Confirmed! In the penultimate attempt of Day 2, @daankeuper, @xnyhps, and @notkmhn from @sector7_nl combined 4 bugs, including a command injection and a path traversal to going from the QNAP QHora-322 to the TrueNAS Mini X. They earn $25,000 and 10 Master of Pwn points. #Pwn2Own

[RSS] Pluralistic: You should be using an RSS reader (16 Oct 2024)

https://pluralistic.net/2024/10/16/keep-it-really-simple-stupid/

Unfortunately, the Viettel Cyber Security (@vcslab) could not get their exploit of the Ubiquiti AI Bullet working within the time allotted.

CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Hot off the press!

• CVE-2024-37383 (6.1 medium( RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability
• CVE-2024-20481 (5.8 medium) Cisco ASA and FTD Denial-of-Service Vulnerability

#cisa #kev #cve #zeroday #vulnerability #eitw #activeexploitation

An idea I recently heard on a parenting podcast really resonated with me. Tech has created a generation of people used to instant gratification.

Hungry? Open an app. Want to listen to music? Open an app. Bored? Open an app.

However a lot of needs in life can’t be gratified instantly and we now have many people, both adults and kids, who simply don’t know how to handle that. We now have entire subcultures whose main dysfunction is they can’t just get what they want without work and they’re mad.

[RSS] LibRaw: Out of bounds write in LibRaw::pana_data

https://github.com/google/security-research/security/advisories/GHSA-3m8c-vvxw-r44w

[RSS] LibRaw: Uninitialized memory disclosure via LibRaw_buffer_datastream::read

https://github.com/google/security-research/security/advisories/GHSA-cmhf-chvw-6c7j

<3 these :)

[RSS] DTLS ClientHello Race Conditions In WebRTC Implementations

https://packetstormsecurity.com/files/182303/webrtc-hello-race-conditions-paper.pdf

After I refused a bribe to remove a @web3isgreat post about alleged crypto pyramid scheme co-founder Roman Ziemian, I’ve now received a fraudulent copyright claim aimed at forcing me to take it down

OH: "We had a problem. We thought we'd solve it with the cloud. Now we have a horizontally scalable set of problems."

Anyone remembers that research about using compromised AV/EDR management consoles as C2 servers?

I remember someone was working on it but I don't remember seeing it released.

The Irish Data Protection Commission fines LinkedIn €310M over using personal data for behavioral analysis and targeted ads under GDPR, after a 2018 complaint (Ian Curran/The Irish Times)

https://www.irishtimes.com/business/2024/10/24/microsoft-owned-linkedin-fined-310m-by-irish-data-protection-commission/
http://www.techmeme.com/241024/p13#a241024p13

Our first collision of Day Three: the group from STEALIEN Inc. successfully popped the Lorex camera, but the bug they used had already been demonstrated in the contest. They still earn $3,750 and 1.5 Master of Pwn points. #Pwn2Own #P2OIreland

Unfortunately, Sina Kheirkhah (@SinSinology) and Enrique Castillo (@hyprdude) of Summoning Team (@SummoningTeam) could not get their exploit of the Ubiquiti AI Bullet working within the time allotted.

Exception Junction - Where All Exceptions Meet Their Handler

https://bruteratel.com/research/2024/10/20/Exception-Junction/

"to understand why the ‘ntdll!NtProtectVirtualMemory’ is being called, I decided to reverse the entirety of the ntdll!RtlAddVectoredExceptionHandler’ API call"

#Windows #ReverseEngineering

We're ready for Day Three of #Pwn2Own Ireland! We’ve already awarded $874,875, & we have 15 attempts left to go. Will we hit the $1,000,000 mark or will all remaining attempts end up in bug collisions? Follow along with the results here and on our blog: https://www.zerodayinitiative.com/blog/2024/10/24/pwn2own-ireland-2024-day-three-results

[RSS] Windows User Space Emulator

https://github.com/momo5502/emulator

[RSS] Multiple vulnerabilities in the Realtek card reader driver. Affects Dell, Lenovo, etc

https://zwclose.github.io/2024/10/14/rtsper1.html

"CVE-2022-25476 wasn%27t fully patched until the July-August fix, which also addressed CVE-2024-40431 and CVE-2024-40432"

One of our final attempts of Day 2 ends in a collision. The InfoSect (@infosectcbr) group successfully got a shell on the Lorex camera, but they used a bug previously seen in the contest. They still earn $3,750 and 1.5 Master of Pwn points. #Pwn2Own #P2OIrelandv

❗ Fortinet has issued an advisory for FortiManager confirming CVE-2024-47575 is being actively exploited in the wild. This extremely critical vulnerability has a CVSS score of 9.8.

⚠️ This vulnerability can enable RCE upon connecting to a FortiManager instance with a valid Fortinet device certificate and could lead to total compromise of the vulnerable system.

⏱️ Shoutout to @rk for the quick work on this Rapid Response!

👉 Launch runZero now to pinpoint assets that could be affected -- no rescanning or credentials required:

https://www.runzero.com/blog/how-to-find-fortimanager-instances-on-your-network/