// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of January 8, 2024
Signal Brief · Archived

Week of January 8, 2024

2024-01-08 — 2024-01-14 · 3 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of January 8, 2024, ColdRecon logged 3 public endpoint-security events from open-source reporting — 2 vuln disclosures, 1 incident. Vendors in the record this week: Microsoft, Palo Alto Networks, Trellix.

The Week's Public Record

Events

2024-01-12
incident
CVE-2023-36025 Exploited in Phemedrone Stealer Campaign for SmartScreen BypassCVE-2023-36025
The Phemedrone Stealer campaign actively exploits CVE-2023-36025, a Windows Defender SmartScreen bypass vulnerability, to deliver malware. Attackers use crafted .url files to evade SmartScreen warnings and execute malicious .cpl files, leading to data theft from browsers, crypto wallets, and messaging apps. The vulnerability was patched in November 2023 but remains exploited in the wild.
2024-01-12
vuln disclosure
Cortex EDR Temporary File Exposure Before EncryptionCortex EDR TFS Vulnerability
A vulnerability in Cortex EDR allows local attackers to access sensitive log files before they are encrypted by the TFS process. During support file generation, temporary unencrypted copies of files like trapsd.log, agset.json, and defaultprofile.json are briefly stored in C:\ProgramData\Cyvera\LocalSystem\, enabling data theft. This bypasses the intended encryption and password protection of the generated support ZIP file.
2024-01-09
vuln disclosure
CVE-2024-0213: Trellix Agent Privilege Escalation VulnerabilityCVE-2024-0213
CVE-2024-0213 is a buffer overflow vulnerability in Trellix Agent for Linux and macOS prior to version 5.8.1. A local attacker can exploit improper input validation to escalate privileges to root or cause denial of service. The flaw also risks disabling event reporting to ePO, undermining endpoint security monitoring.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →