Posts
2507
Following
574
Followers
1284
A drunken debugger

Heretek of Silent Signal
repeated

The Sovereign Tech Agency is looking for an experienced and innovative expert in to lead the Sovereign Tech Resilience program.

https://www.sovereign.tech/jobs/cybersecurity-program-lead

0
4
0
repeated

Juniper: 2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged
Juniper warns that customers with Juniper Session Smart Routers (SSR) are getting infected with Mirai DDoS botnet malware because they didn't change from the default password. 🤦‍♂️

0
2
0
repeated

What do you think, AI slop or not? It's not always easy to tell...

https://hackerone.com/reports/2905552

9
1
0
repeated

Petition to flood GitHub with AI-generated code to trigger model collapse.

1
2
0
[RSS] How an obscure PHP footgun led to RCE in Craft CMS

https://www.assetnote.io/resources/research/how-an-obscure-php-footgun-led-to-rce-in-craft-cms

Oh the memories...
0
1
1
repeated

Hi Mastodon hivemind, a friend has a Gemmacert device and the company behind it has gone bankrupt. He's wondering whether someone has already reverse engineered it, so he can continue to use his expensive machine to measure how potent his weed is

1
2
0
repeated

Talos Vulnerability Reports

New vulnerability report from Talos:

Foxit Reader 3D Page Object Use-After-Free Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2094

CVE-2024-47810
0
2
0
repeated

Talos Vulnerability Reports

New vulnerability report from Talos:

Foxit Reader Checkbox Calculate CBF_Widget Use-After-Free Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2093

CVE-2024-49576
0
1
0
repeated

cts🌸🏳️‍⚧️

New attack on x86 secure enclaves, specifically AMD SEV this time. SEV is AMD's answer to Intel TDXs.

Basically tricking the CPU into thinking the DRAM is a different size, causing physical address aliasing, which can then be exploited

0
4
0
repeated

"Your GitHub account now includes free use of GitHub Copilot"
LOL get fucked

16
8
0
repeated

Why do iOS apps update so much. “Bug fixes and improvements.” You’ve said that every week for eight years. I’m impressed by the commitment honestly but what are you DOING in there

6
4
0
repeated

Biden has just pardoned the entire executive team behind the Windows 11 out of box experience.

4
12
0
repeated

Almost exactly a year ago, Rapid7 put out a technical analysis of Apache 2 CVE-2023-50164 that said:

* Exploit payloads were going to need to be customized to the target

* It wasn't clear that there was any critical mass of remotely exploitable applications out of the box

* The reports of exploitation in the wild all appeared to be unsuccessful attempts rather than IRL compromises of production systems.

https://attackerkb.com/topics/pe3CCtOE81/cve-2023-50164/rapid7-analysis

Fast-forward to CVE-2024-53677 and we can repeat the above verbatim, with one pretty notable exception — the "fixed" version that ostensibly remediates the vulnerability actually doesn't, and code-level changes are required (to migrate away from the vulnerable file upload interceptor) to actually remediate it. Also the "fixed" release (6.4.0) appears to have gone out a year ago? No idea. Big ups to @fuzz for the analysis!

https://attackerkb.com/assessments/28f08c0a-702c-4ab0-99cb-eea00202fa2c

2
6
0
repeated

CVE-2023-34990 is credited to @hacks_zach of Horizon3.ai. This gave me a starting point for figuring out where to look for information. It's contained in Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty” posted on 14 March 2024.

It is described as an unpatched vulnerability: "Unauthenticated Limited Log File Read – Allows retrieval of arbitrary log files which contain administrator session ID tokens" Check out the Path to Remote Code Execution #2 section for vulnerability details:

This vulnerability allows remote, unauthenticated attackers to access and abuse builtin functionality meant to read specific log files on the system via a crafted request to the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint. This issue results from the lack of input validation on request parameters allowing an attacker to traverse directories and read any log file on the system.

Based on the details of the blog, I can confidently say that the new CVE and the blog's vulnerability are almost certainly one and the same.

cc: @GossiTheDog @jerry

2
5
0
repeated
repeated
repeated

@cR0w I found it. I found the vulnerability details: https://www.horizon3.ai/attack-research/disclosures/fortiwlm-the-almost-story-for-the-forti-forty
Unauthenticated Limited Log File Read – Allows retrieval of arbitrary log files which contain administrator session ID tokens

"CVE-2024-???? (0-day): Fortinet FortiWLM Unauthenticated Limited File Read Vulnerability"

This vulnerability allows remote, unauthenticated attackers to access and abuse builtin functionality meant to read specific log files on the system via a crafted request to the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint. This issue results from the lack of input validation on request parameters allowing an attacker to traverse directories and read any log file on the system.

1
3
0
Show older