watchTowr: Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024
Reference: CVE-2024-23113 (9.8 critical, disclosed 08 February 2024 by Fortinet, added to CISA KEV Catalog 09 October 2024) Fortinet Multiple Products Format String Vulnerability

I personally love the snark that watchTowr brings to the infosec community. If you didn't already grasp it from all the memes, you'll understand once you start reading this blog post. watchTowr covers locating the vulnerability CVE-2024-23113 and finding the root cause. I know the term rabbit hole is used often, but in this case, each vulnerable/patched version of their firmware provides different behavior to exploitation attempts and these are explained. No one's safe from watchTowr: they even include a dis for Check Point:

I mean, it's one up from Checkpoint's 'buy another Checkpoint device to put infront of your vulnerable Checkpoint device'

#CVE_2024_23113 #fortinet #vulnerability #eitw #vulnerabilityanalysis #cybersecurity #infosec #cve #activeexploitation #kev

Kagi's Snaps allows you to easily limit search results to a specific website by using the @ symbol followed by a short code for the site and then your search query🪄

More on how to use and contribute to Snaps: https://help.kagi.com/kagi/features/snaps.html

#Kagi #Search #AdFree

[RSS] Using the 555 for Everything

https://hackaday.com/2024/10/14/using-the-555-for-everything/

Huh.... Turns out electricity is a little bit spicier in Ireland. Lesson learned. Setup for #Pwn2Own Ireland continues...

[RSS] RGFuzz: Rule-Guided Fuzzer for WebAssembly Runtimes

https://kaist-hacking.github.io/publication/park-rgfuzz/

There's something specifically and deeply evil about making kids watch ads for extra stuff in games.

The @internetarchive’s Wayback Machine resumed in a provisional, read-only manner.

Sorry, no Save Page Now yet.

Safe to resume but might need further maintenance, in which case it will be suspended again.

Please be gentle https://web.archive.org

More as it happens.

[RSS] Casio says ransomware attack exposed info of employees, customers and business partners

https://therecord.media/casio-ransomware-attack-exposed-emplyee-customer-data

First the IA, now Casio - nothing is sacred for these punks!

What is the longest sentence you can form from names of programming languages?

(Bonus points for not using the Esolang wiki)

Painted by a homeless man: https://streetartutopia.com/2024/10/13/painted-by-a-homeless-man/

Doing my weekly update of TeXLive, I spotted this as a new feature. Just what I want—SQL injection in document source…

Writing things down isn't just good science; it's the ultimate kink. 😝

the zendesk hack, for anyone interested

https://gist.github.com/hackermondev/68ec8ed145fcee49d2f5e2b9d2cf2e52

The current chaos in WordPress caused by Matt seems like a good time to remind folks that the Mastodon “community” websites and trademarks are 100% owned by one man, despite pleas from current and former project members to make Mastodon a foundation with a board.

gm fedi

I decided to document this weekend's debugging adventure

#rpg #therapy

[RSS] Every bug/quirk of the Windows resource compiler (rc.exe), probably

https://www.ryanliptak.com/blog/every-rc-exe-bug-quirk-probably/

[RSS] Finding a Heap Buffer Overflow in the ASAM MDF Library Used in ADAS Systems with AFL++

https://g0ku704.github.io/2024/08/13/mdf4_parser_vuln_CVE-2024-41445.html

CVE-2024-41445 #fuzzing

I’m glad we wrote that paper. However LLMs “still lack basic reasoning skills” makes me cringe.

Information theory tells me that because an LLM is a finite set that is not able to grow itself, once it is trained has a finite capability. And that capability is driven by statistics and numbers.

intuitively (to me at least) if you present an LLM with a prompt that’s weird enough it will “hallucinate” answers because it has no critical thinking, it’s just a big probability machine that tries to find the most likely answer to your question. As a result, present an LLM with a chess problem brain teaser unique setup, chances is the LLM will make up rules because what it trained against isn’t chess rules but “in general chess problems end with a checkmate” and it will interpolate the movements from where you are to a checkmate.
https://mastodon.social/@appleinsider/113295305642702643

Oh yes we have our new “you wouldn’t download a car”