{"vulnerability": "cve-2023-0264", "sightings": [{"uuid": "7d90ed2a-6315-44ca-91b1-f909ddd30531", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-0264", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/309", "content": "Top Security News for 28/04/2023\n\nAndroid greybox fuzzing with AFL++ Frida mode\nhttps://www.reddit.com/r/netsec/comments/130uxye/android_greybox_fuzzing_with_afl_frida_mode/ \n\nUser impersonation via stolen UUID code in KeyCloak (CVE-2023-0264)\nhttps://www.reddit.com/r/netsec/comments/130km04/user_impersonation_via_stolen_uuid_code_in/ \n\nRTM Locker's First Linux Ransomware Strain Targeting NAS and ESXi Hosts\nhttps://thehackernews.com/2023/04/rtm-lockers-first-linux-ransomware.html \n\nZero Trust Data Security: It\u2019s Time To Make the Shift\nhttps://securityintelligence.com/articles/zero-trust-data-security-time-to-shift/ \n\nISC StormCast for Friday, April 28th, 2023\nhttps://isc.sans.edu/podcastdetail.html?id=8474 \n\nAPI and application attacks rising: Akamai.\nhttps://thecyberwire.com \n\nISC Stormcast For Friday, April 28th, 2023 https://isc.sans.edu/podcastdetail.html?id=8474, (Fri, Apr 28th)\nhttps://isc.sans.edu/diary/rss/29786 \n\nMicrosoft Confirms PaperCut Servers Used to Deliver LockBit and Cl0p Ransomware\nhttps://thehackernews.com/2023/04/microsoft-confirms-papercut-servers.html \n\nWhy you should practice rollbacks to prevent data loss in a ransomware attack\nhttps://www.microsoft.com/en-us/security/blog/2023/04/27/why-you-should-practice-rollbacks-to-prevent-data-loss-in-a-ransomware-attack/ \n\nSmash PostScript Interpreters Using a Syntax-Aware Fuzzer\nhttps://www.reddit.com/r/netsec/comments/130fg5s/smash_postscript_interpreters_using_a_syntaxaware/ \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2023-04-28T07:09:17.000000Z"}, {"uuid": "fb6293e3-69fe-4450-b272-afdd6ae19da2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-0264", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3880", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aA small PoC for the Keycloak vulnerability CVE-2023-0264\nURL\uff1ahttps://github.com/twwd/CVE-2023-0264\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-03-06T17:27:57.000000Z"}, {"uuid": "a791324e-ba51-4f73-bd6a-e0f01b3f552a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-0264", "type": "seen", "source": "https://t.me/cibsecurity/67799", "content": "\u203c CVE-2023-0264 \u203c\n\nA flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-04T22:41:24.000000Z"}, {"uuid": "fac09a71-6a79-4314-b370-58b6d3dd3486", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-0264", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3067", "content": "Cybersecurity News - Hackers Factory\n\n\u200aThe Week in Ransomware - May 2023 - Cities Under Attack\n\nhttps://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-26th-2023-cities-under-attack/\n\n\u200aDark Frost Botnet targets the gaming sector with powerful DDoS\n\nhttps://securityaffairs.com/146683/malware/dark-frost-botnet.html\n\n\u200aPhishing Domains Tanked After Meta Sued Freenom\n\nhttps://krebsonsecurity.com/2023/05/phishing-domains-tanked-after-meta-sued-freenom/\n\n\u200aChatGPT &amp; Bing \u2013 Indirect Prompt-Injection Attacks Leads to Data Theft\n\nhttps://gbhackers.com/indirect-prompt-injection-attacks/\n\n\u200aChatGPT CEO May Leave Europe If It Could Not Compile With AI Regulations\n\nhttps://gbhackers.com/chatgpt-ceo/\n\n\u200aFree VPN Data Breach \u2013 Over 360 Million User Records Exposed\n\nhttps://gbhackers.com/free-vpn-data-breach/\n\n\u200aWindows XP Activation Algorithm Cracked \u2013 Works With Linux\n\nhttps://cybersecuritynews.com/windows-xp-activation-algorithm/\n\n3 ways for Dynamic Code Loading in Android\n\nhttps://erev0s.com/blog/3-ways-for-dynamic-code-loading-in-android/\n\nWriting a Sliver C2 Powershell Stager with Shellcode Compression and AES Encryption\n\nhttps://medium.com/@youcef.s.kelouaz/writing-a-sliver-c2-powershell-stager-with-shellcode-compression-and-aes-encryption-9725c0201ea8\n\nMy Methods To Achieve Persistence In Linux Systems\n\nhttps://flaviu.io/advanced-persistent-threat/\n\nExploiting misconfigured Google Cloud Service Accounts from GitHub Actions\n\nhttps://www.revblock.dev/exploiting-misconfigured-google-cloud-service-accounts-from-github-actions/\n\nCVE-2023-28131: Expo Framework AuthSession Redirect Proxy redirect\n\nhttps://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services\n\nPaperCut Exploitation - A Different Path to Code Execution\n\nhttps://vulncheck.com/blog/papercut-rce\n\nInfecting SSH Public Keys with backdoors\n\nhttps://blog.thc.org/infecting-ssh-public-keys-with-backdoors\n\nVulnerability Spotlight: CVE-2023-0264\n\nhttps://mogwailabs.de/en/blog/2023/04/vulnerability-spotlight-cve-2023-0264/\n\nBypass Windows Defenses with Malware as Service\n\nhttps://read.martiandefense.llc/bypass-windows-defenses-with-malware-as-service-a7f99bacb7af\n\nBandit Stealer\n\nhttps://www.trendmicro.com/en_us/research/23/e/new-info-stealer-bandit-stealer-targets-browsers-wallets.html\n\nNixImports a .NET loader using HInvoke\n\nhttps://dr4k0nia.github.io/posts/NixImports-a-NET-loader-using-HInvoke/\n\nDrone Reverse Engineering using Packet Dissection with Wireshark\n\nhttps://read.martiandefense.llc/drone-reverse-engineering-using-packet-dissection-with-wireshark-a8fca5ae5476\n\nTechnical Analysis of Pikabot malicious backdoor\n\nhttps://www.zscaler.com/blogs/security-research/technical-analysis-pikabot\n\n#infosec #cybersecurity \n\nhttps://t.me/dilagrafie\nhttps://t.me/HackerFactory", "creation_timestamp": "2023-06-26T02:49:49.000000Z"}, {"uuid": "6366cd3b-17b4-4f65-bcfb-eeab522e8cf1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-0264", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/7289", "content": "User impersonation via stolen UUID code in KeyCloak (CVE-2023-0264)\n\nhttps://www.offensity.com/en/blog/user-impersonation-via-stolen-uuid-code-in-keycloak-cve-2023-0264/", "creation_timestamp": "2023-04-30T00:53:49.000000Z"}, {"uuid": "8c44385a-f1a4-49e2-9b1d-81b26492df7a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-0264", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8202", "content": "#exploit\n1. CVE-2023-0264:\nUser impersonation via stolen UUID code in KeyCloak\nhttps://www.offensity.com/en/blog/user-impersonation-via-stolen-uuid-code-in-keycloak-cve-2023-0264\n\n2. CVE-2023-29489:\nXSS vulnerability to cPanel via\u00a0security*cpanel*net\nhttps://blog.assetnote.io/2023/04/26/xss-million-websites-cpanel\n\n3. CVE-2023-23410:\nWindows HTTP.sys EoP Vulnerability\nhttps://github.com/numencyber/Vulnerability_PoC/tree/main/CVE-2023-23410", "creation_timestamp": "2023-04-28T11:01:16.000000Z"}]}