New vulnerability report from Talos:

Veertu Anka Build registry log files directory traversal vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2061

CVE-2024-41922

New vulnerability report from Talos:

GNOME Project G Structured File Library (libgsf) Compound Document Binary File Directory integer overflow vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068

CVE-2024-36474

New vulnerability report from Talos:

GNOME Project G Structured File Library (libgsf) Compound Document Binary File Sector Allocation Table integer overflow vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2069

CVE-2024-42415

[RSS] Pwning LLaMA.cpp RPC Server with CVE-2024-42478 and CVE-2024-42479

https://pwner.gg/2024/10/03/llama-cpp-cves/

Just published a deep dive on how we have made it possible to debug the kernel with drgn, without installing any debuginfo packages, on Oracle Linux.

This is a really cool feature that we're in the middle of upstreaming, so it's not quite present in drgn's main branch. However the article has links to all the relevant code, PRs, and issues, so you can see the process in real time, and learn how to get it working on other kernels/distros.

https://blogs.oracle.com/linux/post/introducing-ctf-support-in-drgn-for-oracle-linux

[RSS] How can I detect whether the user is running as an elevated administrator (as opposed to a natural administrator)?

https://devblogs.microsoft.com/oldnewthing/20241003-00/?p=110336

#Hacking is not just #OldSchool tooling and techniques. Modern #MobileApps are a fun target for #ReverseEngineers and #Pentesters alike. A fundamental tool to properly hack mobile apps is @fridadotre by @oleavr.

We continue our tour of my @github projects with my humble contributions to this field:
https://github.com/0xdea/frida-scripts

For a well-maintained project that includes some of my #Frida scripts, check out #Brida by @apps3c and Piergiovanni Cipolloni:
https://github.com/federicodotta/Brida

And even after many years, if you search for well-crafted Frida scripts to bypass certificate pinning or root detection, there’s a very good chance that you’ll stumble upon the work of some of my colleagues… Very proud of my team at @hnsec!

New Project Zero issue:

UAF race of global maps in fastrpc_mmap_create (and epilogue functions) cause memory corruption

https://project-zero.issues.chromium.org/issues/42451715

CVE-2024-33060

New Project Zero issue:

Incorrect searching algorithm in fastrpc_mmap_find leads to kernel address space info leak

https://project-zero.issues.chromium.org/issues/42451713

CVE-2024-33060

New Project Zero issue:

Double-free (or UAF) race in possibly unused qrtr_bpf_filter_detach

https://project-zero.issues.chromium.org/issues/42451712

CVE-2024-38401

https://googleprojectzero.blogspot.com/2024/10/effective-fuzzing-dav1d-case-study.html Finally have my public post up on the bug I found in dav1d last year.

[RSS] A function for creating an absolute security descriptor from a self-relative one

https://devblogs.microsoft.com/oldnewthing/20241002-00/?p=110333

"Best email money can buy" product Zimbra has an embarrassingly bad vulnerability: CVE-2024-45519

The vulnerable code appends the attacker-provided email address to a command line and then runs it with popen() (which uses a shell). Guess what happens when the email address has a backticks, a semicolon, $(), etc?

What year is this?

Luckily the attack vector to get there (postjournal) isn't enabled by default, as there are exploitation attempts occurring in the wild:
https://infosec.exchange/@justicerage/113231837285277188

https://blog.projectdiscovery.io/zimbra-remote-code-execution/

[RSS] Class Pollution in Ruby: A Deep Dive into Exploiting Recursive Merges

https://blog.doyensec.com/2024/10/02/class-pollution-ruby.html

As I am seeing some Medium links in my timeline today, and Medium is pretty annoying (pop-overs and all). So reminder that you can just replace:

> medium.com

…with:

> scribe.rip

In any Medium link and get a wonderful simple unobtrusive reading experience instead.

#Medium #ScribeRip #AlternativeFrontends

The Cryptodifference Engine: An in-depth look at differential fuzzing for harvesting crypto bugs, by Célian Glénaz

https://blog.quarkslab.com/differential-fuzzing-for-cryptography.html

To get rich in a gold rush, sell shovels.

https://www.sonarsource.com/lp/solutions/ai-assurance-codefix/

Matt Levine brought to my attention this insider trading case involving a dude who hacked into company computer systems to get nonpublic info and then traded on it.
https://www.sec.gov/enforcement-litigation/litigation-releases/lr-26141

What's funny to me is the application of insider trading law to computer hacking.

I’ve been offered free credit monitoring at least 6 times in the last few years (still using my OPM one). How many breaches does it take before we prioritize real cybersecurity over cleanup offers? What's your free credit monitoring number?

Current #curl bug-bounty stats (since April 2019).

Reports: 475
Confirmed security issues: 73 (15%)
Identified bugs (but not security problems): 92 (19%)
Invalid: 310 (65%)