Ivanti security advisories: August Security Update
Today, fixes have been released for the following solutions: Ivanti Neurons for ITSM, Ivanti Avalanche and Ivanti Virtual Traffic Manager (vTM).
The concerning CVEs:
"We have no evidence of these vulnerabilities being exploited in the wild. These vulnerabilities do not impact any other Ivanti products or solutions."
See related Bleeping Computer reporting: Ivanti warns of critical vTM auth bypass with public exploit
Palo Alto Networks security advisories:
"Palo Alto Networks is not aware of any malicious exploitation of this issue."
Taylorism is a management philosophy based on using scientific optimization to maximize labor productivity and economic efficiency.
Here's the result of making the false Taylorist assumption that the output of scientific research is scientific papers—the more, faster, and cheaper, the better.
Me to Microsoft: You can avoid a whole class of vulnerability if non-admin users can't create subdirectories off of the root directory. You should fix this.
MS: Nah.
Me: Well, you folks should probably at least run Crassus on your code.
MS: Nah.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38098
Reminder that my book—Rust Atomics and Locks—is freely available online: https://marabos.nl/atomics/ 😊
(If you read it, please leave a review on https://www.goodreads.com/book/show/63291820-rust-atomics-and-locks)
This is cool! https://quic.xargs.org/ [if you’re a security geek.]
Click on a few bubbles.
h/t @nelson
In our writeup https://sector7.computest.nl/post/2024-06-cve-2024-20693-windows-cached-code-signature-manipulation/ about CVE-2024-20693, we noted that Microsoft did not structurally address the trust of "$KERNEL.*" Extended Attributes on SMB shares. Today's Patch Tuesday addresses #CVE-2024-38133, doing the same thing again, but in this case even an USB disk would work!
I think this may be the first time we got an "Exploitation More Likely", so achievement unlocked I guess?
Better late than never, patches from #Microsoft and #Adobe are finally out - and 6 bugs are under active attack. Check out all the details, including some wormable bugs, as @TheDustinChilds breaks down the release. https://www.zerodayinitiative.com/blog/2024/8/13/the-august-2024-security-update-review
Happy Patch Tuesday from Microsoft: 87 vulnerabilities, 7 zero-days (6 exploited)
cc: @campuscodi @briankrebs @mttaggart @deepthoughts10 @cR0w @regnil @bschwifty @arinc629 @Cali @wvu @hrbrmstr @avoidthehack @bieberium @TheDustinChilds @dreadpir8robots (make sure to remove all the mentions to avoid ReplyAll madness)
#Microsoft #zeroday #vulnerability #eitw #proofofconcept #CVE #PatchTuesday
Fortinet security advisories for #PatchTuesday:
No mention of exploitation. CVE-2024-3596 was publicly disclosed 09 July 2024.
Politico, the NYT, the WaPo, and others say they received hacked Trump campaign materials, but gave few details, a marked contrast to Clinton's emails in 2016 (David Bauder/Associated Press)
https://apnews.com/article/trump-vance-leak-media-wikileaks-e30bdccbdd4abc9506735408cdc9bf7b
http://www.techmeme.com/240813/p14#a240813p14