// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRF-01DTG 0600Z
ColdRecon / Brief Archive / Week of August 26, 2024
Signal Brief · Archived

Week of August 26, 2024

2024-08-26 — 2024-09-01 · 2 PUBLIC EVENTS · GENERAL / NON-PERSONALIZED

In the week of August 26, 2024, ColdRecon logged 2 public endpoint-security events from open-source reporting — 1 vuln disclosure, 1 research poc. Vendors in the record this week: Datadog.

The Week's Public Record

Events

2024-08-29
vuln disclosure
Multiple OpenSSL CVEs Flagged in Datadog Agent by Wiz Security ScanCVE-2023-0464, CVE-2023-2975, CVE-2023-3446, CVE-2023-3817, CVE-2023-4807, CVE-2023-5363, CVE-2023-5678, CVE-2023-6129, CVE-2023-6237, CVE-2024-0727
A user reported that Wiz Security Scan detects multiple OpenSSL CVEs in the latest Datadog Agent on Windows, due to an outdated libssl-3-x64.dll (version 3.0.8.0) bundled with the confluent_kafka library. The issue was acknowledged and closed as completed, indicating a fix was implemented.
2024-08-28
research poc
Poortry/BurntCigar toolkit evolves to delete EDR componentsPoortry/BurntCigar EDR killer
Sophos reports that the Poortry/BurntCigar toolkit, used by multiple ransomware groups, has been updated to completely delete EDR components rather than just terminating processes. The toolkit uses a malicious kernel driver with stolen or forged code-signing certificates to bypass Driver Signature Enforcement and evade detection.
Every event in this brief is a record in ColdRecon's canonical set, drawn from public open-source reporting and linked to its source. This is the general, non-personalized signal — published 7 days after the fact. The live daily brief, written for your deals, is for cleared officers.

This is last week, public. Get this morning's, written for you.

The live ColdRecon brief lands at 0600 daily — the same signal, filtered to your competitors and framed for your deals. Request clearance and tomorrow's is yours.

Request Clearance →