CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Hot off the press!

• CVE-2024-11667 (7.5 high) Zyxel Multiple Firewalls Path Traversal Vulnerability
• CVE-2024-11680 (9.8 critical) ProjectSend Improper Authentication Vulnerability
• CVE-2023-45727 (7.5 high) North Grid Proself Improper Restriction of XML External Entity (XEE) Reference Vulnerability

#CVE #CVE_2024_11667 #Zyxel #ProjectSend #CVE_2024_11680 #proself #CVE_2023_45727 #cisa #kev #cisakev #knownexploitedvulnerabilitiescatalog #vulnerability #eitw #activeexploitation #infosec #cybersecurity

Chesterton’s Fence: A Lesson in Thinking

https://fs.blog/chestertons-fence/

We just released AFL++ v4.30c - deprecate afl-gcc/clang, fast resume support, lots of improvements. https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.30c #afl #fuzzer #fuzzing

I work in IT and hate friends/family asking me to fix their home computers, now everytime I fix someones computer and hand it back I whisper "Dirty bastard!" and the look of pure horror on their face gets me everytime. Nobody asks now so it worked a treat.

My team college @rame found the CVE-2024-8001 vulnerability in VIWIS LMS 9.11. Congrats! 🥳 https://vuldb.com/?id.284352

#BOFH excuse #281:

The co-locator cannot verify the frame-relay gateway to the ISDN server.

One thing I find difficult in Radare2 is its advanced syntax. Not sure where it's documented + the naming logic.

For example: db $in:5 @ main - in yesterday's Advent of Radare (https://radare.org/advent/02.html). Where does $in come from?

Or ?$? ... ouch!
Or $$+10
or @10!20
or @@10 ...

Any good pointers to read?

cc: @radareorg

#radare2

AMD Disables Zen 4's Loop Buffer

https://chipsandcheese.com/p/amd-disables-zen-4s-loop-buffer

In an interview with the BBC in 2021, the British head of intelligence, Sir Richard Moore, MI6, describes the dangers of digital dependencies. The Foreign Intelligence Service speaks of a “data trap”: “If you allow another country to gain access to really critical data about your society, it will over time undermine your sovereignty, as you no longer have control over this data.” - https://gi.de/themen/beitrag/alarmzeichen-deutschland-demnaechst-im-goldenen-microsoft-kaefig

Want to help build Binary Ninja this summer? Our 2025 summer internship application process is live!

https://binary.ninja/students/internship-2025.html

Former Polish spy chief arrested to testify before parliament in spyware probe

https://therecord.media/poland-former-spy-chief-testifies-pegasus-spyware

Google security advisories: Android Security Bulletin December 2024
At a glance, no mention of exploitation. No Pixel bulletin, Android Automotive OS and Wear OS have no patches for December 2024. Nothing for Pixel Watch.

#google #android #pixel #vulnerability #cve #infosec #cybersecurity

It's Baaaaaack!!

Our Credit Card Canarytokens are out of beta and on your Canarytoken servers..

- Grab one;
- Stash it somewhere "safe";
- We will notify you if it's ever used!

Read more about it at https://blog.thinkst.com/2024/12/its-baaack-credit-card-canarytokens-are-now-on-your-consoles.html

A perfect 10 directory traversal is such a good way to start a Monday.

https://nvd.nist.gov/vuln/detail/CVE-2024-10905

#directoryTraversalMemes

💡@criscifuentes, the Mother of Decompilation, reflects in her #LABScon2024 keynote on three decades of innovation in reverse engineering. Highlights include:

- Her 1994 PhD research on reverse compilation techniques for 80286 DOS binaries
- Groundbreaking methods for mapping instruction flows and tracing compiler optimizations
- The evolution of decompilation tools and their modern applications in malware analysis

👉 Watch the full video: https://t.co/WYqhuybFd8

A new version of function-graph-overview is out, now with C++ support!

Online demo - https://tmr232.github.io/function-graph-overview/?language=3
VSCode - https://marketplace.visualstudio.com/items?itemName=tamir-bahar.function-graph-overview
JetBrains - https://plugins.jetbrains.com/plugin/25676-function-graph-overview

#FunctionGraphOverview #cpp #vscode #jetbrains