Has anyone else looked at CVE-2024-38063? I could use a sanity check here. From what I can see, the vulnerable code path can only be triggered with IPv6 Jumbograms (packets larger than 65535 bytes). Not only would the target system need to have Jumbograms enabled, but every link in the path between the attacker and target would have to both support Jumbograms and have them enabled. I can't imagine any real world scenario in which this would occur, so unless I'm missing something, this vulnerability could only be exploited on very few real world systems.

Cartoon Network's Website Was Deleted. That Should Scare You All
L: https://slate.com/technology/2024/08/david-zaslav-warner-bros-discovery-culture-deleting-movies-tv-shows.html
C: https://news.ycombinator.com/item?id=41262878
posted on 2024.08.15 at 23:25:16 (c=0, p=5)

When I got started with hardware hacking etc @travisgoodspeed was (and is) one of my heroes.

Now there’s a chapter in his new (awesome) book on a vuln I found. Feels awesome.

Thanks Travis for all your contributions to our community.

Also, you should buy his book!

https://www.usenix.org/conference/usenixsecurity24/presentation/qi System-level emulation and instrumentation is generally slow, but there’s a neat insight into when instrumentation *isn’t* necessary and what basic blocks to not instrument for QEMU-based system-level concolic execution in this work!

Tired of using your own tongue to test 9V batteries???
👅👅👅🔋🔋🔋 ouch!

Honored and humbled to announce my latest product:

MSI motherboards susceptible to code execution & firmware implant - analysis of CVE-2024-36877 https://jjensn.com/at-home-in-your-firmware

Enjoy the old sch00l lulz:
Fuck You Ilfak - A IDA Pro 9.0 Beta 2 macOS x86 Fix Loader

https://github.com/gdbinit/fuckyouilfak

Microsoft fixed CVE-2024-38213 last Tuesday. It was discovered in the wild by ZDI threat hunter @gothburz. Today, he makes the details of the vulnerability and how it's being used by threat actors. https://www.zerodayinitiative.com/blog/2024/8/14/cve-2024-38213-copy2pwn-exploit-evades-windows-web-protections

Two days ago, NIST finalized three post-quantum cryptography standards. Today, we are announcing an open-source Rust implementation of one of these standards, SLH-DSA, now available in RustCrypto! https://blog.trailofbits.com/2024/08/15/we-wrote-the-code-and-the-code-won/

NEW: Every Pixel phone released since 2017 has a hidden Verizon app, "Showcase.apk," with deep system access that has an unpatched flaw. Google's response to the vulnerability caused Palantir to ditch Android altogether. @lhn has the scoop: https://www.wired.com/story/google-android-pixel-showcase-vulnerability/

the most recent hackerone issue was filed because the user googled "[another project] bug bounty program", clicked the first link (to #curl's bug-bounty) and entered an issue about a completely different project...

Long thread ahead about training a classifier of "good/batch matches" for #Diaphora.

So, the whole idea that I have been working on for quite some time already to try to, somehow, improve matching in Diaphora is the following: Train a model to better determine if a pair of functions in two binaries (ie, a match between a function A in binary X, and function B in binary Y) is correct or not.

Did someone already create a tarpit that targets the AI scraping bots?

Just learned that in French cybersecurity threats are called "cybermenace" and I will only be using this term from now on

Mixing watering hole attacks with history leak via CSS https://adepts.of0x.cc/css-history-leaks/

I’m in shock

So the Department of Energy emailed me

https://daniel.haxx.se/blog/2024/08/14/so-the-department-of-energy-emailed-me/

The folks from Xiaomi didn't pick up their Pwnie for Lamest Vendor Response, so we're keeping it safe for them until they decide to come accept it.

Ivanti security advisories: August Security Update
Today, fixes have been released for the following solutions: Ivanti Neurons for ITSM, Ivanti Avalanche and Ivanti Virtual Traffic Manager (vTM).

• Ivanti Neurons for ITSM
• Ivanti Avalanche 6.4.4
• Ivanti Virtual Traffic Manager (vTM )

The concerning CVEs:

• CVE-2024-7569 (9.6 critical) An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM
• CVE-2024-7593 (9.8 critical) authentication bypass in Ivanti vTM (PUBLICLY DISCLOSED)
  • "We are not aware of any customers being exploited by this vulnerability at the time of disclosure. However, a Proof of Concept is publicly available"

"We have no evidence of these vulnerabilities being exploited in the wild. These vulnerabilities do not impact any other Ivanti products or solutions."

See related Bleeping Computer reporting: Ivanti warns of critical vTM auth bypass with public exploit

#CVE #PatchTuesday #Ivanti #vulnerability

Palo Alto Networks security advisories:

• CVE-2024-5914 Cortex XSOAR: Command Injection in CommonScripts Pack (CVSSv4: 7.0 high)
• CVE-2024-5916 PAN-OS: Cleartext Exposure of External System Secrets (CVSSv4: 6.0 medium)
• CVE-2024-5915 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability (CVSSv4: 5.2 medium)
• PAN-SA-2024-0007 Prisma Access Browser: Monthly Vulnerability Updates 31 Chromium CVEs from 6772-6779, 6988-6991, 6994-7001, 7003-7005, 7255-7256, 7533-7536, 7550. These CVEs are fixed in Prisma Access Browser 1.0 (supersedes Talon Browser), and all later Prisma Access Browser versions.

"Palo Alto Networks is not aware of any malicious exploitation of this issue."

#panw #paloaltonetworks #patchtuesday #vulnerability #cve