// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of July 24, 2023
Signal Brief · Archived

Week of July 24, 2023

2023-07-24 — 2023-07-30 · 2 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of July 24, 2023, ColdRecon logged 2 public endpoint-security events from open-source reporting — 1 vuln disclosure, 1 research poc. Vendors in the record this week: Atera.

The Week's Public Record

Events

2023-07-24
vuln disclosure
CVE-2023-26078: Atera Agent Privilege Escalation VulnerabilityCVE-2023-26078
A privilege escalation vulnerability exists in Atera Agent 1.8.4.4 and earlier on Windows due to improper handling of privileged APIs. Local attackers can exploit this to gain elevated privileges, potentially leading to full system compromise. The vulnerability was published to NVD on 2023-07-24 and affects enterprise environments using Atera RMM.
2023-07-24
research poc
Red Teamers Demonstrate ETW Patching to Evade EDR DetectionETW Patching
A red team guide details how to patch Event Tracing for Windows (ETW) in memory to prevent security products from receiving telemetry, effectively silencing EDR. The technique bypasses userland hooking and ETW-based detections without requiring kernel access.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →