New sensitive breach: "AI girlfriend" site Muah[.]ai had 1.9M email addresses breached last month. Data included AI prompts describing desired images, many sexual in nature and many describing child exploitation. 24% were already in @haveibeenpwned. More: https://www.404media.co/hacked-ai-girlfriend-data-shows-prompts-describing-child-sexual-abuse-2/

Ivanti warns of three more CSA zero-days exploited in attacks https://www.bleepingcomputer.com/news/security/ivanti-warns-of-three-more-csa-zero-days-exploited-in-attacks/

It's the spooky season, and #Microsoft and #Adobe have released their spookiest patches yet. Two bugs from Microsoft are under attack, and one looks strangely familiar. @TheDustinChilds breaks down the release and points out some deployment priorities. https://www.zerodayinitiative.com/blog/2024/10/8/the-october-2024-security-update-review

Happy #PatchTuesday from Microsoft: 5 ZERO-DAYS (2 exploited, all of them publicly disclosed)

• CVE-2024-43573 (6.5 medium) Microsoft Windows MSHTML Platform Spoofing Vulnerability (PUBLICLY DISCLOSED, EXPLOITED)
• CVE-2024-43572 (7.8 high) Microsoft Management Console Remote Code Execution Vulnerability (PUBLICLY DISCLOSED, EXPLOITED)
• CVE-2024-43583 (7.8 high) Winlogon Elevation of Privilege Vulnerability (PUBLICLY DISCLOSED)
• CVE-2024-20659 (7.1 high) Windows Hyper-V Security Feature Bypass Vulnerability (PUBLICLY DISCLOSED)
• CVE-2024-6197 (8.8 high) Open Source Curl Remote Code Execution Vulnerability (PUBLICLY DISCLOSED)

cc: @goatyell @mttaggart @hrbrmstr @ntkramer @iagox86 @zackwhittaker @dreadpir8robots @TheDustinChilds @neurovagrant @xorhex @campuscodi @briankrebs (remember to remove the mentions to avoid ReplyAll madness)

We can build the web that we want to see. Watch the recording of my talk from #XOXOFest!

https://www.youtube.com/watch?v=MTaeVVAvk-c

From HTTP request to ROP chain in Node.js! 🔥

Our latest blog post explains how to turn a file write vulnerability in a Node.js application into RCE – even though the target's file system is read-only:

https://www.sonarsource.com/blog/why-code-security-matters-even-in-hardened-environments/?utm_medium=mastodon&utm_source=twitter&utm_campaign=research&utm_content=social-why-code-security-matters-even-in-hardened-environments-241008-&utm_term=&s_category=Organic&s_source=Social%20Media&s_origin=mastodon

In response to my earlier post, some Twitter folks asked why I'm "so afraid of telemetry".

For one, it's because I've seen first-hand what ends up in it. Crash reporting is particularly bad: it's nearly impossible to reliably scrub of sensitive info - URLs, auth tokens, etc.

Worse, a lot of other "telemetry" is deliberately privacy-violating. "Don't worry, we only collect anonymized GPS routes". Except, you know, a buyer of this data can filter by tracks originating from my home.

But above all, I just don't want the mental burden of figuring this out for every piece of software I install, so I hate that it's the new norm.

If you want a peek at how I'm using your software, meaningfully ask, instead of sneaking it in on page 38 of the EULA.

@alienghic @ai6yr @meganL I read through Ajay Singh Chaudhary's "The Exhausted of the Earth" some months ago.

I got to this part:

"Capital will chew through the biosphere and societies alike in pursuit of an ever more costly maintenance of profitability."

About the same time as I read a piece about OpenAI claiming to want to spend the entire GDP of Japan on burning fuel and making electronic waste.

So I was not able to disagree with that part of his analysis.

TIL: AVX-512 supports an instruction implementing binary logic defined by a 3-input LUT. Sounds super handy.

https://arnaud-carre.github.io/2024-10-06-vpternlogd/

#Nikon video limit of 30 minutes? Let see if I can patch this bad boi.

#Ghidra #ReverseEngineering

Cisco security advisories:

1. Cisco UCS B-Series, Managed C-Series, and X-Series Servers Redfish API Command Injection Vulnerability CVE-2024-20365 (6.5 medium)
2. Cisco Small Business RV042, RV042G, RV320, and RV325 Routers Denial of Service and Remote Code Execution Vulnerabilities
   • CVE-2024-20516, CVE-2024-20517, CVE-2024-20522, CVE-2024-20523 and CVE-2024-20524 (6.8 medium) Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities
   • CVE-2024-20518, CVE-2024-20519, CVE-2024-20520 and CVE-2024-20521 (6.5 medium) Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
3. Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation and Remote Command Execution Vulnerabilities CVE-2024-20393 (8.8 high) CVE-2024-20470 (4.7 medium)
4. Cisco Nexus Dashboard Orchestrator SSL/TLS Certificate Validation Vulnerability CVE-2024-20385 (5.9 medium)
5. Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities
   • CVE-2024-20438 (6.3 medium) Cisco NDFC Unauthorized REST API Endpoints Vulnerability
   • CVE-2024-20441 (5.7 medium) Cisco NDFC Unauthorized REST API Endpoint Vulnerability
   • CVE-2024-20442 (5.4 medium) Cisco Nexus Dashboard Unauthorized REST API Endpoints Vulnerability
   • CVE-2024-20477 (5.4 medium) Cisco NDFC Unauthorized REST API Endpoint Vulnerability
6. Cisco Nexus Dashboard Hosted Services Information Disclosure Vulnerabilities CVE-2024-20490 and CVE-2024-20491 both 6.3 medium
7. Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability CVE-2024-20444 (5.5 medium)
8. Cisco Nexus Dashboard Fabric Controller Remote Code Execution Vulnerability CVE-2024-20449 (8.8 high)
9. Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability CVE-2024-20432 (9.9 critical) 🥵
10. Cisco Nexus Dashboard Fabric Controller Configuration Backup Information Disclosure Vulnerability CVE-2024-20448 (6.3 medium)
11. Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Session Takeover and Denial of Service Vulnerability CVE-2024-20509 (5.8 medium)
12. Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities
    • CVE-2024-20498, CVE-2024-20499, CVE-2024-20501 (8.6 high) Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN DoS Vulnerability
    • CVE-2024-20500 (5.8 medium) Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN DoS Vulnerability
    • CVE-2024-20502 (5.8 medium) Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN DoS Vulnerability
    • CVE-2024-20513 (5.8 medium) Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Targeted DoS Vulnerability
13. Cisco Identity Services Engine Information Disclosure Vulnerability CVE-2024-20515 (6.5 medium)
14. Cisco Expressway Series Privilege Escalation Vulnerability CVE-2024-20492 (6.0 medium)

At a glance no mention of exploitation:

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
Neither the Cisco Product Security Incident Response Team (PSIRT) nor the Cisco Meraki Incident Response Team is aware of any malicious use of the vulnerabilities that are described in this advisory.

#cisco #PatchTuesday #vulnerability #meraki #cve