Here's a video overview of Venture, the cross-platform Windows Event Viewer. Version 0.2.0 now has the ability to join multiple .evtx files into a single view!

https://www.youtube.com/watch?v=LSobpAWwNV8

Grab Venture here: https://github.com/mttaggart/venture/releases/

"CrowdStrike, Fortinet Get Price Target Hikes Amid Booming Cybersecurity Market"

Clearly the Clownstrike "incident" doom is already behind, and Fortinet product security is irrelevant to stock price :X

Episode 8478 of how the internet works

Cisco Zero-Day: ClamAV OLE2 File Format Decryption Denial of Service Vulnerability
CVE-2025-20128 (5.3 medium) A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read.

The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.
The Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory.

Two more Cisco security advisories:

• Cisco Meeting Management REST API Privilege Escalation Vulnerability CVE-2025-20156 (9.9 critical)
• Cisco BroadWorks SIP Denial of Service Vulnerability CVE-2025-20165 (7.5 high)

These two do not mention proof of concept or exploitation.

#cisco #vulnerability #cve #infosec #cybersecurity

You've heard of #PatchTuesday, now get ready for PatchEveryday: Elastic security advisories 22 January 2025:

• Fleet Server 8.15.0 Security Update (ESA-2024-31) CVE-2024-52975 (8.0 high) Fleet Server sensitive information exposure via logs
• Kibana 8.15.0 Security Update (ESA-2024-29, ESA-2024-30) CVE-2024-43710 (4.3 medium) Kibana server-side request forgery

No mention of exploitation.

#elastic #kibana #vulnerability #CVE #infosec #cybersecurity

Everything in this talk is open-source, from our algorithms to the very decompiler we made to handle these optimizations:
https://github.com/angr/angr-management
https://www.usenix.org/system/files/sec23winter-prepub-301-basque.pdf

Try it out, and come with fun questions about decompilation :).

South Korean VPN provider IPany was breached in a supply chain attack by the "PlushDaemon" China-aligned hacking group, who compromised the company's VPN installer to deploy the custom 'SlowStepper' malware.

https://www.bleepingcomputer.com/news/security/ipany-vpn-breached-in-supply-chain-attack-to-push-custom-malware/

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 006a55e0

tdes_wrap_cipher

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F006a55e0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F006a55e0.json&colors=light

I just went through @drawio 's homepage so I can throw some money at them, but I just can't because disrupting unhealthy markets is its own reward it seems:

https://www.drawio.com/about

These people are pretty cool!

@timb_machine maybe it's for emergency remote technical support ;) ;)

It's flattering when your work appears in the news, I just wish this piece wasn't so terribly wrong on so many important details :P

I'll reshare the original instead: https://blog.silentsignal.eu/2025/01/21/ibm-acs-password-dump/

(If you want to pull your hair out: https://cybersecuritynews[.]com/ibm-i-access-client-vulnerability-exposed/)

@scottwilson With modern mobile UI's people no longer know what files are in the first place.

CVE-2025-0395: Buffer overflow in the GNU C Library's assert()

https://seclists.org/oss-sec/2025/q1/48

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75a1ff7cc

GetTrackingContextFromBase64String

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a1ff7cc.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a1ff7cc.json&colors=light

Oracle: Oracle Critical Patch Update Advisory - January 2025
It's a pain in the butt to read, but there's 300+ vulnerabilities and coupled with the Oracle VP of Security Assurance's blog post January 2025 Critical Patch Update Released, there's likely no mention of exploitation.

See related The Hacker News reporting: Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products

#oracle #vulnerability #PatchTuesday #cve #infosec #cybersecurity

What I call file format hexploring:
Read the specs, read parsers, craft pocs by hand if possible, explore the history and the features timeline, understand abuses, analyse at a low level…

The Trump administration removed all advisory committee members within the DHS, including those in CISA and CSRB, which was investigating Salt Typhoon (Becky Bracken/Dark Reading)

https://www.darkreading.com/threat-intelligence/trump-fires-cyber-safety-board-salt-typhoon-hackers
http://www.techmeme.com/250122/p3#a250122p3

Well that's awkward. @EQSTLab used a OS command injection bug, but it was one used last year. Alpine chose not to patch it since "in accordance with ISO21434...the vulnerability is classified as 'Sharing the Risk'." Yikes. The @EQSTLab team earns $5,000 and 1 Master of Pwn point.

Abstaining From #Pwn2Own

https://muffsec.com/blog/abstaining-from-pwn2own/