Posts
2524
Following
647
Followers
1461
"I'm interested in all kinds of astronomy."
buherator

buherator

[RSS] Was It Really GPAC? (No!) Getting a CVE Removed from CISA KEV

https://jericho.blog/2024/11/07/was-it-really-gpac-no-getting-a-cve-removed-from-cisa-kev/
0
2
3
buherator

buherator

[RSS] Introduction to Procedural Debugging through Binary Libification [USENIX paper]

https://www.usenix.org/conference/woot24/presentation/brossard

%27In this article, we introduce the notions of "libification" and "procedural debugging" to facilitate partial debugging of binaries at the procedural level. These techniques allow the transformation of arbitrary dynamically linked ELF binaries into shared libraries, and the study of memory corruption bugs by directly calling the vulnerable functions, hence separating the memory corruption intraprocedural analysis from the reachability problem. %27
0
0
1
buherator

buherator

Reply to @csepp@merveilles.town
@csepp That was it thank you!
0
0
0
buherator

buherator

Woohoo! My PR got merged and deployed to prod so now you can search MITRE ATT&CK with the !attack Bang with @kagihq \o/

https://github.com/kagisearch/bangs/pull/125
1
1
8
buherator

buherator

I remember a set of torrents for de-facto standard online content like Wikipedia, Arch Wiki, etc. but can't seem to find them.

Any clues?
1
1
1
buherator
repeated
bert_hubert@fosstodon.org

bert hubert ๐Ÿ‡บ๐Ÿ‡ฆ๐Ÿ‡ช๐Ÿ‡บ๐Ÿ‡บ๐Ÿ‡ฆ

If as it appears likely that ๐Ÿ‡ช๐Ÿ‡บwill have to start defending itself against Russia ๐Ÿ‡ท๐Ÿ‡บ alone it may be good to realize our IT systems and society arenโ€™t remotely ready for that. https://berthub.eu/articles/posts/cyber-security-pre-war-reality-check/

0
6
0
buherator

buherator

Reply to @singe@chaos.social
@singe Didn't know that site, looks really useful! On the other hand I see 0 chance such sites would get off among the majority of the population, esp. when compared to social media.
0
0
1
buherator

buherator

Reply to @singe@chaos.social
@singe I was wondering how much of this is enabled by social media microtargeting (everyone gets what they want to hear, even contradictory messages work)
1
0
1
buherator
repeated
binary_gecko@bird.makeup

Binary Gecko

Ekoparty 2024 Binary Gecko Challenge ๐Ÿ‡ฆ๐Ÿ‡ท

Complete the challenge to get a ticket to our VIP dinner/party event in Buenos Aires during the conference.

Winners will also get an interview for a Security Researcher position at Binary Gecko.

https://github.com/Binary-Gecko/ekoparty2024_challenge

0
2
0
buherator

buherator

#music #uspol #punk
Show content
https://www.youtube.com/watch?v=1CP9Peipxzk
0
0
0
buherator
repeated
realhackhistory@chaos.social

[realhackhistory@home]#

William Gibson talks about and , as well as the dangers of cyberspace, back in 1993.

1
2
0
buherator

buherator

Reply to @bagder@mastodon.social
@bagder I see strong correlation between bullshit bug reports (not just in curl and not just about security) and the inability to use the markup of the bug tracker
0
0
0
buherator
repeated
bagder@mastodon.social

daniel:// stenberg://

strcpy can cause a buffer overflow

user finds strcpy in code

user files a CRITICAL security report against for using strcpy in source code. Proof? Well he did grep the code and shows that it does indeed use strcpy...

Never a dull moment.

7
2
0
buherator

buherator

Mind the v8 patch gap: Electron's Context Isolation is insecure

https://s1r1us.ninja/posts/electron-contextbridge-is-insecure/

/via exploits.club
0
1
3
buherator

buherator

Idiomatic #Rust bindings for the #IDAPro SDK, enabling the development of standalone analysis tools using IDA v9.0โ€™s idalib.

https://github.com/binarly-io/idalib

/via exploits.club
0
0
2
buherator

buherator

#Hexacon2024 talks:

https://www.youtube.com/playlist?list=PLiEHUFG7koLvk72LC2xGCn65M535-vIEC

/via exploits.club
0
1
3
buherator
repeated
tiraniddo@infosec.exchange

James Forshaw donor

Reply to @Infoseepage@mastodon.social

@Infoseepage @tychotithonus for now at least you can uninstall notepad (right click the start icon and choose uninstall) and it'll revert to the classic version. How long that lasts I don't know. Also it breaks it being used as a target for opening .txt files as modern explorer is garbage.

1
2
0
buherator
repeated
screaminggoat@infosec.exchange

screaminggoat

CISA: CISA Adds Four Known Exploited Vulnerabilities to Catalog
Hot off the press!

  • CVE-2024-5910 (9.3 critical) Palo Alto Expedition Missing Authentication Vulnerability
  • CVE-2024-43093 (high) Android Framework Privilege Escalation Vulnerability
  • CVE-2024-51567 (10.0 critical ๐Ÿฅณ) CyberPanel Incorrect Default Permissions Vulnerability
  • CVE-2019-16278 (9.8 critical) Nostromo nhttpd Directory Traversal Vulnerability

0
1
0
buherator

buherator

Reply to
@cR0w @Laukidh I heard Hidrogen is flammable, any plans for that?
1
0
2
buherator
repeated
screaminggoat@infosec.exchange

screaminggoat

Cisco multiple security advisories from 06 November 2024:

  1. CVE-2024-20418 (10.0 critical ๐Ÿฅณ) Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point Command Injection Vulnerability
  2. CVE-2024-20536 (8.8 high) Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability
  3. CVE-2024-20484 (7.5 high) Cisco Enterprise Chat and Email Denial of Service Vulnerability
  4. CVE-2024-20445 (5.3 medium) Cisco 7800, 8800, and 9800 Series Phones Information Disclosure Vulnerability
  5. CVE-2024-20533 and CVE-2024-20534 (4.8 medium) Cisco 6800, 7800, 8800, and 9800 Series Phones with Multiplatform Firmware Stored Cross-Site Scripting Vulnerabilities
  6. Cisco Identity Services Engine Vulnerabilities
    • CVE-2024-20476 (4.3 medium) Cisco ISE Authorization Bypass Vulnerability
    • CVE-2024-20487 (4.3 medium) Cisco ISE Stored XSS Vulnerability
  7. Cisco Identity Services Engine Vulnerabilities
    • CVE-2024-20525 and CVE-2024-20530 (6.1 medium) Cisco ISE Reflected Cross-Site Scripting Vulnerabilities
    • CVE-2024-20527, CVE-2024-20529, and CVE-2024-20532 (5.5 medium) Cisco ISE Arbitrary File Read and Delete Vulnerabilities
    • CVE-2024-20531 (5.5 medium) Cisco ISE XML External Entity Injection Vulnerability
    • CVE-2024-20528 (3.8 low) Cisco ISE Path Traversal Vulnerability
  8. Cisco Identity Services Engine Authorization Bypass and Cross-Site Scripting Vulnerabilities
    • CVE-2024-20537 (6.5 medium) Cisco ISE Authorization Bypass Vulnerability
    • CVE-2024-20538 (6.1 medium) Cisco ISE Cross-Site Scripting Vulnerability
    • CVE-2024-20539 (4.8 medium) Cisco ISE Stored Cross-Site Scripting Vulnerability
  9. CVE-2024-20457 (6.5 medium) Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability
  10. CVE-2024-20504 (5.4 medium) Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerability
  11. CVE-2024-20514 (5.4 medium) Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability
  12. CVE-2024-20511 (6.1 medium) Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
  13. CVE-2024-20507 (4.3 medium) Cisco Meeting Management Information Disclosure Vulnerability
  14. CVE-2024-20540 (5.4 medium) Cisco Unified Contact Center Management Portal Stored Cross-Site Scripting Vulnerability
  15. CVE-2024-20371 (5.3 medium) Cisco Nexus 3550-F Switches Access Control List Programming Vulnerability

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

1
1
0
Show older
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.