@tychotithonus Yubico advisory is up: https://www.yubico.com/support/security-advisories/ysa-2024-03/

@jerry thanks, it's already better actually

We've updated our blog on abusing file deletes to escalate privileges. We've also released PoC to demonstrate this. The exploit offers a high degree of reliability and eliminates all race conditions. It has been tested on the latest Windows 11 Enterprise. https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks

D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported.

https://www.bleepingcomputer.com/news/security/d-link-says-it-is-not-fixing-four-rce-flaws-in-dir-846w-routers/

CVE-2024-45310: runc can be tricked into creating empty files/directories on host

https://seclists.org/oss-sec/2024/q3/237

[RSS] From a GLPI patch bypass to RCE.

https://sensepost.com/blog/2024/from-a-glpi-patch-bypass-to-rce/

SecureLayer7: CVE-2024-37084: Spring Cloud Remote Code Execution
SecureLayer7 has been churning out zero-day vulnerabilities (publicly releasing information about vulnerabilities without a coordinated vulnerability disclosure with the impacted vendor or assigning CVEs) and proofs of concepts for vulnerabilities. According to Spring.io, Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing platform deployed in Cloud Foundry and Kubernetes. CVE-2024-37084 (9.8 CRITICAL) is an arbitrary file write. SecureLayer7 used patch diffing to determine that it’s an insecure deserialization vulnerability that leads to remote code execution, and provides a proof of concept for it.

#vulnerability #CVE_2024_37084 #spring #cve #proofofconcept #poc

Mozilla Foundation security advisories:

• 2024-39 Security Vulnerabilities fixed in Firefox 130
• 2024-40 Security Vulnerabilities fixed in Firefox ESR 128.2
• 2024-41 Security Vulnerabilities fixed in Firefox ESR 115.15
• 2024-42Security Vulnerabilities fixed in Focus for iOS 130

No mention of Firefox for iOS or Thunderbird (which would arrive in 2 separate advisories). Expect future advisories likely later today. No mention of exploitation.

Edited to include late advisory for Focus for iOS 130.

#mozilla #firefox #PatchTuesday #vulnerability #cve

@jerry Hi! infosec.place throwing 504's again for the main timeline :( Could you please take a look?

The recording of our @WEareTROOPERS presentation is now online, enjoy!

#TROOPERS24 - IBM i for Wintel Hackers

https://www.youtube.com/watch?v=t4fUvfzgUbY

#IBMi

Recordings from this year's @WEareTROOPERS :

Track 1: https://www.youtube.com/watch?v=z-ug2dwcSz8&list=PL1eoQr97VfJmkXx9LNNY9RzQOKb6DOytP

Track 2: https://www.youtube.com/watch?v=2s6l0IkK52E&list=PL1eoQr97VfJkHzRHFEFyEzwyx-8m9Fbzp

Track 3: https://www.youtube.com/watch?v=Gmtwtw1uKss&list=PL1eoQr97VfJlIiZL-rP6jq3MFJAgzFYTZ

#TROOPERS24 #TROOPERS2024

Analysis of CVE-2024-37084: Spring Cloud Remote Code Execution https://blog.securelayer7.net/spring-cloud-skipper-vulnerability/

AI slide for the talk (work in progress):

AI does not save us

AI fools researchers think they found problems

AI assisted reports take longer to debunk

AI is an added burden for maintainers

@pancake @nanochess @travisgoodspeed I actually feel tempted build something with this, sounds awesome!

Off-By-One 2024 recordings:

- Day 1: https://www.youtube.com/watch?v=tAmjkfO3-Ow&list=PLiIDIO1Gp6V_I4mSvz8WDfLVt6xy85RvP

- Day 2: https://www.youtube.com/watch?v=508ng3J1FgI&list=PLiIDIO1Gp6V90DvDxshqdD1YgAjZRFDEj

Off-by-One 2024 Day 1 - Keynote : Breaking Into Vulnerability Research: Dr Silvio Cesare

https://www.youtube.com/watch?v=tAmjkfO3-Ow

#CanSecWest24 There Will Be Bugs Exploiting Basebands in Radio L2

https://static1.squarespace.com/static/5f3c7479f4b3c702571a047d/t/66692aa7da38a0750670bc5c/1718168234675/CSW24-There-Will-Be-Bugs-SlideDeck.pdf

:O

"The TMS9900 is bonkers. Big endian, has no stack pointer, and there's an instruction to execute the contents of a register as if it were an instruction in memory." - @travisgoodspeed

"Mike Brent (tursilion) made an awesome TMS9900 code generator for CVBasic, so now it can target TI-99/4A computers. The picture shows Viboritas running in the Classic99 emulator." - @nanochess

https://github.com/nanochess/cvbasic

CVE-2023-41111: Samsung Baseband RLC Data Re-Assembly Buffer Overflow

https://labs.taszk.io/blog/post/93_rlc_bof/

Traceeshark: Deep Linux runtime visibility meets Wireshark https://github.com/aquasecurity/traceeshark