0-day And Hitlist Week -02-21-2024- Free

: Updated versioning for productivity suites and niche creative tools. 🎯 The Hitlist: Curated Recommendations

This vulnerability allows a malicious container to escape to the host operating system by leveraging an internal file descriptor leak (specifically, "/proc/self/fd/7/"). If an attacker gains code execution inside a container, they can write to the host filesystem, leading to full node compromise. 0-day and Hitlist Week -02-21-2024-

Attackers are using CVE-2024-21893 as a gateway to deploy two specific web shells: DSLog and Ziplog . These shells have been observed harvesting credentials and pivoting to internal networks. : Updated versioning for productivity suites and niche

: High-speed uploads for Netflix and streaming series airing tonight. Expect 1080p and 4K rips to populate within five minutes of the 12:00 AM PST drop. Attackers are using CVE-2024-21893 as a gateway to

Exploit CVE-2024-21410 on an unpatched Exchange server exposed to the internet. Victim: A regional energy cooperative.

| Indicator Type | Value | Context | | :--- | :--- | :--- | | File Hash (Web Shell) | a3f1c8e2d4b5... | DSLog shell deployed via Ivanti CVE-2024-21893 | | Registry Key (Persistence) | HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OneDriveUpdate | Fake OneDrive updater from Exchange exploit | | Network Connection | 185.130.5.253:443 | C2 server hosting Play ransomware panel | | YARA Rule | rule_Storm_0949_webshell | Matches encoded payloads on Exchange servers | | PowerShell Command | powershell -enc SQBFAFgAIAAo... | Base64-encoded script to disable AMSI |