{"vulnerability": "cve-2023-1550", "sightings": [{"uuid": "a8ed38bf-7858-423e-89df-ba3b97936d9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1550", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/2851", "content": "Cyber Security - Information Security - Pentesting News\n\n\u200aCryptocurrency companies backdoored in 3CX supply chain attack\n\nhttps://www.bleepingcomputer.com/news/security/cryptocurrency-companies-backdoored-in-3cx-supply-chain-attack/\n\n\u200aMullvad VPN Partners with the Tor Project to Release New Browser\n\nhttps://restoreprivacy.com/mullvad-vpn-partners-with-the-tor-project-to-release-new-browser/\n\n\u200aWinRAR SFX archives can run PowerShell without being detected\n\nhttps://www.bleepingcomputer.com/news/security/winrar-sfx-archives-can-run-powershell-without-being-detected/\n\n\u200aUS seizes $112 million from cryptocurrency investment scammers\n\nhttps://www.bleepingcomputer.com/news/security/us-seizes-112-million-from-cryptocurrency-investment-scammers/\n\n\u200aCISA warns of Zimbra bug exploited in attacks against NATO countries\n\nhttps://www.bleepingcomputer.com/news/security/cisa-warns-of-zimbra-bug-exploited-in-attacks-against-nato-countries/\n\n\u200aRorschach \u2013 A New Sophisticated and Fast Ransomware\n\nhttps://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/\n\n\u200aAndroid April 2023 update fixes two critical RCE (CVE-2023-21085 & CVE-2023-21096) flaws\n\nhttps://securityonline.info/cve-2023-21085-cve-2023-21096-android-remote-code-execution-vulnerability/\n\n\u200apicoCTF writeup: Introductory cryptanalysis and stenography\n\nhttps://infosecwriteups.com/picoctf-writeup-introductory-cryptanalysis-and-stenography-90e610cff785?source=rss----7b722bfd1b8d---4\n\n\u200aCVE-2023-1550: F5 NGINX Agent information disclosure\n\nhttps://securityonline.info/cve-2023-1550-f5-nginx-agent-information-disclosure/\n\n\u200acertsync: Dump NTDS with golden certificates and UnPAC the hash\n\nhttps://securityonline.info/certsync-dump-ntds-with-golden-certificates-and-unpac-the-hash/\n\n#infosec #cybersecurity", "creation_timestamp": "2023-04-04T11:36:07.000000Z"}, {"uuid": "c5c9bf3f-1897-40ec-a293-4e451f0475e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-1550", "type": "seen", "source": "https://t.me/cibsecurity/61023", "content": "\u203c CVE-2023-1550 \u203c\n\nInsertion of Sensitive Information into log file vulnerability in NGINX Agent. NGINX Agent version 2.0 before 2.23.3 inserts sensitive information into a log file. An authenticated attacker with local access to read agent log files may gain access to private keys. This issue is only exposed when the non-default trace level logging is enabled. Note: NGINX Agent is included with NGINX Instance Manager and used in conjunction with NGINX API Connectivity Manager, and NGINX Management Suite Security Monitoring.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-03-29T20:15:34.000000Z"}]}