Google Chrome Zero Day: Stable Channel Update for Desktop
This update includes 38 security fixes. (20 externally reported). CVE-2024-7971 (high severity) Type confusion in V8
Reported by Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC) on 2024-08-19

Google is aware that an exploit for CVE-2024-7971 exists in the wild.

cc: @campuscodi @briankrebs @mttaggart @deepthoughts10 @cR0w @regnil @bschwifty @arinc629 @Cali @wvu @hrbrmstr @avoidthehack @bieberium @AAKL (make sure to remove all the mentions to avoid ReplyAll madness)

#Google #Chrome #zeroday #vulnerability #eitw #activeexploitation #CVE #CVE_2024_7971

Physarum wires: Self-growing self-repairing smart wires made from slime mould: https://arxiv.org/abs/1309.3583 a.k.a. super super gross wires. This is for sure how you end up with the backstory for the Borg.

Aside from those unfortunate souls who have a dual-boot system that both wasn't detected by Microsoft and also is out of date enough so that its boot bits are noncompliant, who else might be affected by this?

Ventoy will fail to work on a SecureBoot-enabled Windows system with August's updates. The current Ventoy doesn't have a "shim,4" compliant EFI bootloader.

You can fix this if you don't care to wait for Ventoy to fix this.
Or do what probably a lot of people do, which is disable SecureBoot and forget to ever turn it back on again.
https://github.com/ventoy/Ventoy/issues/2692#issuecomment-2031412234

This won't likely surprise anyone, but "a prompt injection vulnerability in Slack AI makes it possible to fetch data from private Slack channels".

https://www.theregister.com/2024/08/21/slack_ai_prompt_injection/

#slack #ai #SlackAI #news #TechNews #technology

Pretty much. From the brand new issue of Phrack.

Binji's teaching in Europe! By popular demand and for the first time ever, Novice to Ninja is online in GMT! Uncover the truth behind today's most pressing cybersecurity issues, and what might be done to mitigate them. No reversing experience required! https://binary.ninja/training/n2n-syllabus.html

The SAILR paper is being presented at @USENIXSecurity
.

It's a nice piece of work. If you're interested in what we think, take a look at the in-depth review we did on Feb!

https://pad.rev.ng/s/T3RdsvKNx#

It's here! #Phrack officially released online, and with it my article! http://phrack.org/issues/71/9.html#article It's about writing a good virus, using oldschool techniques to show you how effective old stuff can still be! #infosec #malware

ugh. I picked up a shitty NUC from ewaste and it had a label on it for an AI company.
ahh, another startup that burnt out trying to build some silly AI project on crap hardware. I wonder what they did? I check their URL:
ahh. healthcare. great, great.

That’s no moon – it’s the Moon 🌗

The first colour images from ESA JUICE’s close lunar encounter last night are out.

Taken by the monitoring cameras, both show sunlit craters & shadows on the surface with parts of the spacecraft in the foreground.

At the top of the second image, you can just make out Earth as a small dark circle, surrounded by the ring of its backlit atmosphere.

We arrive (t)here tonight 🛰️🌏

Kudos to @stim3on for the magical processing 🙇‍♂️

#JUICELEGA

UPDATE: Palo Alto Cortex XSOAR CommonScripts Critical Vulnerability (CERT-EU Security Advisory 2024-083)

On August 14, 2024, Palo Alto Networks released a security advisory for a critical command injection vulnerability, CVE-2024-5914, in Cortex XSOAR. This flaw allows unauthenticated attackers to execute arbitrary commands within the context of an integration container, potentially compromising the system. The vulnerability affects the product's CommonScripts Pack and is rated as high severity with a CVSS score of 9.0.

https://www.cert.europa.eu/publications/security-advisories/2024-083/

There's an article written by me in Phrack Magazine: http://www.phrack.org/issues/71/11.html#article.
Very proud to be in that historic hacking magazine! For me, this is a major achievement :)

Bonus: the source code and binaries are here https://github.com/cryptax/talks/tree/master/Phrack-71

Enjoy! And if you really like it, I'd appreciate you nominate it here https://www.virusbulletin.com/conference/peter-szor-award/

Anybody with a paper edition to send me? This offer still stands: https://mastodon.social/@cryptax/112775284733028530

#phrack #dart #reverse #flutter

OpenBSD crond / crontab set_range() heap underflow - CVE-2024-43688

https://www.supernetworks.org/CVE-2024-43688/openbsd-cron-heap-underflow.txt

https://vulnerability.circl.lu/cve/CVE-2024-43688

#vulnerability #cron #crontab #infosec #crond #openbsd #unix

http://phrack.org/issues/71/1.html new Phrack is out!

it you would like to read ~10k words about going from "a 12kb binary that fell off a truck" to "a disassembler that knows the whole instruction set except like five opcodes", all without running a single instruction, phrack 71 is up and has a treat from me to you: http://phrack.org/issues/71/3.html#article

go to the cloud they said
it'll be fine they said

@johnefrancis
I was able to open up a Titan missile guidance computer and examine it hands-on. Unfortunately, nobody would give me a Minuteman guidance system to teardown. But I found that the National Air and Space Museum has extremely detailed photos that I could use for analysis.
https://www.righto.com/2020/03/inside-titan-missile-guidance-computer.html

I wrote a blog post that goes into much more detail on the Minuteman guidance system and computer, so check it out: https://www.righto.com/2024/08/minuteman-guidance-computer.html
22/23

Although the Minuteman guidance system is interesting technologically, one has to keep in mind its purpose was to unleash nuclear devastation On the other hand, Minuteman has been successful as a peacekeeping deterrent (so far). In any case, it is morally ambiguous compared to, say, the Apollo Guidance Computer. There are currently 400 Minuteman missiles active, down from a peak of 1000. 21/N

A launch normally requires launch orders from two separate Launch Control Centers. But a single surviving Launch Control Center could launch the missiles, unless vetoed before a timeout. A complicated state machine managed the launch process. 20/N