#privilege-escalation

[ follow ]
#cybersecurity

Zero Day Initiative - Abusing Arbitrary File Deletes to Escalate Privilege and Other Great Tricks (Archive)

Arbitrary file deletes can be exploited for privilege escalation in Windows, contrary to initial perceptions that they are low-impact exploits.

Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters

Microsoft Azure Kubernetes Services had a privilege escalation flaw allowing attacker access to cluster secrets.
The attack leveraged a component called Azure WireServer to obtain sensitive credentials.

Kerberoasting: A Gateway to Privilege Escalation in Enterprise Networks | HackerNoon

Kerberoasting is a significant threat leveraging vulnerabilities in Kerberos authentication, requiring awareness and stronger security measures from companies.

Google Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIs

Cybersecurity researchers discovered a vulnerability in Google Workspace that could allow unwanted access to Workspace APIs.
The vulnerability allows attackers to use privilege escalation to gain access that would otherwise only be available to Super Admins.

Zero Day Initiative - Abusing Arbitrary File Deletes to Escalate Privilege and Other Great Tricks (Archive)

Arbitrary file deletes can be exploited for privilege escalation in Windows, contrary to initial perceptions that they are low-impact exploits.

Researchers Uncover TLS Bootstrap Attack on Azure Kubernetes Clusters

Microsoft Azure Kubernetes Services had a privilege escalation flaw allowing attacker access to cluster secrets.
The attack leveraged a component called Azure WireServer to obtain sensitive credentials.

Kerberoasting: A Gateway to Privilege Escalation in Enterprise Networks | HackerNoon

Kerberoasting is a significant threat leveraging vulnerabilities in Kerberos authentication, requiring awareness and stronger security measures from companies.

Google Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIs

Cybersecurity researchers discovered a vulnerability in Google Workspace that could allow unwanted access to Workspace APIs.
The vulnerability allows attackers to use privilege escalation to gain access that would otherwise only be available to Super Admins.
morecybersecurity
#vulnerability

More details on that Windows Installer 'make me admin' hole

Microsoft's Patch Tuesday revealed a critical flaw in Windows Installer that can allow privilege escalation to SYSTEM level, necessitating immediate action.

Federal agency warns critical Linux vulnerability being actively exploited

CISA added a critical Linux security bug, CVE-2024-1086, actively exploited, granting privilege escalation through a use-after-free vulnerability in Linux kernel versions 5.14-6.6.

More details on that Windows Installer 'make me admin' hole

Microsoft's Patch Tuesday revealed a critical flaw in Windows Installer that can allow privilege escalation to SYSTEM level, necessitating immediate action.

Federal agency warns critical Linux vulnerability being actively exploited

CISA added a critical Linux security bug, CVE-2024-1086, actively exploited, granting privilege escalation through a use-after-free vulnerability in Linux kernel versions 5.14-6.6.
morevulnerability
#vulnerabilities

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Microsoft is addressing two vulnerabilities allowing downgrade attacks on Windows update architecture.
The vulnerabilities, discovered by SafeBreach Labs researcher Alon Leviev, could lead to privilege escalation and security flaw reintroduction.
A tool called Windows Downdate can exploit the vulnerabilities to make fully patched Windows systems vulnerable to past exploits.

Four critical bugs in ArubaOS lead to remote code execution

Network admins should patch critical vulnerabilities in ArubaOS immediately to avoid remote code execution by privilege escalation.

Windows Downgrade Attack Risks Exposing Patched Systems to Old Vulnerabilities

Microsoft is addressing two vulnerabilities allowing downgrade attacks on Windows update architecture.
The vulnerabilities, discovered by SafeBreach Labs researcher Alon Leviev, could lead to privilege escalation and security flaw reintroduction.
A tool called Windows Downdate can exploit the vulnerabilities to make fully patched Windows systems vulnerable to past exploits.

Four critical bugs in ArubaOS lead to remote code execution

Network admins should patch critical vulnerabilities in ArubaOS immediately to avoid remote code execution by privilege escalation.
morevulnerabilities

Zero Day Initiative - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2

ESET Smart Security's ekrn.exe can be exploited due to handling of file operation permissions, potentially leading to privilege escalation.

Zero Day Initiative - Breaking Barriers and Assumptions: Techniques for Privilege Escalation on Windows: Part 2

Escalating privileges through file deletion and symbolic link creation in ESET Smart Security's ekrn.exe service.
#security-vulnerability

Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

A vulnerability named ConfusedFunction allows attackers to escalate privileges in Google Cloud Functions and access unauthorized data.
Google has updated Cloud Build to prevent misuse post-responsible disclosure.

Zoom stomps critical privilege escalation bug, 6 other flaws

Zoom has revealed a critical privilege escalation vulnerability in its products that could allow unauthenticated users to gain higher privileges.
The company has released updates to patch the vulnerability, along with other medium-severity issues.

Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

A vulnerability named ConfusedFunction allows attackers to escalate privileges in Google Cloud Functions and access unauthorized data.
Google has updated Cloud Build to prevent misuse post-responsible disclosure.

Zoom stomps critical privilege escalation bug, 6 other flaws

Zoom has revealed a critical privilege escalation vulnerability in its products that could allow unauthenticated users to gain higher privileges.
The company has released updates to patch the vulnerability, along with other medium-severity issues.
moresecurity-vulnerability

Zero Day Initiative - CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/Deletion Vulnerability

Privilege escalation vulnerability in .NET Framework and Visual Studio patched
Exploitation leads to remote file manipulation in the context of the FTP server
[ Load more ]