This was kind of a funny bug (though by luck it is hard to reach): https://project-zero.issues.chromium.org/373391951

A tree structure containing pointers needs to be deep-copied (the objects pointed to by the tree need to be duplicated too), but as an optimization, the tree is first shallow-copied, and then, in the copied tree, the pointers to the original objects are replaced with pointers to copied objects. But the copying of objects can fail midway through, and in that case, there is special cleanup code that can properly tear down the not-fully-set-up copied tree... but between failure and cleanup, a lock is dropped, and some other codepath can do a lookup in the copied tree, causing UAF if the lookup happens in a shallow-copied part of the tree and the corresponding element in the original tree has been freed since.

We've released 35 new Semgrep rules targeting infrastructure, supply chain, and Ruby security issues. Plus, learn how to leverage regex mode and HCL support for better infrastructure-as-code security.

https://blog.trailofbits.com/2024/12/09/35-more-semgrep-rules-infrastructure-supply-chain-and-ruby/

Dual_EC_DRBG with Justin Schuh and Matthew Green

https://www.youtube.com/watch?v=i0eon3xZAro

#frombsky #cryptography #backdoor

New assessment for topic: CVE-2024-1708

Topic description: "ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker ..."

"CVE-2024-1708 is a path traversal vulnerability affecting ConnectWise ScreenConnect ..."

Link: https://attackerkb.com/assessments/1b849988-c20e-4489-b536-148cd9c60645

[RSS] DOM Purify - dirty namespace bypass

https://blog.slonser.info/posts/dompurify-dirty-namespace-bypass/

Here's a link to today's AI slop #curl #hackerone report. Freshly disclosed: https://hackerone.com/reports/2887487

The #curl CVE we will publish on Wednesday addresses an issue that has existed in source code for almost twenty-five years.

severity low though, so the sky might not fall this week either

New Project Zero issue:

Linux >=v6.8-rc1: VMA UAF when nascent MM is accessed through forked userfaultfd or khugepaged after aborted fork

https://project-zero.issues.chromium.org/issues/373391951

CVE-2024-50263, CVE-2024-50220

I published an Advanced Persistent Threat (APT) profile on Gamaredon, a Russian state-sponsored cyberespionage group. Gamaredon (Group) is also known as Aqua Blizzard/ACTINIUM, and BlueAlpha, but most vendors do refer to them as Gamaredon. In 2021, they were publicly attributed by the Security Service of Ukraine (SSU) to Russia's Federal Security Service (FSB) Centers 16 and 18.

#gamaredon #russia #cyberespionage #fsb #bluealpha #aquablizzard #infosec #cybersecurity #cyberthreatintelligence #CTI #threatintel

New Project Zero issue:

Windows Kernel registry security descriptor refcount may overflow when referenced by too many transacted operations

https://project-zero.issues.chromium.org/issues/42451732

CVE-2024-43641

New assessment for topic: CVE-2024-9474

Topic description: "A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. ..."

"[CVE-2024-9474](https://security.paloaltonetworks.com/CVE-2024-9474) was exploited in the wild as part of an exploit chain, paired with the authentication bypass [CVE-2024-0012](https://attackerkb.com/topics/MLL6c2Y4Oo/cve-2024-0012), to allow for unauthenticated RCE ..."

Link: https://attackerkb.com/assessments/83a9c0f2-2ff0-4b7a-ab52-a8f4897d148b

CVE-2024-53908: Potential SQL injection in HasKey(lhs, rhs) on Oracle #Django

https://www.djangoproject.com/weblog/2024/dec/04/security-releases/

Mandiant's Thibault Van Geluwe de Berlaere demonstrates a novel technique that can be used to circumvent all three current types of browser isolation (remote, on-premises, and local) for the purpose of controlling a malicious implant via C2. https://cloud.google.com/blog/topics/threat-intelligence/c2-browser-isolation-environments/

itch.io is reporting on bsky that their domain has been taken down due to ...well.

#BOFH excuse #415:

Maintenance window broken

Lies, damned lies, and photodiodes: https://lcamtuf.substack.com/p/lies-damned-lies-and-photodiodes

New episode is up!
https://unnamedre.com/episode/72

I was surprised to receive an email from Amazon that indicated that two items in my wishlist were shipped. I mean... I only expressed the desire to maybe purchase them in the future, right?

As it turns out, that email you read in Gmail isn't the email from Amazon. It's a summary of what Gmail thinks Amazon emailed you about. You have to scroll down to see the actual email that they sent. Amazon stopped emailing you what's being shipped to you a long time ago, anyway.

play the grindr notification noise at Christmas dinner to see which conservative relatives panickedly check their phone ringer

are you a programmer? do you like heavy metal? would you like to be *really upset* by a music video?

do i have something for you.

https://www.youtube.com/watch?v=yup8gIXxWDU