{"uuid": "665a684d-7be5-43eb-98f1-47daaedc8582", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-32947", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/367", "content": "Top Security News for 18/09/2023\n\nAccount Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation\nhttps://www.reddit.com/r/netsec/comments/16l167p/account_takeover_in_canvas_apps_served_in_comet/ \n\nCVE-2022-32947: macOS GPU-launched kernel privilege escalation exploit (walkthrough slides + demo)\nhttps://www.reddit.com/r/netsec/comments/16kwvfl/cve202232947_macos_gpulaunched_kernel_privilege/ \n\nTickling ksmbd: fuzzing SMB in the Linux kernel\nhttps://www.reddit.com/r/netsec/comments/16kvckv/tickling_ksmbd_fuzzing_smb_in_the_linux_kernel/ \n\nISC Stormcast For Monday, September 18th, 2023 https://isc.sans.edu/podcastdetail/8662, (Mon, Sep 18th)\nhttps://malware.news/t/isc-stormcast-for-monday-september-18th-2023-https-isc-sans-edu-podcastdetail-8662-mon-sep-18th/73542#post_1 \n\nFinancially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks\nhttps://thehackernews.com/2023/09/financially-motivated-unc3944-threat.html \n\nNorth Korea's Lazarus Group Suspected in $31 Million CoinEx Heist\nhttps://thehackernews.com/2023/09/north-koreas-lazarus-group-suspected-in.html \n\nAccount Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation\nhttps://www.reddit.com/r/netsec/comments/16l167p/account_takeover_in_canvas_apps_served_in_comet/ \n\nClop gang stolen data from major North Carolina hospitals\nhttps://securityaffairs.com/150949/cyber-crime/north-carolina-hospitals-data-breach.html \n\nA Practical Approach to SBOM in CI/CD. Presenting concept of SBOM, its advantages, popular formats and practical implementations for both Java and Python projects.\nhttps://www.reddit.com/r/netsec/comments/16l5vtu/a_practical_approach_to_sbom_in_cicd_presenting/ \n\nCVE-2023-34040 Spring Kafka Deserialization Remote Code Execution\nhttps://www.reddit.com/r/netsec/comments/16kvb77/cve202334040_spring_kafka_deserialization_remote/ \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2023-09-18T07:00:08.000000Z"}