GitLab security advisory: GitLab Patch Release: 17.5.2, 17.4.4, 17.3.7

1. CVE-2024-9693 (8.5 high) Unauthorized access to Kubernetes cluster agent
2. CVE-2024-7404 (6.8 medium) Device OAuth flow allows for cross window forgery
3. requested CVE ID not yet available (6.5 medium) Denial of Service by importing malicious crafted FogBugz import payload
4. CVE-2024-8648 (6.1 medium) Stored XSS through javascript URL in Analytics dashboards
5. CVE-2024-8180 (5.4 medium) HTML injection in vulnerability Code flow could lead to XSS on self hosted instances
6. CVE-2024-10240 (5.3 medium) Information disclosure through an API endpoint

No mention of exploitation.

#GitLab #PatchTuesday #CVE #vulnerability #infosec #cybersecurity

A lot of people think Apple Silicon Macs can boot from external storage, and Apple themselves go to great lengths to pretend they can.

However, the iBoot bootloader does not have USB or Thunderbolt drivers at all, and absolutely cannot boot from external storage in any way, shape, or form.

But they're cheating.

When you "select" an external volume to "boot" from, whether from macOS or recoveryOS or the Boot Picker (which is just recoveryOS, which is just macOS), the fully booted OS with full access to external storage will copy the bootloader, firmware, and OS kernel to internal storage, then configure the machine to boot off of THAT. Then the bootloader is still just booting off of internal storage.

You can see this if you set up "external" boot, then try to power on the machine without the disk connected. The progress bar will appear below the Apple logo, and that progress bar is drawn by the macOS kernel, which proves macOS is already running, even though supposedly you removed the disk it's booting from. It only times out and fails a few seconds later when it can't find the external disk to mount the root filesystem from.

BTW, the only blocker for supporting the same exact mechanism for USB boot in Asahi Linux is that m1n1 does not have USB drivers either, which it needs to chain off stage 2 from USB. So if anyone wants to help out and write a bare-metal xHCI USB stack with enough support for hubs and mass storage devices in Rust... ;-)

Looks like #NVD has stopped enriching #CVE again. So that's neat

Don't miss a second of #ekoparty with the Ekoparty LadoB on Twitch https://www.twitch.tv/ekoparty

“If more of us valued food & cheer & song above hoarded gold, it would be a merrier world.”

J.R.R. Tolkien

I am going to talk at German OWASP Day in Leipzig today and I just learned it will be live streamed.

Tune in if you want to learn about cross-site leaks at 5pm CET (9am US Pacific). There's lots of other interesting stuff before me. The event has already started 😊 https://streaming.media.ccc.de/god2024

Lovely thread on X from some Indian hackers using a microwave as a Faraday cage & spoofing Californian Wi-Fi networks in order to unlock AirPod hearing-aid functionality for Grandma…
https://alecmuffett.com/article/110630
#apple #geoblocking #india

🤖 cheap Android set-top boxes might come with unexpected surprises. 0/10, would not recommend to buy https://cujo.com/blog/android-set-top-box-lies-about-its-os-version-comes-pre-infected-with-malware/

Down since the archive had to retool, emulation in the browser at @internetarchive is BACK.

A quarter million programs and growing can run free again.

But all anyone cares about is our #1 title:

https://archive.org/details/msdos_Oregon_Trail_The_1990

NIST standardisation organisation says that systems must phase out non-quantum-resistant cryptography by 2035. RSA, ECDSA, ECDH disallowed as insecure. https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8547.ipd.pdf

Improving Steam Client stability on Linux: setenv and multithreaded environments

https://ttimo.typepad.com/blog/2024/11/the-steam-client-update-earlier-this-week-mentions-fixed-some-miscellaneous-common-crashes-in-the-linux-notes-which-i-wante.html

"Ross Anderson had agreed with his publisher, Wiley, that he would be able to make all chapters of the 3rd edition of his book Security Engineering available freely for download from his website. These PDFs are now available there." 🎉 💔

https://www.cl.cam.ac.uk/archive/rja14/book.html

(As noted at: https://www.lightbluetouchpaper.org/2024/11/12/sev3-download/ )

Why chatbots are terrible for search, and why retrieval augmented generation doesn't fix that: https://buttondown.com/maiht3k/archive/information-literacy-and-chatbots-as-search/ by @emilymbender
#generativeAI

Happy #PatchTuesday from Citrix:

• NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2024-8534 and CVE-2024-8535
  • CVE-2024-8534 (CVSSv4: 8.4 high) Memory safety vulnerability leading to memory corruption and Denial of Service
  • CVE-2024-8535 (CVSSv4: 5.8 medium) Authenticated user can access unintended user capabilities
• Citrix Session Recording Security Bulletin for CVE-2024-8068 and CVE-2024-8069
  • CVE-2024-8068 (CVSSv4: 5.1 medium) Privilege escalation to NetworkService Account access
  • CVE-2024-8069 (CVSSv4: 5.1 medium) Limited remote code execution with privilege of a NetworkService Account access

Please see the advisories for the prerequisites for each vulnerability.

#Citrix #NetScaler #CVE #vulnerability #infosec #cyberesecurity

Microsoft:
The BinaryFormatter type is dangerous and is not recommended for data processing... BinaryFormatter is insecure and can't be made secure.

Citrix:
We have the facts and we're voting Yes for using BinaryFormatter for processing data in our product.

CVE(s) TBD...

https://labs.watchtowr.com/visionaries-at-citrix-have-democratised-remote-network-access-citrix-virtual-apps-and-desktops-cve-unknown/