One day last October, subscribers to an ISP known as Windstream began flooding message boards with reports their routers had suddenly stopped working and remained unresponsive to reboots and all other attempts to revive them.

“The routers now just sit there with a steady red light on the front,” one user wrote, referring to the ActionTec T3200 router models Windstream provided to both them and a next door neighbor. “They won't even respond to a RESET.”

Windstream’s Kinetic broadband service has about 1.6 million subscribers in 18 states, including Iowa, Alabama, Arkansas, Georgia, and Kentucky. For many customers, Kinetic provides an essential link to the outside world. After eventually determining that the routers were permanently unusable, Windstream sent new routers to affected customers.

A report published Thursday by security firm Lumen Technologies’ Black Lotus Labs may shed new light on the incident, which Windstream has yet to explain. Black Lotus Labs researchers said that over a 72-hour period beginning on October 25, malware took out more than 600,000 routers connected to a single autonomous system number belonging to an unnamed ISP.

https://arstechnica.com/security/2024/05/mystery-malware-destroys-600000-routers-from-a-single-isp-during-72-hour-span/

Why is it that security products that have the very important job of securing companies' network borders (SSL VPNs) have webgoat-like levels of security diligence?

CVE-2024-24919 is a Directory traversal.

One of the suggested mitigations was to buy another Check Point security product to protect this Check Point security product.

There is truly no bottom when it comes to these "security" products.
https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/

A shout out to librarians, libraries and library science -- and the practices of care, community and service which make up their democratizing force.

https://buttondown.email/maiht3k/archive/information-access-as-a-public-good/

#AI features I actually need:

If I Ctrl-Z a stupid autocorrect for the 100th time, the editor could be smart enough to disable that correction for me.

But I guess this is just impractical with today's technology...

#AIFeatureRequest

RFC for 700 HTTP Status Codes

https://github.com/joho/7XX-rfc

[RSS] Check Point - Wrong Check Point (CVE-2024-24919) - watchTowr Labs

https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/

[RSS] CVE-2024-22058 Ivanti Landesk LPE - Mantodea Security

https://mantodeasecurity.de/en/2024/05/cve-2024-22058-ivanti-landesk-lpe/

PSA: Before using an LLM to write professional text, consider that current LLM's tend to be overly verbose, meaning that:

a) most of the words of the output will not convey interesting information
b) interesting information may be lost among all the convoluted grammar

If after a few iterations the output looks correct (huge if!), you are in many cases better off writing down a slightly modified version of _the prompt itself_ than the output, as the former likely already contains all the information you want to communicate.

A wise man once said:
Brevity is the soul of wit.

#google #aioverview

https://www.youtube.com/watch?v=6D9vAItORgE

Check Point: Attempted Zero-Day Exploitation: Important Security Update – Stay Protected Against VPN Information Disclosure (CVE-2024-24919)
Check Point warned on Monday 27 May 2024 of attacker attempts to gain unauthorized access to VPN products. They identified login attempts using old VPN local-accounts relying on unrecommended password-only authentication method. Check Point officially disclosed a sensitive information disclosure vulnerability tracked as CVE-2024-24919 (7.5 high):

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

This affects CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, Quantum Spark Appliances versions: R80.20.x, R80.20SP (EOL), R80.40 (EOL), R81, R81.10, R81.10.x, R81.20

View the following fix: Preventative Hotfix for CVE-2024-24919 - Quantum Gateway Information Disclosure

h/t to @serghei and @BleepingComputer for their initial news article. cc: @briankrebs @campuscodi @mttaggart @deepthoughts10 @dangoodin

#zeroday #CVE_2024_24919 #eitw #activeexploitation #VPN #CheckPoint #vulnerability #cve

Got root, what now? Practical post-exploitation steps on an F5 Big-IP appliance, by team members @drm and @myst404

https://offsec.almond.consulting/post-exploiting-f5-BIG-IP.html

I recently went to my YT history to look up a video I watched earlier. What I found was that shorts are spamming my history even if I never watched them but they appeared on my screen as a recommendation.

I guess this is yet another desperate attempt of #AdTech to artificially boost some metrics that can later justify advertising prices.

We've all been laughing at the obvious fails from Google's AI Overviews feature, but there's a serious lesson in there too about how it disrupts the relational nature of information. More in the latest Mystery AI Hype Theater 3000 newsletter:

https://buttondown.email/maiht3k/archive/information-is-relational/

Hacked? Ticketmaster's terrible, horrible, no good, very bad week just got worse:

https://databreaches.net/2024/05/28/hacked-ticketmasters-terrible-horrible-no-good-very-bad-week-just-got-worse/

#databreach #infosec #Ticketmaster

@campuscodi

idk why people say funding OSS is difficult

[RSS] CVE-2024-23108: Back Again! Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive, IOCs, and Exploit

https://www.horizon3.ai/attack-research/disclosures/cve-2024-23108-fortinet-fortisiem-2nd-order-command-injection-deep-dive/

[RSS] Foxit Reader Updater improper certificate validation privilege escalation vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989

This is CVE-2024-29072

@kaoudis

[RSS] Introducing LLM-based harness synthesis for unfuzzed projects (2024.05.27, Blog)

https://blog.oss-fuzz.com/posts/introducing-llm-based-harness-synthesis-for-unfuzzed-projects/

[RSS] Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)

https://www.ambionics.io/blog/iconv-cve-2024-2961-p1