Check Point: Attempted Zero-Day Exploitation: Important Security Update – Stay Protected Against VPN Information Disclosure (CVE-2024-24919)
Check Point warned on Monday 27 May 2024 of attacker attempts to gain unauthorized access to VPN products. They identified login attempts using old VPN local-accounts relying on unrecommended password-only authentication method. Check Point officially disclosed a sensitive information disclosure vulnerability tracked as CVE-2024-24919 (7.5 high):

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

This affects CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Spark Appliances versions: R80.20.x, R80.20SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, R81.20

View the following fix: Preventative Hotfix for CVE-2024-24919 - Quantum Gateway Information Disclosure

h/t to @serghei and @BleepingComputer for their initial news article. cc: @briankrebs @campuscodi @mttaggart @deepthoughts10 @dangoodin

#zeroday #CVE_2024_24919 #eitw #activeexploitation #VPN #CheckPoint #vulnerability #cve

Got root, what now? Practical post-exploitation steps on an F5 Big-IP appliance, by team members @drm and @myst404

https://offsec.almond.consulting/post-exploiting-f5-BIG-IP.html

We've all been laughing at the obvious fails from Google's AI Overviews feature, but there's a serious lesson in there too about how it disrupts the relational nature of information. More in the latest Mystery AI Hype Theater 3000 newsletter:

https://buttondown.email/maiht3k/archive/information-is-relational/

@mainframed767 imagine how the world would be different if Linus hadn't found a good reference book on the PC/AT-related hardware. https://social.v.st/@th/111399244283556494

Hacked? Ticketmaster's terrible, horrible, no good, very bad week just got worse:

https://databreaches.net/2024/05/28/hacked-ticketmasters-terrible-horrible-no-good-very-bad-week-just-got-worse/

#databreach #infosec #Ticketmaster

@campuscodi

idk why people say funding OSS is difficult

do you think this is an appropriate amount of spite to put into a reverse engineering project?

Sorry to say, archive.org is under a ddos attack. The data is not affected, but most services are unavailable.

We are working on it & will post updates in comments.

Can confirm that Recall data is indeed stored in a SQLite3 database. The folder it's in is fully accessible only by SYSTEM and the Administrators group. Attempting to access it as a normal user yields the usual "You don't currently have permission" error. Here's how the database is laid out for those curious, figured you might appreciate a few screenshots.

Microsoft published a report last month acknowledging the existence of a long running honeypot operation running on code.microsoft[.]com.

https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/examining-the-deception-infrastructure-in-place-behind-code/ba-p/4124464

#microsoft #infosec #threatintel

Your developers upload 0-day exploit documentation to VirusTotal.

#opsec

https://securelist.com/cve-2024-30051/112618/

Repost with alt-text:

A heartbreaking moment that was saved by an SS photographer at Auschwitz II-Birkenau during the deportations of Hungarian Jews. It was taken 80 years ago, most likely in late May 1944. A little child finds a dandelion in the grass and is handing it or showing it to an older boy.
1/2

Heads up to anyone using facebook or insta: you'll receive a notification about your data being used to train AIs. The opt out process is deliberately convoluted and you have to fill out a form to object. This is what I wrote in mine, and the objection was immediately registered as successful, so feel free to copy.

Masto reply bores, this is not a post on which to fart out your opinions about Meta or AI or whatever. So don't. I'm sharing helpful info for people who need it, not for you.

idk i feel like it probably says something about our education system that people frequently have nightmares about being in it 20 years after the fact

With the impending doom of ICQ in June and the new crappy version of Teams coming in July, I would like to post this meme one final time

#ICQ #Teams #Microsoft #MicrosoftTeams

Sierra On-Line accidentally included the source code to their AGI adventure game engine on some copies of Space Quest II. Its presence is not obvious but with enough sector sleuthing it is possible to recover about 70% of it. The recovered source code is peppered with illuminating comments regarding its history and authors. It can be examined in a GitHub repo linked in the article.

"The Space Quest II Master Disk Blunder"
https://lanceewing.github.io/blog/sierra/agi/sq2/2024/05/22/do-you-own-this-space-quest-2-disk.html

I remember when Windows 10 mail was local only, before a Windows Update made it cloud-only. I remember Edge didn't have built-in ads, before an update put ads everywhere. I remember when the My Documents folder was local-only by default, until a new version of OneDrive pushed it all to the cloud by default.

History suggests that this kind of product is too often a wedge to justify more abuse of personal information in the future.

Another large language model scraper blocked. This graph is from a site which runs a tool generating answers for people doing important research work. The AI scraper sent hundreds of thousands of lookup requests evading rate limits by using about a thousand IPs and pinned multiple webservers at 100% CPU (graph from one attached). This is a massive waste of electricity to train a hallucination machine.

I got ahold of the Copilot+ software.

Recall uses a bunch of services themed CAP - Core AI Platform. Enabled by default.

It spits constant screenshots (the product brands then “snapshots”, but they’re hooked screenshots) into the current user’s AppData as part of image storage.

The NPU processes them and extracts text, into a database file.

The database is SQLite, and you can access it as the user including programmatically. It 100% does not need physical access and can be stolen.