Letting me have image editing software was a mistake

Updates get MitM'd by middleboxes (using shitty certs) all the time. This is why update packages are digitally signed and why many vendors simply use plain HTTP for delivery.

Yet for some reason Crowd Strike marked this as high severity with a CVSS vector indicating MitM -> full system compromise...

CVE-2025-1146

OK I think this (via @cR0w) deserves some more attention ( #CrowdStrike CVE-2025-1146):

https://www.crowdstrike.com/security-advisories/cve-2025-1146/

In short, Crowd Strike agents on Linux can be MitM'd when they connect to their mothership (CS cloud).

My first Q is: what exactly is delivered to Falcon sensors from the CS cloud?

I present my second Q as a meme for higher reach:

Happy #PatchTuesday from Palo Alto Networks (LIKELY ZERO-DAYS):
(Note: PAN likes to downplay by showing the base + threat metrics CVSSv4 score)

1. CVE-2025-0113 (CVSSv4.0: 7.6 high) Cortex XDR Broker VM: Unauthorized Access to Broker VM Docker Containers
2. CVE-2025-0112 (CVSSv4: 6.8 medium) Cortex XDR Agent: Local Windows User Can Disable the Agent
3. CVE-2025-0110 (CVSSv4.0: 8.6 high) PAN-OS OpenConfig Plugin: Command Injection Vulnerability in OpenConfig Plugin
   • Exploit Maturity: POC 🤔
4. PAN-SA-2025-0005 GlobalProtect Clientless VPN: Same-Origin Policy Does Not Apply When Using Clientless VPN
5. PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025) (multiple CVEs)
6. CVE-2025-0109 (CVSSv4: 6.9 medium) PAN-OS: Unauthenticated File Deletion Vulnerability on the Management Web Interface
   • Exploit Maturity: POC 🤔
7. CVE-2025-0111 (7.1 high) PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface

Palo Alto Networks is not aware of any malicious exploitation of this issue.

My new concern is whether I should say #zeroday for CVE-2025-0110 and 0109. Based on the First criteria for Exploit Maturity:
```Based on threat intelligence sources each of the following must apply:

• Proof-of-concept is publicly available
• No knowledge of reported attempts to exploit this vulnerability
• No knowledge of publicly available solutions used to simplify attempts to exploit the vulnerability```

#paloaltonetworks #infosec #vulnerability #cve #cybersecurity #poc #proofofconcept

@cR0w @_r_netsec DEVCORE are out of this world

@_r_netsec ../ alert @cR0w

An international team of scientists announced Wed the detection of an extraordinary, elusive #neutrino — a tiny, subatomic particle that flitted at close to the speed of light toward an undersea detector off the coast of Sicily carrying about 30k times the #energy generated by the largest particle accelerator on #earth.

The observation, unveiled in the journal #Nature, revealed the highest-energy neutrino ever detected.

#astrophysics #science #cool
https://www.nature.com/articles/s41586-024-08543-1

@HeliaXyana https://youtu.be/X5hR-av8jiI?si=KVuclYvpQGOurWoT&t=29

From Convenience to Contagion: The Half-Day Threat and Libarchive Vulnerabilities Lurking in Windows 11 https://devco.re/blog/2025/02/12/from-convenience-to-contagion-the-half-day-threat-and-libarchive-vulnerabilities-lurking-in-windows-11-en/

Here are the results of #ghidriff's VersionTrackingDiff ran on the latest patch of afd.sys (likely as the result of CVE-2025-21418):

https://gist.github.com/v-p-b/458475d0c7f8aaf6496b5168c04ea262

The change seems to affect a single but significant API (AfdAccept()), my initial guess is this was a locking issue.

#ExploitWednesday

Happy #PatchTuesday with GitLab: GitLab Patch Release: 17.8.2, 17.7.4, 17.6.5
8 CVEs (1 high severity, 7 medium). At a glance, no mention of exploitation.

#gitlab #cve #vulnerability #infosec #cybersecurity

As JD Vance delivered his speech about “European overregulation” and criticized “endless compliance costs imposed on the US companies by GDPR” I have seen some voices from Europe who said something to the effect “I don‘t know a single EU company happy about #GDPR either”.

Well, it’s kind of obvious companies aren’t happy because GDPR was not made to make companies happy but to protect the privacy of consumers 😄

This regulation is based on fundamental differences between US and EU legal systems. In EU, you own and control your personal data. In US it’s owned by whoever managed to extort it from you, and then aggregate, personalise and resell to any other entity anywhere.

For example, if you want to pay higher insurance premium because you have genetic tendencies to diabetes or obesity - well, that’s the US way of doing business, but it’s not the only one, nor it’s somehow axiomatically “better”. And yes, high insurance premiums also have the effect of increasing overall country’s GDP, just as a house burnt and rebuilt also does this magic, yet somehow few people celebrate it 😉

Then someone asked me if I really “feel that my data is better protected thanks to GDPR”. And yes, as a matter of fact the most invasive behavioural profiling aren’t being rolled out by companies like Twitter or Facebook to EU specifically because of GDPR, while in US they just roll them out without asking anyone.

Anyone… of course except for the states which have regulations very similar or even more restrictive than GDPR, such as California. Yet, because California is “their”, these companies and their CEOs with high media presence simply shut up and make their apps compliant with CCPA without all this barking about “how GDPR kills out business”.

It’s the same with EU VAT, about which Vance also whined, whereas US sales tax accounting rules are not even harmonized across states. But hey, you know what? An US business that has to emply a tax consulting company to get multi-state accounting right also increases overall GDP! 😄

So effectively what in US is perceived as each state’s fundamental right, sign of their diversity and key part of their autonomy, in the EU is portrayed as something equivalent to Soviet Union style central planning. And when they post all the memes about “bottle caps” in EU, they of course never mention a gazillion of state-level archaic or absurd regulations which are nonetheless binding, especially if someone likes to build a class lawsuit around them.

And now as Tesla opened a new factory in #China, I’ve never seen Musk make a single critical remark about the overregulation in China, even though it’s even more complex than EU and US taken together due to its vast geographic and administrative diversity.

The #MADWeb '25 program is live!

We've got 9 full papers, 3 work-in-progress papers, and 2 exciting keynotes lined up. Huge thanks to all the authors and the program committee!

Check out the details and get ready for a great event! 🔥

🔗 https://madweb.work/#program

See you in San Diego!

#NDSSSymposium2025 #websecurity

This is a friendly reminder that anyone can contribute to the lovebyte.party!

It is a party about tiny intros, that is held online on the weekend of 15. - 16. Feb 2025.

#bytebeat #bytejam #textmode #petscii #sizecoding #ascii #ansi #teletext

Has anyone looked into the "Advanced Installers" (...ai.dll) distributed via Windows Updates? #ExploitWednesday

[RSS] Micropatches Released for Microsoft Outlook Remote Code Execution Vulnerability (CVE-2025-21357)

https://blog.0patch.com/2025/02/micropatches-released-for-microsoft.html

Thanks @bagder for providing the Firefox ca bundle publicly in an accessible way here: https://curl.se/docs/caextract.html

Extra kudos for the appropriate curl command-line to automatically download the latest version!

#curl