According to the tag cve, the following results have been found:
Attacks using the long-patched WinRAR vulnerability remain relevant for many companies. Let's figure out how a typical attack works, how attackers bypass antivirus software, what to do for protection. And, of course, we will try to conduct a typical attack ourselves.
On September 10, Microsoft released another set of updates, fixing 79 vulnerabilities in various products. Our attention was drawn to patches for Microsoft SharePoint — an extensive system with site management features. Of the five vulnerabilities included in the September release, four allowed the execution of external code, one created a DoS threat. We chose CVE-2024-38227 for analysis — an RCE vulnerability of a privileged user. For us, such research is an opportunity to study Microsoft SharePoint itself and understand the current theory of its exploitation.
Trentechix, hello! I am Alexander Leonov, a leading expert at the PT Expert Security Center laboratory. Every month, my team of analysts at Positive Technologies researches information about vulnerabilities from vendor databases and security bulletins, social networks, blogs, telegram channels, exploit databases, public code repositories, and identifies trending vulnerabilities in all this diversity. These are the vulnerabilities that are either already being exploited live or may start being exploited in the near future.
It is no secret that bug hunting is gaining popularity every year, attracting the attention of both companies seeking to improve the security of their products and white hackers who want to apply their technical skills and earn money by finding vulnerabilities. More and more companies are creating their own bug bounty programs, some are integrating into existing platforms.
On August 21, the Chrome browser received an update that fixed 37 security-related bugs. The attention of researchers around the world was drawn to the vulnerability CVE-2024-7965, described as an incorrect implementation in V8. In practice, this means the possibility of RCE in the browser renderer, which opens up space for further exploitation. Researchers' interest increased even more when on August 26, Google reported the use of CVE-2024-7965 "in the wild".
tekkix, hello! I am Alexander Leonov, leading expert of the PT Expert Security Center laboratory. Every month, my team of analysts at Positive Technologies researches information about vulnerabilities from vendor security databases and bulletins, social networks, blogs, telegram channels, exploit databases, and public code repositories, identifying trending vulnerabilities in all this diversity. These are the vulnerabilities that are either already being exploited or may be exploited in the near future.