Explore >> Select a destination
|
You are here 
|
www.kandji.io | ||
| | | | |
m417z.com
|
|
| | | | | This is a write-up of a vulnerability that I discovered in Windows. The vulnerability was patched in December's Patch Tuesday, and the CVE assigned to it is CVE-2023-36003. The vulnerability allows a non-elevated process to inject a DLL into an elevated or otherwise inaccessible process, allowing for privilege escalation. The vulnerability is caused by a lack of security checks in the InitializeXamlDiagnosticsEx API, which is used for inspecting applications that use Extensible Application Markup Language (XAML) for their UI. XAML is the recommended way to build user interfaces in new Windows applications, and is used by more and more built-in applications, including Task Manager and Windows Terminal. | |
| | | | |
knight.sc
|
|
| | | | | With the release of macOS Catalina in October, Apple rolled out a set of interesting new features collectively called System Extensions. System Extensions are a set of user space frameworks encouraging developers who currently maintain and ship kernel extensions to move their features to user space for increased security and stability. One of these new frameworks is the Endpoint Security framework. As a security researcher this framework is of special interest. It's intended to provide a public and stabl... | |
| | | | |
claroty.com
|
|
| | | | | Team82 uncovered eight vulnerabilities that not only bypassed the authentication and authorization features in Unitronics UniStream PLCs, but also were able to chain to gain remote code execution on the device. | |
| | | | |
www.redapt.com
|
|
| | | Discover how to safeguard your organization by identifying and addressing blind spots in your security architecture. Learn about common vulnerabilities, their potential consequences, and practical tips for enhancing your cybersecurity strategy. Read on to fortify your defenses and stay ahead of threats. | ||
