// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of February 5, 2024
Signal Brief · Archived

Week of February 5, 2024

2024-02-05 — 2024-02-11 · 3 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of February 5, 2024, ColdRecon logged 3 public endpoint-security events from open-source reporting — 1 incident, 1 research poc, 1 vuln disclosure. Vendors in the record this week: Microsoft, Fortinet.

The Week's Public Record

Events

2024-02-07
incident
Raspberry Robin Worm Uses 1-Day Exploits for Local Privilege EscalationCVE-2023-36802
The Raspberry Robin worm has been updated to use two new 1-day local privilege escalation exploits, including one for CVE-2023-36802, before public disclosure. The malware continues to evolve with new evasion techniques and delivery methods, spreading via Discord archives that sideload a malicious DLL using a legitimate Microsoft executable.
2024-02-05
research poc
Perun's Fart: API Unhooking Technique to Bypass EDR HooksPerun's Fart
A technique called Perun's Fart is demonstrated that unhooks antivirus/EDR hooks from ntdll.dll by spawning a suspended process, extracting a clean copy of ntdll.dll, and overwriting the hooked syscall stubs in the current process. This allows execution of shellcode without interference from security products. The article includes proof-of-concept code.
2024-02-05
vuln disclosure
Fortinet FortiSIEM OS Command Injection Vulnerability (CVE-2024-23108)CVE-2024-23108
A critical OS command injection vulnerability (CVE-2024-23108) in Fortinet FortiSIEM allows unauthenticated remote attackers to execute arbitrary commands via crafted API requests. Public proof-of-concept exploits are available, and the vulnerability has a CVSS score of 10.0. Fortinet has released patches in versions 6.4.3, 6.5.2, 6.6.4, 6.7.6, and 7.0.1 or later.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →