National Health Service England (NHS): Possible Exploitation of Arcserve Unified Data Protection (UDP) Vulnerabilities
NHS England reports possible N-day exploitation attempts of Arcserve UDP following the release of proofs of concepts for 3 vulnerabilities:

• CVE-2024-0799 (9.8 critical) authentication bypass
• CVE-2024-0800 (8.8 high) path traversal vulnerability leads to arbitrary file upload
• CVE-2024-0801 (CVSS score pending) Denial-of-Service (DoS)

Tenable released proofs of concept: Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities

Based on the timeline, active exploitation occurred during an unpatched window of 8 days (13-20 March 2024)

cc: @campuscodi

#CVE_2024_0799 #CVE_2024_0800 #CVE_2024_0801 #Arcserve #eitw #activeexploitation

"Writing has been called the process by which you find out you don't know what you are talking about. Actually doing stuff meanwhile is the process by which you find out you also did not know what you were writing about." - from https://berthub.eu/articles/posts/a-2024-plea-for-lean-software/#trifecta

Fuck.

Hi friends,

The http://alt-text.org alt text library project needs a new leader, because I have brain cancer.

I would like to connect with the #accessibility dev community, something I have never figured out, probably in part for neurodivergence reasons. I want to hand the project off to a team or a leader if anyone is willing to take it over.

Github: https://github.com/alt-text-org
WIP MVP: a site designed for writing alt text with a private library: https://my.alt-text.org

Boosts appreciated

Microsoft PlayReady research by Security Explorations:

https://security-explorations.com/microsoft-playready.html

"We have come up with two attack scenarios that make it possible to
extract private ECC keys used by a PlayReady client (Windows SW DRM
scenario) for the communication with a license server and identity
purposes."

https://security-explorations.com/samples/wbpmp_id_compromise_proof.txt

I just got an AV alert from Defender, because gpupdate wanted to disable it (as I configured on my DC).

This wouldn't be as frustrating if Defender didn't kill all my performance by constantly scraping disks...

[RSS] Debugging WinDbg with Binary Ninja For Fun and Profit

https://binary.ninja/2024/05/02/debugging-windbg.html

[RSS] Pinball Fantasies DOS version reverse-engineering/porting project

https://donotsta.re/notice/AhTxZcoU2xkL7eQaky

New assessment for topic: CVE-2024-4215

Topic description: "pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability ..."

"pgAdmin is vulnerable to a multi-factor authentication bypass ([CWE-287](https://cwe.mitre.org/data/definitions/287.html)) whereby an attacker with knowledge of an account’s credentials can manage files and make SQL queries regardless of whether or not the account has been configured with MFA ..."

Link: https://attackerkb.com/assessments/40f2eb9e-ea23-4efe-8af8-87efff9250d7

New assessment for topic: CVE-2024-2044

Topic description: "pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code ..."

"pgAdmin versions <=8.3 are vulnerable to a path traversal vulnerability in the session handling logic ..."

Link: https://attackerkb.com/assessments/010cd2a6-6916-4678-a313-7fe079646dfc

went down to the hotel lobby to retrieve my dinner delivery in a yoga outfit + snuggly cardigan + face mask.

some men with #RSAC2024 lanyards exited the elevator as I re-entered; they turned back to look at me and one said (very loudly, very pointedly staring at me) to the other, “I was like, did you hire me a hooker?”

if you are a man attending #rsac, please shut that kind of shit down when your peers do it. let’s not let insecurity rule our #security industry.

This latest writeup by @joern mentions the #documentation of Go’s filepath.Clean is “not really obvious” when dealing with relative paths.

I think this is something all #golang devs should be aware of to avoid similar vulnerabilities.

The language is kind of amazing:

• Step 3. only applies if there is a parent path to be eliminated together with the subsequent “..” (“/foo/..” -> “/“)
• Step 4. only applies to “rooted” (absolute) paths, so “/../foo” would become “/foo”, but “../“ is left untouched (as there is no relative parent path to eliminate either).

This makes the docs technically correct (“the best kind of correct!”), but even with the solution at hand it took some head scratching to figure out the true meaning.

[RSS] File-write on Gitlab via YAML parser differential

https://gitlab-com.gitlab.io/gl-security/security-tech-notes/security-research-tech-notes/devfile/

Is there a browser on this planet that doesn't ask you 28 stupid questions before allowing you to actually browse?

[oss-security] CVE-2023-49606, CVE-2023-40533: memory safety vulnerabilities in tinyproxy <=1.11.1

"Talos claims to have contacted them in December 2023, but according to the developer there was no contact before the above advisories were released. The developer also disputes the veracity of CVE-2023-40533." - Weird, esp. considering @TalosSecurity has plenty of experience with vulnerability reporting...

https://www.openwall.com/lists/oss-security/2024/05/07/1

It was a pleasure to work with @RIOT_OS maintainers to contribute in making their RTOS more secure! https://infosec.exchange/@hnsec/112398919861504786

The way sentences containing the German character ß get longer when uppercased was specially designed to create memory problems in C programs doing string handling

[RSS] Dive Deeper into Game Reverse Engineering with Packet Ripper, a Specialist Packet Logger

https://packetripper.live/

finally made an "AI" category (https://www.web3isgoinggreat.com/?collection=ai) for @web3isgreat to capture all the disasters pertaining to AI-powered cryptocurrencies and cryptocurrency-powered AI

Is it just me of the reliability (as in "shit works as intended") of #BloodHoundAD fell into a gravity well?