Report

📰 Week in Overview(25 Jun- 2 July)

📰 Week in Overview(25 Jun- 2 July)

Technical Summary: 🚨 Vulnerabilities by Activity CVE-2023-20864 A critical vulnerability (CVE-2023-20864) has been identified in VMware Aria Operations for Logs, potentially leading to remote code execution. This vulnerability could be exploited by attackers to compromise the integrity and confidentiality of affected systems. VMware has released security patches to address this issue, and it is strongly

More

ProxiTok: Tiktok Security Concerns

Technical Summary TikTok, the popular social media platform, has faced significant privacy concerns due to several factors highlighted in various reports, including the Reuters article from March 2023. This technical summary delves into the key technical aspects that contribute to these privacy issues. In recent years, TikTok has taken the world by storm, captivating millions

More
3CX In The Wild

3CX In The Wild

Executive Summary On March 29, 2023, CrowdStrike and SentinelOne both reported on a supply chain attack involving 3CXDesktopApp, a multi-platform desktop application that enables users to communicate via chat, messaging, video, and voice. The attack was initiated by a threat actor believed to be affiliated with the Lazarus Group, who was able to insert arbitrary

More
CVE-2023-23397: New Outlook Vulnerability Can Steal Your NTLM Hash with Zero Click

CVE-2023-23397: New Outlook Vulnerability Can Steal Your NTLM Hash with Zero Click

Executive Summary Microsoft recently released patches for approximately 80 newly discovered security vulnerabilities on March 14, 2023 . Among these vulnerabilities are two zero-day vulnerabilities, CVE-2023-23397 and CVE-2023-24880 . The severity of these two exploits was rated using the Common Vulnerability Scoring System (CVSS), with scores of 9.8 and 5.1, respectively. In addition to the

More