@cR0w @screaminggoat I will never not like this meme!

Picard management tip: It's okay not to know things. Practice saying "I don't know." Go ahead. Say it.

Kennt ihr #wuppiefuzz ?

Ist ein coverage-guided REST-Fuzzer und Open-Source.

Bin heute darüber gestolpert und dacht das ist teilenswert.

https://github.com/TNO-S3/WuppieFuzz

#fuzzing

Our blog site is having a moment, and @TheDustinChilds is stuck on a plane in DFW, but nothing stops Patch Tuesday. There's 2 Microsoft bugs being exploited in the wild and some things we've never seen before. Read all the details at https://www.zerodayinitiative.com/blog/2025/2/11/the-february-2025-security-update-review

CISA: CISA Adds Four Known Exploited Vulnerabilities to Catalog

• CVE-2025-21418 (7.8 high) Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
• CVE-2025-21391 (7.1 high) Microsoft Windows Storage Link Following Vulnerability
• CVE-2024-40890 (8.8 high) Zyxel DSL CPE OS Command Injection Vulnerability
• CVE-2024-40891 (8.8 high) Zyxel DSL CPE OS Command Injection Vulnerability

The Zyxel stuff is not new, but since the Microsoft zero-days are part of #PatchTuesday, I'm including them in this conversation.

#cisa #kev #cisakev #KnownExploitedVulnerabilitiesCatalog #vulnerability #zeroday #eitw #activeexploitation #infosec #cybersecurity #cve

Happy #PatchTuesday from Ivanti: February Security Update

• Security Advisory Ivanti Cloud Services Application (CSA) (CVE-2024-47908, CVE-2024-11771)
• N-MDM - Security Advisory Ivanti Neurons for MDM (N-MDM)
• February Security Advisory Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs)

We are not aware of any customers being exploited by these vulnerabilities prior to public disclosure. These vulnerabilities were disclosed through our responsible disclosure program.

ivanti #ivantiCSA #neurons #connectsecure #cve #vulnerability #infosec #cybersecurity

Happy #PatchTuesday from Microsoft: 4 ZERO-DAYS (2 EXPLOITED) out of 56 new CVEs

• CVE-2025-21377 (6.5 medium) NTLM Hash Disclosure Spoofing Vulnerability (PUBLICLY DISCLOSED)
• CVE-2025-21194 (7.1 high) Microsoft Surface Security Feature Bypass Vulnerability (PUBLICLY DISCLOSED)
• CVE-2025-21418 (7.8 high) Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability (EXPLOITED)
• CVE-2025-21391 (7.1 high) Windows Storage Elevation of Privilege Vulnerability (EXPLOITED)

#microsoft #zeroday #cve #eitw #activeexploitation #vulnerability #infosec #cybersecurity

Cisco Talos is grinding through NVIDIA nvJPEG2000, check out their vulnerability reports page for details:

https://talosintelligence.com/vulnerability_reports#disclosed

CVE-2024-0142, CVE-2024-0143, CVE-2024-0144, CVE-2024-0145

[RSS] Exploring a VPN Appliance: A Researcher's Journey [CVE-2024-46666, CVE-2024-46668]

https://www.akamai.com/blog/security-research/2025-february-fortinet-critical-vulnerabilities

"We%27ll go through the processes of getting the firmware, decrypting, setting up a debugger, and finally looking for vulnerabilities." -> Mad respect!

That's it, I unsubscribed Sonar because of their shitty RSS :P

A demonstration of writing a simple Windows driver in Rust

https://scorpiosoftware.net/2025/02/08/writing-a-simple-driver-in-rust/

Discussions: https://discu.eu/q/https://scorpiosoftware.net/2025/02/08/writing-a-simple-driver-in-rust/

#programming #rustlang

Good tools are made of bugs: How to monitor your Steam Deck with one byte.
Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming.
A Christmas gift in February, brought to you by the incredible @pwissenlit 🫶

https://blog.quarkslab.com/being-overlord-on-the-steam-deck-with-1-byte.html

Happy #PatchTuesday from SolarWinds:

• Sensitive data disclosure vulnerability (CVE-2024-45718) 4.6 medium
• SolarWinds Platform Information Disclosure Vulnerability (CVE-2024-52611) 3.5 low
• SolarWinds Platform Server-Side Request Forgery Vulnerability (CVE-2024-52606) 3.5 low

No mention of exploitation.

#solarwinds #cve #vulnerability

ElecticIQ: Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns
EclecticIQ analysts assess with high confidence that Sandworm (APT44), a threat actor supporting Russia's Main Intelligence Directorate (GRU), is actively conducting a cyber espionage campaign against Ukrainian Windows users. Likely ongoing since late 2023, following Russia's invasion of Ukraine, Sandworm leverages pirated Microsoft Key Management Service (KMS) activators and fake Windows updates to deliver a new version of BACKORDER, a loader previously associated with the group. BACKORDER ultimately deploys Dark Crystal RAT (DcRAT), enabling attackers to exfiltrate sensitive data and conduct cyber espionage.

Multiple pieces of evidence strongly link this campaign to Sandworm, also tracked by CERT-UA as UAC-0145, based on recurring use of ProtonMail accounts in WHOIS records, overlapping infrastructure, and consistent Tactics, Techniques and Procedures (TTPs). Additionally, the reuse of BACKORDER, DcRAT, and TOR network mechanisms, along with debug symbols referencing a Russian-language build environment, further reinforce confidence in Sandworm's involvement. Yara and Sigma rules, and Indicators of Compromise are listed.

#russia #sandworm #apt44 #gru #threatintel #IOC #yara #sigma #malwareanalysis #infosec #cybersecurity #cti #cyberthreatintelligence

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75a785720

getBasicDataType

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a785720.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a785720.json&colors=light

@krypt3ia The broccoli head generation is finally taking over

Apparently Google is just shitty.

No duress signal or anything here. Just trying to fit in by being shitty. 🤦‍♂️

@freddy Note that this is typical to intranets where the risk of CSRF is negligible IMO

@freddy You typically see this when IIS handles NTLM/Kerberos auth. Authentication is transparently handled on the (Windows) client so even if the session cookie is not sent (e.g. due to SameSite) with the original request, the request gets reauthenticated and (in most cases) the requested action will be performed at server-side.

‘We must...fiercely protect the progress women in science have made!’ 🔬On #womeninscienceday don't miss this insightful interview w/ Suropriya Saha, Max Planck Research Group Leader, on the legacy of #Physics Nobel laureate Maria Goeppert Mayer!🌟 ▶️ https://www.mpg.de/23712159/suropriya-saha-about-maria-goeppert-mayer #GirlsinStem