honeypot and botnet are our bread and butter, and we have been concerned about which botnets would be exploiting this since the vulnerability was made public. | |
| | | | |
www.redapt.com
|
|
| | | Discover how to safeguard your organization by identifying and addressing blind spots in your security architecture. Learn about common vulnerabilities, their potential consequences, and practical tips for enhancing your cybersecurity strategy. Read on to fortify your defenses and stay ahead of threats. | ||
