Use less javascript

Don't you miss the golden era of SQL Injections?

Here Mathieu Farrell (@coiffeur0x90) explains how to feel the thrill again with the aid of Apache Superset, XML and a bit of parsing tickery:

"Bypass Apache Superset restrictions to perform SQL Injections"

https://blog.quarkslab.com/bypass-apache-superset-restrictions-to-perform-sql-injections.html

New Project Zero issue:

Linux: fuse_notify_store() marks page uptodate while leaving beyond-EOF parts uninitialized

https://project-zero.issues.chromium.org/issues/42451729

CVE-2024-44947

New Project Zero issue:

adsprpc: refcount leak leading to UAF in fastrpc_get_process_gids

https://project-zero.issues.chromium.org/issues/42451711

CVE-2024-38402

A step-by-step guide to writing an #iOS #kernel #exploit -< short and to the point!

// by @alfiecg_dev

https://alfiecg.uk/2024/09/24/Kernel-exploit.html
https://github.com/alfiecg24/Vertex

SonicWall security advisory: SonicWall SSL-VPN SMA1000 and Connect Tunnel Windows Client Affected By Multiple Vulnerabilities

• CVE-2024-45315 (6.1 medium) SonicWALL SMA1000 Connect Tunnel Windows Client Link Following Denial-of-Service Vulnerability
• CVE-2024-45316 (7.8 high) SonicWALL SMA1000 Connect Tunnel Windows Client Link Following Local Privilege Escalation Vulnerability
• CVE-2024-45317 (7.2 high) Unauthenticated SMA1000 12.4.x Server-Side Request Forgery (SSRF) Vulnerability

There is no evidence that these vulnerabilities are being exploited in the wild and SonicWall SSL VPN SMA 100 series products are not affected by these vulnerabilities. Affected products are SMA1000 Connect Tunnel Windows (32 and 64-bit) Client 12.4.3.271 and earlier versions, SMA1000 Appliance firmware 12.4.3-02676 and earlier versions (Note: This vulnerability does not affect Connect Tunnel Linux and Mac client versions.) Vulnerabilities are patched in SMA1000 Connect Tunnel Windows (32 and 64-bit) Client 12.4.3.281 version and higher, along with SMA1000 Platform Hotfix - 12.4.3-02758. SonicWall strongly advises SSLVPN SMA 1000 series product and Connect Tunnel client users to upgrade to the mentioned fixed-release version.

#sonicwall #vulnerability #sslvpn #cve

Dark-mode has arrived to Function-Graph-Overview!

Version 0.0.9 now supports dark-mode and custom color schemes.

https://marketplace.visualstudio.com/items?itemName=tamir-bahar.function-graph-overview

And the demo now includes a scheme-making tool.

https://tmr232.github.io/function-graph-overview/

#FunctionGraphOverview

It’s been twelve years since I cleverly combined #CybersecurityAwarenessMonth with #BreastCancer awareness month by being diagnosed with stage 2B breast cancer. After a year of scorched-earth treatment, I went into remission, where I’ve been ever since.

Breast-having mammals reading this, please check yourself regularly; it’s how I found mine. Be careful out there.

SEC Consult SA-20241009-0 :: Local Privilege Escalation via MSI installer in Palo Alto Networks GlobalProtect (CVE-2024-9473)

https://seclists.org/fulldisclosure/2024/Oct/2

Palo Alto in 2018:
CVE-2018-10143 - Oops. We'd better fix the "path" parameter for convertCSVtoParquet.php

Palo Alto in 2024:
CVE-2024-9463 - Oops. We'd better fix the "ram" parameter for convertCSVtoParquet.php

Can someone get this thing to work? Is there any other option to spot gaps in padded fields on structs in C programs? https://github.com/arvidn/struct_layout

Mozilla is looking for a Staff Software Engineer (remote US/EU/CA ✨) working on sandboxing, hardening, crash-reporting, performance and integration with native widgets **on Linux**. As a staff-level position this will require strong technical and people skills, experience in C++ on Linux or Android. The team is distributed and amazing. Ask me in DM if you have any questions about Mozilla (I am *not* the hiring manager). Please apply at https://grnh.se/2c3dc0111us

a fedi instance just for people's pets

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. Update your Firefox ASAP https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ #infosec #security

"You're one of 31,081,179 people pwned in the Internet Archive data breach"

Somehow I didn't feel the same sense of pride with LinkedIn :)

The Reverse Engineering community has spoken. #Diaphora will be ported to #Ghidra in the next months. I would love to have it working properly by the end of the year, but I cannot be sure. So, no ETA for now.

Wow, Specter bypassed XOM and broke the PS5 hypervisor. Awesome work.

"Byepervisor: How We Broke the PS5 Hypervisor".

#ps5 #xom #hypervisor #byepervisor

https://hardwear.io/netherlands-2024/speakers/specter.php

I remember hackers breaking in to CALEA lawful intercept boxes to spy on each other over 20+ years ago..

IIRC They were default SunOS servers connected direct to internet, no patches or updates applied over the years. Once you mapped them you could wait for a known vulnerability and visit them again.

It’s always been terrible, and always been known. I want it to be taken seriously.

Edit: It may be closer to 30 years than 20, but “a long time ago”

Internet Archive hacked, data breach impacts 31 million users

https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/

As an IA user and donor I'm kind of glad this happened: passwords are properly hashed (bcrypt), there is a chance to improve security.

But anyone who decided they should hack IA of all things can (as we say around here) go and shit out a hedgehog.

Republicans,
Democrats,
Third party voters

People driven by totally incompatible political and religious ideologies,

Pineapple on pizza people,

People who hate pineapple on pizza and are incorrect,

🤜🏻🤛🏾 hating whomever hacked the Internet Archive