{"vulnerability": "CVE-2023-31070", "sightings": [{"uuid": "709ef170-871b-4549-a4cc-5424d3d525be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31070", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3063", "content": "Cybersecurity News - Hackers Factory \n\n\n\u200aGitLab 'strongly recommends' patching max severity flaw ASAP\n\nhttps://www.bleepingcomputer.com/news/security/gitlab-strongly-recommends-patching-max-severity-flaw-asap/\n\n\u200aChinese hackers breach US critical infrastructure in stealthy attacks\n\nhttps://www.bleepingcomputer.com/news/security/chinese-hackers-breach-us-critical-infrastructure-in-stealthy-attacks/\n\n\u200aHackers target 1.5M WordPress sites with cookie consent plugin exploit\n\nhttps://www.bleepingcomputer.com/news/security/hackers-target-15m-wordpress-sites-with-cookie-consent-plugin-exploit/\n\n\u200aChinese-linked hackers target critical infrastructure in US and Guam\n\nhttps://cyberscoop.com/china-critical-infrastructure-volt-typhoon/\n\n\u200aMicrosoft: Windows issue causes file copying, saving failures\n\nhttps://www.bleepingcomputer.com/news/microsoft/microsoft-windows-issue-causes-file-copying-saving-failures/\n\n\u200aKimsuky \u2013 notorious North Korean\n\nhttps://security.packt.com/kimsuky-notorious-north-korean/\n\n\u200aThe US government sanctioned four entities and one individual for supporting cyber operations conducted by North Korea\n\nhttps://securityaffairs.com/146611/cyber-warfare-2/us-santioned-north-korea-entities.html\n\n\u200aAnnouncing the launch of GUAC v0.1\n\nhttp://security.googleblog.com/2023/05/announcing-launch-of-guac-v01.html\n\n\u200aWhat are the Common Security Challenges CISOs Face?\n\nhttps://gbhackers.com/security-challenges-cisos-face/\n\n\u200aFully Encrypted GuLoader Uses Google Drive to Download Payloads\n\nhttps://gbhackers.com/guloader-via-google-drive/\n\n\u200aApria Healthcare Hacked \u2013 Over 2M Users Data Exposed\n\nhttps://gbhackers.com/apria-healthcare-hacked/\n\nVSCode Security: Malicious Extensions - PII Exposed, and Backdoors Enabled\n\nhttps://blog.checkpoint.com/securing-the-cloud/malicious-vscode-extensions-with-more-than-45k-downloads-steal-pii-and-enable-backdoors\n\nThe Fuzzing Guide to the Galaxy: An Attempt with Android System Services\n\nhttps://blog.thalium.re/posts/fuzzing-samsung-system-services\n\nCVE-2023-31070: Broadcom BCM47xx SDK EMF slab-out-of-bounds write\n\nhttps://bugprove.com/knowledge-hub/cve-2023-31070-broadcom-bcm-47xx-sdk-emf-slab-out-of-bounds-write\n\nUpdates to Legion: A Cloud Credential Harvester and SMTP Hijacker\n\nhttps://www.cadosecurity.com/updates-to-legion-a-cloud-credential-harvester-and-smtp-hijacker\n\n\u200aBe Cyber-Vigilant on Your Cruise with These Cyber Security Tips\n\nhttps://latesthackingnews.com/2023/05/25/be-cyber-vigilant-on-your-cruise-with-these-cyber-security-tips/\n\n\u200aNew Buhti ransomware gang uses leaked Windows, Linux encryptors\n\nhttps://www.bleepingcomputer.com/news/security/new-buhti-ransomware-gang-uses-leaked-windows-linux-encryptors/\n\n\u200a\u2018Operation Magalenha\u2019 targets credentials of 30 Portuguese banks\n\nhttps://www.bleepingcomputer.com/news/security/operation-magalenha-targets-credentials-of-30-portuguese-banks/\n\n\u200aChatGPT is down worldwide - OpenAI confirms issues\n\nhttps://www.bleepingcomputer.com/news/technology/chatgpt-is-down-worldwide-openai-confirms-issues/\n\n\u200aABB Hack \u2013 Attackers Dropped Ransomware on IT Systems\n\nhttps://cybersecuritynews.com/abb-hack/\n\n\u200aWireshark 4.0.6 Released \u2013 Fix for 9 vulnerabilities\n\nhttps://gbhackers.com/wireshark-4-0-6/\n\n#cybersecurity #infosec\n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-05-25T16:15:42.000000Z"}, {"uuid": "55124f41-fcb0-46b1-8fea-cf67463b5ee5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-31070", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8362", "content": "#exploit\n1. CVE-2023-2859:\nStored HTML injection in folderName affecting Admin in TeamPass <3.0.9\nhttps://github.com/mnqazi/CVE-2023-2859\n\n2. CVE-2023-20869/CVE-2023-20870:\nVMWare Stack-based Overflow/Uninitialized Variable Info Leak\nhttps://www.zerodayinitiative.com/blog/2023/5/17/cve-2023-2086920870-exploiting-vmware-workstation-at-pwn2own-vancouver\n\n3. CVE-2023-31070:\nBroadcom BCM47xx SDK EMF slab-out-of-bounds write\nhttps://bugprove.com/knowledge-hub/cve-2023-31070-broadcom-bcm-47xx-sdk-emf-slab-out-of-bounds-write", "creation_timestamp": "2023-05-25T12:49:50.000000Z"}]}