WordPress ASE Plugin Vulnerability: A Critical Threat to Site Security - https://www.redpacketsecurity.com/wordpress-ase-plugin-vulnerability-threatens-site-security/

#threatintel #WordPress #vulnerability #privilege_escalation

New Windows driver signature bypass allows kernel rootkit installs
https://www.bleepingcomputer.com/news/security/new-windows-driver-signature-bypass-allows-kernel-rootkit-installs/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #Downgrade_Attack #Elevation_of_Privileges #Privilege_Escalation #Rootkit #Security_Bypass #Windows #virus_removal #malware_removal #computer_help #technical_support

New Windows Driver Signature bypass allows kernel rootkit installs
https://www.bleepingcomputer.com/news/security/new-windows-driver-signature-bypass-allows-kernel-rootkit-installs/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #Downgrade_Attack #Elevation_of_Privileges #Privilege_Escalation #Rootkit #Security_Bypass #Windows #virus_removal #malware_removal #computer_help #technical_support

Cybersecurity experts have uncovered a significant vulnerability named ConfusedFunction in Google Cloud Platform's Cloud Functions service. This issue allows attackers to elevate their privileges, potentially accessing various services and sensitive data without authorization. When a Cloud Function is created or updated, a Cloud Build service account is automatically generated and linked to a Cloud Build instance. This service account possesses extensive permissions, which, if misused, can lead to unauthorized access to Cloud Storage, Artifact Registry, and Container Registry among others. Google has addressed this by changing the default behavior to use the Compute Engine default service account instead, though this does not retroactively apply to existing instances. Despite this fix, the deployment of a Cloud Function still necessitates assigning certain permissions to the Cloud Build service account, highlighting ongoing concerns about software complexity and inter-service communication in cloud environments.

https://www.tenable.com/blog/confusedfunction-a-privilege-escalation-vulnerability-impacting-gcp-cloud-functions

#cybersecurity #google #googlecloud #vulnerability #privilege_escalation #confusedfunction #cloudfunction #cloudstorage #cloudbuild #cloud #tenable

The Apache Software Foundation recently announced several critical vulnerabilities in the Apache HTTP Server that pose significant risks to millions of websites. These vulnerabilities, could lead to serious issues such as unauthorized access to source code, server-side request forgery (SSRF), and denial of service (DoS) attacks. Specific vulnerabilities include issues with mod_http2, privilege escalation from modules' scripts, and problems related to mod_auth_digest among others. It's crucial for users to update to Apache HTTP Server 2.4.39 or later to mitigate these risks.

https://httpd.apache.org/security/vulnerabilities_24.html

#cybersecurity #apache #vulnerabilities #apachehttpserver #http #server #ssrf #DoS #attack #privilege_escalation #update

New Linux glibc flaw lets attackers get root on major distros
https://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #Debian #Fedora #glibc #Linux #Local_Privilege_Escalation #Privilege_Escalation #Root #Ubuntu #virus_removal #malware_removal #computer_help #technical_support

Windows Privilege Escalation For OSCP and beyond (Cheat Sheet)

#windows #pentest #privilege_escalation #cheatsheet

https://medium.com/@kuwaitison/windows-privilege-escalation-for-oscp-and-beyond-cheat-sheet-b2c4a025dc6c

PEASS-ng - Privilege Escalation Awesome Scripts SUITE new generation

#infosec #pentest #security #privilege_escalation #tool

Here you will find privilege escalation tools for Windows and Linux/Unix* and MacOS.

These tools search for possible local privilege escalation paths that you could exploit and print them to you with nice colors so you can recognize the misconfigurations easily.

Check the Local Windows Privilege Escalation checklist from book.hacktricks.xyz (https://book.hacktricks.xyz/windows/checklist-windows-privilege-escalation)

WinPEAS - Windows local Privilege Escalation Awesome Script (C#.exe and .bat) (https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS)

Check the Local Linux Privilege Escalation checklist from book.hacktricks.xyz (https://book.hacktricks.xyz/linux-unix/linux-privilege-escalation-checklist)

LinPEAS - Linux local Privilege Escalation Awesome Script (.sh) (https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS)