Cisco security advisories:

1. Cisco UCS B-Series, Managed C-Series, and X-Series Servers Redfish API Command Injection Vulnerability CVE-2024-20365 (6.5 medium)
2. Cisco Small Business RV042, RV042G, RV320, and RV325 Routers Denial of Service and Remote Code Execution Vulnerabilities
   • CVE-2024-20516, CVE-2024-20517, CVE-2024-20522, CVE-2024-20523 and CVE-2024-20524 (6.8 medium) Cisco Small Business RV042, RV042G, RV320, and RV325 Denial of Service Vulnerabilities
   • CVE-2024-20518, CVE-2024-20519, CVE-2024-20520 and CVE-2024-20521 (6.5 medium) Cisco Small Business RV042, RV042G, RV320, and RV325 Remote Command Execution Vulnerabilities
3. Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation and Remote Command Execution Vulnerabilities CVE-2024-20393 (8.8 high) CVE-2024-20470 (4.7 medium)
4. Cisco Nexus Dashboard Orchestrator SSL/TLS Certificate Validation Vulnerability CVE-2024-20385 (5.9 medium)
5. Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerabilities
   • CVE-2024-20438 (6.3 medium) Cisco NDFC Unauthorized REST API Endpoints Vulnerability
   • CVE-2024-20441 (5.7 medium) Cisco NDFC Unauthorized REST API Endpoint Vulnerability
   • CVE-2024-20442 (5.4 medium) Cisco Nexus Dashboard Unauthorized REST API Endpoints Vulnerability
   • CVE-2024-20477 (5.4 medium) Cisco NDFC Unauthorized REST API Endpoint Vulnerability
6. Cisco Nexus Dashboard Hosted Services Information Disclosure Vulnerabilities CVE-2024-20490 and CVE-2024-20491 both 6.3 medium
7. Cisco Nexus Dashboard Fabric Controller REST API Command Injection Vulnerability CVE-2024-20444 (5.5 medium)
8. Cisco Nexus Dashboard Fabric Controller Remote Code Execution Vulnerability CVE-2024-20449 (8.8 high)
9. Cisco Nexus Dashboard Fabric Controller Arbitrary Command Execution Vulnerability CVE-2024-20432 (9.9 critical) 🥵
10. Cisco Nexus Dashboard Fabric Controller Configuration Backup Information Disclosure Vulnerability CVE-2024-20448 (6.3 medium)
11. Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Session Takeover and Denial of Service Vulnerability CVE-2024-20509 (5.8 medium)
12. Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Denial of Service Vulnerabilities
    • CVE-2024-20498, CVE-2024-20499, CVE-2024-20501 (8.6 high) Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN DoS Vulnerability
    • CVE-2024-20500 (5.8 medium) Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN DoS Vulnerability
    • CVE-2024-20502 (5.8 medium) Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN DoS Vulnerability
    • CVE-2024-20513 (5.8 medium) Cisco Meraki MX and Z Series Teleworker Gateway AnyConnect VPN Targeted DoS Vulnerability
13. Cisco Identity Services Engine Information Disclosure Vulnerability CVE-2024-20515 (6.5 medium)
14. Cisco Expressway Series Privilege Escalation Vulnerability CVE-2024-20492 (6.0 medium)

At a glance no mention of exploitation:

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
Neither the Cisco Product Security Incident Response Team (PSIRT) nor the Cisco Meraki Incident Response Team is aware of any malicious use of the vulnerabilities that are described in this advisory.

#cisco #PatchTuesday #vulnerability #meraki #cve

Okay, after reading this email, I can shut down my computer and change jobs:
'Dear colleague, the fact that our software does not function after 24 hours is perfectly expected. It depends on many dependencies, and we do not have complete control over all of them. For this reason, we suggest, as a standard practice, a service restart every 12 hours. This will ensure everything functions correctly.
And as a general recommendation, we always suggest restarting all services (if you are using Docker) or the entire server (if you are using a traditional setup) every 3 days, as systems tend to get bogged down over time and need to be optimized.'

#NoComment #IT #SysAdmin

Google has lost their collective minds.

It's time to name and shame as Eviden, a supposed "next-gen technology leader in data-driven, trusted and sustainable digital transformation" decided to sit on a CVSSv3.1 perfect 10.0 critical vulnerability 🥳 (cc: @cR0w) in Atos Eviden iCare tracked as CVE-2024-42017 for a full year. The CVE was assigned 30 September but this has been known since at least 07 February 2024 (they drafted up a security bulletin on 13 November 2023). The end result? "Given the obsolescence of the product, it was decided not to patch the vulnerabilities..."

In the worst-case scenario, if the application is remotely accessible, it allows an attacker to execute arbitrary commands with system privilege on the endpoint hosting the application, without any authentication.

I think the worst case scenario is using Eviden products. What exactly is iCare? "This product is an administrative tool to manage the hardware of several servers of the Bullion S and BullSequana S family. Its goal is to ease firmware patching and server sensors monitoring."

#vulnerability #CVE

If you're wondering how things are going with the famous #DRM'd Polish trains, well, their manufacturer – #Newag – sued the hackers who had un-blocked them:
https://rys.io/en/175.html

But weirdly, after months of implying and suggesting that the locking code was added to the software by the hackers themselves, in the lawsuit the company now insists they did not in fact modify the software installed on the trains.

Why? Because that would not mesh well with the copyright infringement claim. 🤡

1/🧵

Looks like Hungary will bring the CSAM reg (“chat control”) — a plan to mass-scan all private messages — back for another vote in the EU Council this Wednesday and Thursday. They’ve picked up support from Italy this time.

https://docs.qualcomm.com/product/publicresources/securitybulletin/october-2024-bulletin.html#_cve-2024-43047 another one bites the dust

[RSS] From Pwn2Own Automotive: More Autel Maxicharger Vulnerabilities

https://www.thezdi.com/blog/2024/10/2/from-pwn2own-automotive-more-autel-maxicharger-vulnerabilities

Maybe it's just me, but that is like 10x worse. They're basically admitting they didn't pay an influencer to spread misinformation about public wifi in order to sell VPN products, they just stole her likeness, used her photo, and attributed completely made up quote to her.

If they did that to me, we'd all be discussing my actions at Geneva's next convention.

Seems #Supermicro has not yet released some updated BMC firmware to fix #CVE-2024-36435
since July 2024.
https://nvd.nist.gov/vuln/detail/CVE-2024-36435

Points were made...

[RSS] Streaming vulnerabilities from Windows Kernel - Proxying to Kernel - Part II

https://devco.re/blog/2024/10/05/streaming-vulnerabilities-from-windows-kernel-proxying-to-kernel-part2-en/

"- If I were to say to you, 'I am a stranger traveling from the East, seeking that which is lost'...
- Then I would reply that, 'I am a stranger traveling from the West, it is I whom you seek.'"

https://mummy.fandom.com/wiki/Medjai

Is there a technical term for similar "identifier phrases"?

I'm looking for ways for mutual authentication for humans, e.g. over the phone.

Why I don't write exploits*: https://addisoncrump.info/important-information/why-i-dont-write-exploits/

In which I describe why I avoid writing exploits at all costs.

#testing #defense #vulnerability #academia #research

The rise of Mastodon has made me so much more aware of government services requiring us to use private companies’ systems to communicate with them and access services.

Sitting on a Dutch train just now I was shown on a screen “feeling unsafe in the train? Contact us via WhatsApp”.

What if I don’t use WhatsApp? (I do, but I wish I didn’t have to) I’m forced to share my data with Meta to use it.

Public systems should not require use of private services.

#NS #Netherlands #FOSS #privacy

While trying to properly document Meta's use of public content for LLM training, I discovered they have a new "Privacy Center" that is not plaintext by any means. What's more, the "printable version" does not appear to contain the information related to using your public posts for training data.

Direct link: https://privacycenter.instagram.com/guide/generative-ai/

Good Retry, Bad Retry: an incident story. How exponential backoff isn't enough.

https://medium.com/yandex/good-retry-bad-retry-an-incident-story-648072d3cee6

Archive link: https://archive.ph/H3dIq

Wrote about representation of control flow and exceptions in the CFGs in my function-graph-overview extension.

https://tamir.dev/posts/cfg-visualization-legend/

OK, so I have 'prepped' the Seat61 Budapest<>Belgrade page for the launch of direct 200km/h Subotica-Belgrade SOKO trains on 24 November, https://seat61.com/trains-and-routes/budapest-to-belgrade-by-train.htm
Anyone happen to know the planned timetable?