{"vulnerability": "CVE-2021-28655", "sightings": [{"uuid": "8eb41f62-ed3c-4722-ba61-1bd94637e64f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-28655", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2167", "content": "Cybersecurity news -\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06 #Pentesting \n\n\u200aPlay ransomware claims attack on German hotel chain H-Hotels\n\nhttps://www.bleepingcomputer.com/news/security/play-ransomware-claims-attack-on-german-hotel-chain-h-hotels/\n\n\u200aCVE-2021-28655: Apache Zeppelin arbitrary file deletion vulnerability\n\nhttps://securityonline.info/cve-2021-28655-apache-zeppelin-arbitrary-file-deletion/\n\n\u200aHavoc: modern and malleable post-exploitation command and control framework\n\nhttps://securityonline.info/havoc-modern-and-malleable-post-exploitation-command-and-control-framework/\n\n\u200aHacked Ring Cams Used to Record Swatting Victims\n\nhttps://krebsonsecurity.com/2022/12/hacked-ring-cams-used-to-record-swatting-victims/\n\nEDR evasion with hardware breakpoints\n\nhttps://cymulate.com/blog/blindside-a-new-technique-for-edr-evasion-with-hardware-breakpoints\n\nPort knocking from the scratch\n\nhttps://antonio-cooler.gitbook.io/coolervoid-tavern/port-knocking-from-the-scratch\n\nDay 3 \u2014 Next Level Font Obfuscation\n\nhttps://medium.com/@doctoreww/day-3-next-level-font-obfuscation-7a6cd978c7a5\n\nGatekeeper\u2019s Achilles heel: Unearthing a macOS vulnerability\n\nhttps://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability\n\nMeshyJSON: A TP-Link tdpServer JSON Stack Overflow.\n\nhttps://research.nccgroup.com/2022/12/19/meshyjson-a-tp-link-tdpserver-json-stack-overflow\n\n\u200b\u200bSentinelSneak: Malicious PyPI module poses as security software development kit\n\nhttps://blog.reversinglabs.com/blog/sentinelsneak-malicious-pypi-module-poses-as-security-sdk\n\n\u200b\u200bFontuscator\n\nA way to use fonts to obfuscate text. See the demo below for an example.\n\nhttps://github.com/DoctorEww/Fontuscator\n\nDemo:\nhttps://doctoreww.github.io/Fontuscator/\n\n\ud835\udddb\ud835\uddee\ud835\uddf0\ud835\uddf8\ud835\uddf2\ud835\uddff\ud835\ude00 \ud835\uddd9\ud835\uddee\ud835\uddf0\ud835\ude01\ud835\uddfc\ud835\uddff\ud835\ude06\nwww.ghostclan.org", "creation_timestamp": "2022-12-24T02:43:41.000000Z"}, {"uuid": "b55dbc65-35d1-48d0-86f9-91cc9ee6ff30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-28655", "type": "seen", "source": "https://t.me/cibsecurity/54665", "content": "\u203c CVE-2021-28655 \u203c\n\nThe improper Input Validation vulnerability in \"\u00e2\u20ac\ufffdMove folder to Trash\u00e2\u20ac\ufffd feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-12-16T16:24:27.000000Z"}]}