kids don’t even know you used to go to the mall and go to a store inside the mall and find boxes that had computer programs inside and you’d look at the boxes and compare them to other boxes and decide which computer programs you wanted to run and pay for them at the counter and take them home and find out they sucked ass. they just don’t know.

CISA: Vulnerability Summary for the Week of December 2, 2024
ELEVEN vulnerabilities with a perfect CVSSv3.1 score of 10.0 out of 10 🥳 cc: @cR0w
How many high severity path traversals this week?

1. CVE-2024-51549: ABB--ASPECT-Enterprise "Absolute File Traversal vulnerabilities" perfect 10.0
2. CVE-2024-11398: Synology--Synology Router Manager (SRM) Path Traversal 8.1 high
3. CVE-2024-54154 JetBrains YouTrack path traversal 8.0 high
4. CVE-2024-54216 Path Traversal vulnerability in NotFound ARForms

Regarding the CEO assassin, I'm noticing a pattern regarding folks' reactions to the assassin...

...it's a positive reaction.

They're calling him The Adjuster, Robin Hoodie, The Hero We Need, The Batman. The Joker. The Riddler. etc.

They're asking "who will he hit next" and "finally someone is standing up to the Health Care Industry". "Do oil and gas and the banks next!" etc et al.

We saw similar reaction to Jack Smith, Robert Mueller, & Fani Willis. It's the same as people that hoped Elon Musk would save us. Or Bernie Sanders, or Kamala Harris, or Trump.

Look.

No one person is going to save you.

Not the CEO Assassin. Not Trump. Not Jack Smith. Not Elon Must. Not Robert Mueller.

The issues are systemic. No one "batman" superhero is going to change everything.

All of that leads to a mentality that celebrates strongmen and demagogues.

Without giving a call for violence (don't ban me @jerry !!!) ...

...be the change you want to see. Get into your local town and work with your neighbors to accomplish change. Pick a thing, any thing, and start working on it as you can.

No gods.

No heroes.

#ceo #assassin #unitedHealthCare #mutualAid #solarPunk

CVE-2023-48365 (9.8 critical, disclosed 15 November 2023) Qlik Sense Enterprise for Windows unauth remote code execution is being reported as exploited in the wild by @catc0n:

Personally observed in an environment: Rapid7 MDR has observed exploitation of this vulnerability in one or more customer environments

cc: @todb @ntkramer @dreadpir8robots @hrbrmstr @wvu

#vulnerability #CVE_2023_48365 #qlik #eitw #activeexploitation #threatintel #infosec #cyberthreatintelligence #CTI

This was kind of a funny bug (though by luck it is hard to reach): https://project-zero.issues.chromium.org/373391951

A tree structure containing pointers needs to be deep-copied (the objects pointed to by the tree need to be duplicated too), but as an optimization, the tree is first shallow-copied, and then, in the copied tree, the pointers to the original objects are replaced with pointers to copied objects. But the copying of objects can fail midway through, and in that case, there is special cleanup code that can properly tear down the not-fully-set-up copied tree... but between failure and cleanup, a lock is dropped, and some other codepath can do a lookup in the copied tree, causing UAF if the lookup happens in a shallow-copied part of the tree and the corresponding element in the original tree has been freed since.

We've released 35 new Semgrep rules targeting infrastructure, supply chain, and Ruby security issues. Plus, learn how to leverage regex mode and HCL support for better infrastructure-as-code security.

https://blog.trailofbits.com/2024/12/09/35-more-semgrep-rules-infrastructure-supply-chain-and-ruby/

Dual_EC_DRBG with Justin Schuh and Matthew Green

https://www.youtube.com/watch?v=i0eon3xZAro

#frombsky #cryptography #backdoor

New assessment for topic: CVE-2024-1708

Topic description: "ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker ..."

"CVE-2024-1708 is a path traversal vulnerability affecting ConnectWise ScreenConnect ..."

Link: https://attackerkb.com/assessments/1b849988-c20e-4489-b536-148cd9c60645

[RSS] DOM Purify - dirty namespace bypass

https://blog.slonser.info/posts/dompurify-dirty-namespace-bypass/

Here's a link to today's AI slop #curl #hackerone report. Freshly disclosed: https://hackerone.com/reports/2887487

The #curl CVE we will publish on Wednesday addresses an issue that has existed in source code for almost twenty-five years.

severity low though, so the sky might not fall this week either

New Project Zero issue:

Linux >=v6.8-rc1: VMA UAF when nascent MM is accessed through forked userfaultfd or khugepaged after aborted fork

https://project-zero.issues.chromium.org/issues/373391951

CVE-2024-50263, CVE-2024-50220

I published an Advanced Persistent Threat (APT) profile on Gamaredon, a Russian state-sponsored cyberespionage group. Gamaredon (Group) is also known as Aqua Blizzard/ACTINIUM, and BlueAlpha, but most vendors do refer to them as Gamaredon. In 2021, they were publicly attributed by the Security Service of Ukraine (SSU) to Russia's Federal Security Service (FSB) Centers 16 and 18.

#gamaredon #russia #cyberespionage #fsb #bluealpha #aquablizzard #infosec #cybersecurity #cyberthreatintelligence #CTI #threatintel

New Project Zero issue:

Windows Kernel registry security descriptor refcount may overflow when referenced by too many transacted operations

https://project-zero.issues.chromium.org/issues/42451732

CVE-2024-43641

New assessment for topic: CVE-2024-9474

Topic description: "A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. ..."

"[CVE-2024-9474](https://security.paloaltonetworks.com/CVE-2024-9474) was exploited in the wild as part of an exploit chain, paired with the authentication bypass [CVE-2024-0012](https://attackerkb.com/topics/MLL6c2Y4Oo/cve-2024-0012), to allow for unauthenticated RCE ..."

Link: https://attackerkb.com/assessments/83a9c0f2-2ff0-4b7a-ab52-a8f4897d148b

CVE-2024-53908: Potential SQL injection in HasKey(lhs, rhs) on Oracle #Django

https://www.djangoproject.com/weblog/2024/dec/04/security-releases/

Mandiant's Thibault Van Geluwe de Berlaere demonstrates a novel technique that can be used to circumvent all three current types of browser isolation (remote, on-premises, and local) for the purpose of controlling a malicious implant via C2. https://cloud.google.com/blog/topics/threat-intelligence/c2-browser-isolation-environments/

itch.io is reporting on bsky that their domain has been taken down due to ...well.

#BOFH excuse #415:

Maintenance window broken