The Sovereign Tech Agency is looking for an experienced and innovative expert in #opensource #security to lead the Sovereign Tech Resilience program.
https://www.sovereign.tech/jobs/cybersecurity-program-lead #fossjobs #getfedihired
Juniper: 2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged
Juniper warns that customers with Juniper Session Smart Routers (SSR) are getting infected with Mirai DDoS botnet malware because they didn't change from the default password. 🤦♂️
#juniper #threatintel #cybersecurity #infosec #mirai #botnet #securitybestpractice
What do you think, AI slop or not? It's not always easy to tell...
Petition to flood GitHub with AI-generated code to trigger model collapse.
Hi Mastodon hivemind, a friend has a Gemmacert device and the company behind it has gone bankrupt. He's wondering whether someone has already reverse engineered it, so he can continue to use his expensive machine to measure how potent his weed is
New attack on x86 secure enclaves, specifically AMD SEV this time. SEV is AMD's answer to Intel TDXs.
Basically tricking the CPU into thinking the DRAM is a different size, causing physical address aliasing, which can then be exploited
"Your GitHub account now includes free use of GitHub Copilot"
LOL get fucked
Why do iOS apps update so much. “Bug fixes and improvements.” You’ve said that every week for eight years. I’m impressed by the commitment honestly but what are you DOING in there
Biden has just pardoned the entire executive team behind the Windows 11 out of box experience.
Almost exactly a year ago, Rapid7 put out a technical analysis of Apache #Struts 2 CVE-2023-50164 that said:
* Exploit payloads were going to need to be customized to the target
* It wasn't clear that there was any critical mass of remotely exploitable applications out of the box
* The reports of exploitation in the wild all appeared to be unsuccessful attempts rather than IRL compromises of production systems.
https://attackerkb.com/topics/pe3CCtOE81/cve-2023-50164/rapid7-analysis
Fast-forward to CVE-2024-53677 and we can repeat the above verbatim, with one pretty notable exception — the "fixed" version that ostensibly remediates the vulnerability actually doesn't, and code-level changes are required (to migrate away from the vulnerable file upload interceptor) to actually remediate it. Also the "fixed" release (6.4.0) appears to have gone out a year ago? No idea. Big ups to @fuzz for the analysis!
https://attackerkb.com/assessments/28f08c0a-702c-4ab0-99cb-eea00202fa2c
CVE-2023-34990 is credited to @hacks_zach of Horizon3.ai. This gave me a starting point for figuring out where to look for information. It's contained in Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty” posted on 14 March 2024.
It is described as an unpatched vulnerability: "Unauthenticated Limited Log File Read – Allows retrieval of arbitrary log files which contain administrator session ID tokens" Check out the Path to Remote Code Execution #2
section for vulnerability details:
This vulnerability allows remote, unauthenticated attackers to access and abuse builtin functionality meant to read specific log files on the system via a crafted request to the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint. This issue results from the lack of input validation on request parameters allowing an attacker to traverse directories and read any log file on the system.
Based on the details of the blog, I can confidently say that the new CVE and the blog's vulnerability are almost certainly one and the same.
cc: @GossiTheDog @jerry
#CVE_2023_34990 #fortinet #fortiwlm #vulnerability #CVE #infosec #cybersecurity
HIV breakthrough: drug trial shows injection twice a year is 100% effective against infection
http://theconversation.com/hiv-breakthrough-drug-trial-shows-injection-twice-a-year-is-100-effective-against-infection-233295
@cR0w I found it. I found the vulnerability details: https://www.horizon3.ai/attack-research/disclosures/fortiwlm-the-almost-story-for-the-forti-forty
Unauthenticated Limited Log File Read – Allows retrieval of arbitrary log files which contain administrator session ID tokens
"CVE-2024-???? (0-day): Fortinet FortiWLM Unauthenticated Limited File Read Vulnerability"
This vulnerability allows remote, unauthenticated attackers to access and abuse builtin functionality meant to read specific log files on the system via a crafted request to the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint. This issue results from the lack of input validation on request parameters allowing an attacker to traverse directories and read any log file on the system.