Signal Brief · Archived
Week of July 24, 2023
The Week's Public Record
Events
2023-07-24
vuln disclosure
CVE-2023-26078: Atera Agent Privilege Escalation VulnerabilityCVE-2023-26078
A privilege escalation vulnerability exists in Atera Agent 1.8.4.4 and earlier on Windows due to improper handling of privileged APIs. Local attackers can exploit this to gain elevated privileges, potentially leading to full system compromise. The vulnerability was published to NVD on 2023-07-24 and affects enterprise environments using Atera RMM.
2023-07-24
research poc
Red Teamers Demonstrate ETW Patching to Evade EDR DetectionETW Patching
A red team guide details how to patch Event Tracing for Windows (ETW) in memory to prevent security products from receiving telemetry, effectively silencing EDR. The technique bypasses userland hooking and ETW-based detections without requiring kernel access.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.