If as it appears likely that 🇪🇺will have to start defending itself against Russia 🇷🇺 alone it may be good to realize our IT systems and society aren’t remotely ready for that. https://berthub.eu/articles/posts/cyber-security-pre-war-reality-check/

Ekoparty 2024 Binary Gecko Challenge 🇦🇷

Complete the challenge to get a ticket to our VIP dinner/party event in Buenos Aires during the conference.

Winners will also get an interview for a Security Researcher position at Binary Gecko.

https://github.com/Binary-Gecko/ekoparty2024_challenge

William Gibson talks about #hacking and #hackers, as well as the dangers of cyberspace, back in 1993.

strcpy can cause a buffer overflow

user finds strcpy in #curl code

user files a CRITICAL security report against #curl for using strcpy in source code. Proof? Well he did grep the code and shows that it does indeed use strcpy...

Never a dull moment.

CISA: CISA Adds Four Known Exploited Vulnerabilities to Catalog
Hot off the press!

• CVE-2024-5910 (9.3 critical) Palo Alto Expedition Missing Authentication Vulnerability
• CVE-2024-43093 (high) Android Framework Privilege Escalation Vulnerability
• CVE-2024-51567 (10.0 critical 🥳) CyberPanel Incorrect Default Permissions Vulnerability
• CVE-2019-16278 (9.8 critical) Nostromo nhttpd Directory Traversal Vulnerability

#cisa #cisakev #kev #vulnerability #CVE #CVE_2024_5910 #CVE_2024_43093 #CVE_2024_51567 #CVE_2019_16278 #infosec #cybersecurity

Cisco multiple security advisories from 06 November 2024:

1. CVE-2024-20418 (10.0 critical 🥳) Cisco Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul Access Point Command Injection Vulnerability
2. CVE-2024-20536 (8.8 high) Cisco Nexus Dashboard Fabric Controller SQL Injection Vulnerability
3. CVE-2024-20484 (7.5 high) Cisco Enterprise Chat and Email Denial of Service Vulnerability
4. CVE-2024-20445 (5.3 medium) Cisco 7800, 8800, and 9800 Series Phones Information Disclosure Vulnerability
5. CVE-2024-20533 and CVE-2024-20534 (4.8 medium) Cisco 6800, 7800, 8800, and 9800 Series Phones with Multiplatform Firmware Stored Cross-Site Scripting Vulnerabilities
6. Cisco Identity Services Engine Vulnerabilities
   • CVE-2024-20476 (4.3 medium) Cisco ISE Authorization Bypass Vulnerability
   • CVE-2024-20487 (4.3 medium) Cisco ISE Stored XSS Vulnerability
7. Cisco Identity Services Engine Vulnerabilities
   • CVE-2024-20525 and CVE-2024-20530 (6.1 medium) Cisco ISE Reflected Cross-Site Scripting Vulnerabilities
   • CVE-2024-20527, CVE-2024-20529, and CVE-2024-20532 (5.5 medium) Cisco ISE Arbitrary File Read and Delete Vulnerabilities
   • CVE-2024-20531 (5.5 medium) Cisco ISE XML External Entity Injection Vulnerability
   • CVE-2024-20528 (3.8 low) Cisco ISE Path Traversal Vulnerability
8. Cisco Identity Services Engine Authorization Bypass and Cross-Site Scripting Vulnerabilities
   • CVE-2024-20537 (6.5 medium) Cisco ISE Authorization Bypass Vulnerability
   • CVE-2024-20538 (6.1 medium) Cisco ISE Cross-Site Scripting Vulnerability
   • CVE-2024-20539 (4.8 medium) Cisco ISE Stored Cross-Site Scripting Vulnerability
9. CVE-2024-20457 (6.5 medium) Cisco Unified Communications Manager IM & Presence Service Information Disclosure Vulnerability
10. CVE-2024-20504 (5.4 medium) Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerability
11. CVE-2024-20514 (5.4 medium) Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability
12. CVE-2024-20511 (6.1 medium) Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
13. CVE-2024-20507 (4.3 medium) Cisco Meeting Management Information Disclosure Vulnerability
14. CVE-2024-20540 (5.4 medium) Cisco Unified Contact Center Management Portal Stored Cross-Site Scripting Vulnerability
15. CVE-2024-20371 (5.3 medium) Cisco Nexus 3550-F Switches Access Control List Programming Vulnerability

The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

#cisco #vulnerability #cve #patchtuesday

The #BHASIA Call for Papers closes on November 13! This year I am on the review committee and I am so thrilled to be checking all the cool tools! Submit your proposal >> bit.ly/3TBThxZ

🔐 CVE-2024-50340: Ability to change environment from query
➡️ https://symfony.com/blog/cve-2024-50340-ability-to-change-environment-from-query
#symfony

"The moment of discovery" does not always exist: the scientist's work is too tenuous, too divided, for the certainty of success to crackle out suddenly in the midst of his laborious toil like a stroke of lightening, dazzling him by its fire.

Marie Curie was born #OTD in 1867.

#physics #WomenInSTEM

Today is World Digital Preservation Day - time for my annual reminder that digitisation is not digital preservation. Whether a digital photograph is born-digital or a digitised copy of a physical object, it requires continued care to be made accessible over time. Digitisation needs digital preservation #WDPD2024

> Euler’s work touched upon so many fields that he is often the earliest written reference on a given matter. In an effort to avoid naming everything after Euler, some discoveries and theorems are attributed to the first person to have proved them after Euler.

https://en.wikipedia.org/wiki/List_of_things_named_after_Leonhard_Euler

#euler #til

In 2009, 3 years before starting with #radare2 I wrote an article for the #Phrack messing around with r1, still fun to read and see how command syntax didnt changed much in 15 years https://phrack.org/issues/66/14.html