[RSS] K7 Antivirus: Named pipe abuse, registry manipulation and privilege escalation

http://blog.quarkslab.com/k7-antivirus-named-pipe-abuse-registry-manipulation-and-privilege-escalation.html

I so hate when a bug is like "here's an $API that does a thing", then you invoke $API and it doesn't do the thing.

Now I start searching for a solution, and all I can find is "oh you should just call $API!"

A hearty middle finger ( and not in the fun way ) to vendors who still use the passive aggressive language in their advisories like "$vulnerableVendor would like to thank $researcher for reporting this vulnerability under responsible disclosure." Especially when you see that it was left vulnerable for a year or two before customers were even made available. Seems pretty irresponsible to me when the fix would be pushed sooner with full disclosure, but what do I know?

Microsoft Silently Patched CVE-2025-9491 - We Think Our Patch Provides More Security
https://blog.0patch.com/2025/12/microsoft-silently-patched-cve-2025.html

I've recently stumbled upon an RCE "exploit" for the Serendipity blog software, which I happen to use and have contributed to in the past. From what I can tell, it does nothing interesting (it does not even work due to broken indents, if one fixes that it uploads a PHP shell given existing credentials, but that won't be executed unless you have a server config that executes .inc files). I'm 95% certain this is bogus. Yet... in case anyone wants to have a look: https://github.com/s9y/Serendipity/issues/940

Stealth died 😢 A member of Team-Teso, Phrack staff, and many other groups. A true hacker—perhaps as true as a hacker can ever be. WE MISS YOU. 🩷

More: https://thc.org/404

<stealth> we had joy we had fun we had a rootshell on a sun.

I wrote a blog post on CVE-2025-48593, an issue patched in Android's November Security Bulletin that only affected devices which act as Bluetooth headphones, such as smartwatches, smart glasses, and cars.

I examined the patch and wrote a proof-of-concept:
https://worthdoingbadly.com/bluetooth/

My proof-of-concept is available at https://github.com/zhuowei/blueshrimp; it gets "fault addr 0x4141414141414141" on the Android Automotive emulator... once you accept the pairing request.

When we started work on a network security book a couple of years ago, we reached out to friend and colleague Brad Karp, a professor at University College London who has taught system security and networking classes for many years. The book benefited greatly from his insights, and when we were done, we asked him to write a foreword. He kindly agreed, and he has crystallised what it means to take a systems view to security. Whereas it is common to focus on building blocks such as cryptographic algorithms, it is ultimately the assembly of parts to form a functioning system, and the making of tradeoffs among competing goals, that leads to more secure networks and end systems. So we have published the foreword in this week's newsletter and it makes a good case for why we needed to write this book. https://systemsapproach.org/2025/12/01/foreword-to-network-security-a-systems-approach/

Kernel fuzzing on Mac with syzkaller

Guide to build a VM, add a vulnerable driver and crash it using syzkaller from macOS.

https://slava-moskvin.medium.com/fuzzing-the-kernel-with-syzkaller-part-1-setting-up-on-mac-and-crashing-a-vulnerable-driver-b2a3949ea575

#fuzzing #kernel

https://www.theregister.com/2025/12/01/infosec_news_in_brief/?td=rt-3a

switzerland has chucked microsoft out the window now too

@mainframed767 @defcon https://video.infosec.exchange needs more <3

Security product vulns are maddening but will also never not be funny to me.

Heap-based Buffer Overflow, Out-of-bounds Write vulnerability in Avast Antivirus on MacOS of a crafted Mach-O file may allow Local Execution of Code or Denial of Service of antivirus protection.\nThis issue affects Antivirus: from 15.7 before 3.9.2025.

https://www.cve.org/CVERecord?id=CVE-2025-10101

And another one:

Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast Antivirus on MacOS when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the anitvirus engine process.This issue affects Antivirus: from 8.3.70.94 before 8.3.70.98.

https://www.cve.org/CVERecord?id=CVE-2025-8351

@R41N3RZUF477 the most concerning part of admin protection's design was just that UI Access seemed to not considered part of the boundary. Of the 9 bugs I reported, 5 were basically ways of getting control over a UI Access process and from there full admin. I think if you're going to break app compat anyway you might as well have done something more than UAC with bells on it.

I wasn't imagining things, Administrator Protection has indeed been pulled for now. https://learn.microsoft.com/en-us/windows/security/application-security/application-control/administrator-protection/?tabs=intune#system-requirements

🌍Making #radare2 more portable and accessible to new audiences has been always a priority for us.

At #r2con2025, @AbhiTheModder created a web frontend for #radare2 using the webassembly builds to allow Chromebook students reverse engineer crackmes from the browser!

• Select version of r2
• Create multiple tabs
• Keyboard driven
• Analyze large binaries

This sandboxed environment is ideal for education as well as for malware analysis and the whole toolchain can be used from the commandline with wasmer.

• Try it online https://r2.revengi.in
• HTML radare2 Widget https://radareorg.github.io/r2wasm/index.html
• Source code https://github.com/radareorg/r2web
• Watch the presentation 👇

https://youtu.be/TblF4f91NnA

🎅🎁 Ho ho ho #Telco📡! 5GC Pentest Burp Suite ext under the tree! 🔐🎄 https://github.com/PentHertz/5GC_API_Pentest ✨🎉🚀 #5GSecurity

Petition in Germany to recognize unpaid contribution to free and open source software projects as 'society-beneficial volunteering' (ehrenamt)!

This will give volunteering for e.g. @postmarketOS , @freifunk , @kde , @nextcloud , @Mastodon and other libre projects the same legal status as taking care of an elderly family member or volunteering for a youth association, which provides tax benefits and relaxes requirements for receiving unemployment benefits.

Interested people may sign it using one of the two following links.

The petition in german language: https://www.openpetition.de/petition/online/anerkennung-von-open-source-arbeit-als-ehrenamt-in-deutschland#petition-main

The petition in english language: https://www.openpetition.de/petition/online/recognition-of-work-on-open-source-as-volunteering-in-germany

News article (German): https://www.heise.de/news/Petition-Open-Source-Arbeit-soll-als-Ehrenamt-gelten-11094436.html

News article (English): https://www.heise.de/en/news/Petition-Open-source-work-should-count-as-volunteer-activity-11095357.html

The petition is organized by @webvision.

If you're not a resident of Germany, go ahead and use this thread to organize similar initiatives in your country of residence.

#deutschland #foss #floss #volunteer #ehrenamt #freiwilligkeit #openSource #freeSoftware

@algernon gummy bears! (make you swallow a lot)