[RSS] Hacking Barcodes for Fun & Profit...

https://blog.mantrainfosec.com/blog/16/hacking-barcodes-for-fun-profit

Old friend hacking Hungarian bottle recycling machines :) #DRS

Remote Code Execution with Spring Properties
https://srcincite.io/blog/2024/11/25/remote-code-execution-with-spring-properties.html

#frombsky

CFP window ends this friday! We have ~50 submissions so far -- competitive but not so busy that a high quality talk can't rise to the top, make sure to get your submission in soon.

https://sessionize.com/re-verse

Microsoft: "we had one #PatchTuesday yes, but what about second Patch Tuesday?"

• CVE-2024-49053 (7.6 high) Microsoft Dynamics 365 Sales Spoofing Vulnerability
• CVE-2024-49035 (8.7 high) Partner.Microsoft.Com Elevation of Privilege Vulnerability (EXPLOITATION DETECTED FLAG)
• CVE-2024-49038 (9.3 critical) Microsoft Copilot Studio Elevation Of Privilege Vulnerability
• CVE-2024-49052 (8.2 high) Microsoft Azure PolicyWatch Elevation of Privilege Vulnerability

Only CVE-2024-49053 has any substantial information in their FAQ section. CVE-2024-49035 is "not exploited" but "exploitation detected" 🤔 (analyst comment: likely a gaffe). The rest are Not Exploited, Not Publicly Disclosed, and Exploitation Less Likely.

#microsoft #vulnerability #CVE #infosec #cybersecurity #copilot #dynamics365 #azure

Gotta love IoT stuff

Splunk security advisories since apparently they missed #PatchTuesday and everyone wants to push to prod before Thanksgiving:

• SVD-2024-1101 Third-Party Package Updates in Python for Scientific Computing - November 2024 (1 CVE)
• SVD-2024-1102 Third-Party Package Updates in Splunk Machine Learning Toolkit - November 2024 (3 CVEs)

No mention of exploitation.

#splunk #vulnerability #cve #infosec #cybersecurity

[RSS] Introducing NachoVPN: One VPN Server to Pwn Them All

https://blog.amberwolf.com/blog/2024/november/introducing-nachovpn---one-vpn-server-to-pwn-them-all/

Interesting concept: rogue VPN server to compromise misconfigured clients

GitLab security advisory: GitLab Patch Release: 17.6.1, 17.5.3, 17.4.5

• CVE-2024-8114 (8.2 high) Privilege Escalation via LFS Tokens
• CVE-2024-8237 (6.5 medium) Denial of Service (DoS) through uncontrolled resource consumption when viewing a maliciously crafted cargo.toml file.
• CVE-2024-11669 (6.5 medium) Unintended Access to Usage Data via Scoped Tokens
• CVE-2024-8177 (5.3 medium) Gitlab DOS via Harbor registry integration
• CVE-2024-1947 (4.3 medium) Resource exhaustion and denial of service with test_report API calls
• CVE-2024-11668 (4.2 medium) Streaming endpoint did not invalidate tokens after revocation

No mention of exploitation.

#gitlab #vulnerability #cve #patchtuesday

XBOW found a path traversal vulnerability (CVE-2024-53844) in LabsAI's EDDI project that allows attackers to download any file on the server. XBOW combined a series of URL encodings and path normalization bypasses to trigger the flaw. Users of versions 4.3–5.3 should upgrade.

Since my previous PSA got so popular, here's a fun fact:

The very popular blog engine #Jekyll does not generate a feed by default! You have to add the jekyll-feed plugin and reference the generated Atom XML in your template!

https://github.com/jekyll/jekyll-feed

VMware security advisory: VMSA-2024-0022: VMware Aria Operations updates address multiple vulnerabilities(CVE-2024-38830, CVE-2024-38831, CVE-2024-38832, CVE-2024-38833, CVE-2024-38834)

• CVE-2024-38830 (7.8 high) Local privilege escalation vulnerability
• CVE-2024-38831 (7.8 high) Local privilege escalation vulnerability
• CVE-2024-38832 (7.1 high) Stored cross-site scripting vulnerability
• CVE-2024-38833 (6.8 medium) Stored cross-site scripting vulnerability
• CVE-2024-38834 (6.5 medium) Stored cross-site scripting vulnerability

No mention of exploitation

#CVE_2024_38830 #vmware #vulnerability #CVE #infosec #cybersecurity #CVE_2024_38831 #CVE_2024_38832 #CVE_2024_38833 #CVE_2024_38834 #aria #AriaOperations

Defects-in-Depth: Analyzing the Integration of Effective Defenses against One-Day Exploits in Android Kernels

An outstanding paper by Lukas Maar et al. about analyzing the exploitation techniques used in public 1-day Android kernel exploits over the last few years and cross-referencing them with the mitigations implemented by various Android vendors 🔥

https://www.usenix.org/system/files/usenixsecurity24-maar-defects.pdf

🎮 The @travisgoodspeed training on recovering Gameboy ROMs from microscopic pictures with the help of #radare2 is now indexed, with the rest of #r2con2024 presentations in the Radare TV website 👉 https://www.radare.org/tv/

I want to level-up my jump roping and apparently I clicked a Reddit link while searching for tips.

Now instead of the absolutely braindead topics that come up based on geoloation (is the average Hungarian Internet user really this shallow??) I get awesome jumprope vids and tips!

Thx #adtech!

I don't know if this is known but last week I found out that giving a user the #Windows OOBE experience can be abused for privilege escalation.

Scenario: A company gives a new employee his computer and lets him do the first login. During the #Windows OOBE, he presses SHIFT+F10 and opens CMD.

Since this CMD runs as SYSTEM, he installs a custom CA certificate via certutil, places 'WptsExtensions.dll' into System32, and creates a new local backdoor admin user.

Once the #Microsoft OOBE and/or #Intune setup is complete, only the local backdoor admin user will be deleted. The certificate and DLL still remain. A reboot is enough to trigger the DLL being loaded as SYSTEM.

The third-party cert could be detected using sigcheck, but that's a little hacky...

Does anyone know a fix for this? I've not found anything inside #Intune that would kill this vector.

PSA: Please, please, please add an RSS/Atom feed to your blog and publications! It's not hard, and makes following your content so much easier!

#RSS #POSSE #Syndication

Bad idea: build a captcha library that embeds DOSBox so it can make you beat levels/puzzles from DOS games to continue.

Prove you're a human! Beat Lifewater Oasis from Commander Keen 4! Defeat the Yeti in Kings Quest 5! Make sure 15 lemmings survive! Get the sword in Prince of Persia!

I discovered a certificate using a "public private key", in this case a key that is part of OpenSSL's test suite. This would not necessarily be a particularly interesting event. It happens every now and then that people use private keys they find on the Internet, likely due to a lack of understanding of public key cryptography. I usually report them for revocation, and move on. However, this one is a bit more unusual. It has been issued by the CA Digicert - for a domain owned by Digicert. https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/d21mtDJ7YXQ

Eighth article of the series "Extending Burp Suite for fun and profit - The Montoya way" is out!

Topic: BChecks - A quick way to extend Burp Suite Active and Passive Scanner!

https://security.humanativaspa.it/extending-burp-suite-for-fun-and-profit-the-montoya-way-part-8/

[RSS] A Dual Game Boy Chiptune Keytar

https://blog.adafruit.com/2024/11/25/a-dual-game-boy-chiptune-keytar-musicmonday-2/

"Your scientists were so preoccupied with whether they could, they didn't stop to think if they should."