I'd imagine this is gonna change about three times an hour at the rate new info (and intel) is being shared, but Rapid7 is also investigating a bunch of incidents related to this. Our MDR folk have confirmed successful exploitation in customer environments and observed enumeration and post-exploitation behavior similar to what @huntress has already shared. https://www.rapid7.com/blog/post/2024/12/10/etr-widespread-exploitation-of-cleo-file-transfer-software-cve-2024-50623/

Cisco Talos' Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service. Read the latest in the Vulnerability Roundup: https://blog.talosintelligence.com/mc-lr-router-and-gocast-zero-day-vulnerabilities-2/

IDK, SAP, I've seen the patch notes for your Security Patch Days. Maybe work on addressing the cause of all those sev:CRITs before throwing money at this? Just a thought.

https://www.theregister.com/2024/12/10/sap_says_genai_will_help/

The official PeerTube app just released:

https://play.google.com/store/apps/details?id=org.framasoft.peertube

https://apps.apple.com/app/peertube/id6737834858

(coming soon to F-Droid)

How to add more servers:

1. Click Explore
2. Click "Show More Platforms" in middle of the screen
3. Click the + icon in top right
4. Enter server's web address & connect
5. Click "Platforms" at the bottom to browse added servers

Don't blame Framasoft for missing features, blame Apple and Google's idiotic rules:

https://framablog.org/2024/12/10/peertube-mobile-app-discover-videos-while-caring-for-your-attention

🧵 1/2

Over 350 musicians are speaking out to demand that major labels drop a lawsuit aimed to destroy the Internet Archive.

https://www.rollingstone.com/music/music-news/tegan-sara-kathleen-hanna-internet-archive-lawsuit-letter-1235195841/

The Ruby on Rails _json Juggling Attack https://nastystereo.com/security/rails-_json-juggling-attack.html

The register on mine and Seth's AI reactions:

https://www.theregister.com/2024/12/10/ai_slop_bug_reports/

Hello Rustaceans! Our technical director @raptor is back at it.

In this second installment of our #Rust series, “An offensive Rust encore”, he will guide you in bringing your skills to the next level by using a new PoC #RedTeaming tool as an excuse:

https://security.humanativaspa.it/an-offensive-rust-encore

fascinating result about the performance of memory-safe PNG decoders and the usefulness of autovectorization in real projects https://www.reddit.com/r/rust/comments/1ha7uyi/memorysafe_png_decoders_now_vastly_outperform_c/

High level diff of iOS 18.2 RC vs. iOS 18.2 RC2 🎉

https://github.com/blacktop/ipsw-diffs/blob/main/18_2_22C150__vs_18_2_22C151/README.md

Totally missed Huawei's new programming languages: ArkTS (ts subset that compiles to native code) and Cangjie (too much chinese documentation for me to understand it):

https://en.wikipedia.org/wiki/ArkTS

https://www.gizmochina.com/2024/06/21/huawei-cangjie-programming-language/

kids don’t even know you used to go to the mall and go to a store inside the mall and find boxes that had computer programs inside and you’d look at the boxes and compare them to other boxes and decide which computer programs you wanted to run and pay for them at the counter and take them home and find out they sucked ass. they just don’t know.

CISA: Vulnerability Summary for the Week of December 2, 2024
ELEVEN vulnerabilities with a perfect CVSSv3.1 score of 10.0 out of 10 🥳 cc: @cR0w
How many high severity path traversals this week?

1. CVE-2024-51549: ABB--ASPECT-Enterprise "Absolute File Traversal vulnerabilities" perfect 10.0
2. CVE-2024-11398: Synology--Synology Router Manager (SRM) Path Traversal 8.1 high
3. CVE-2024-54154 JetBrains YouTrack path traversal 8.0 high
4. CVE-2024-54216 Path Traversal vulnerability in NotFound ARForms

Regarding the CEO assassin, I'm noticing a pattern regarding folks' reactions to the assassin...

...it's a positive reaction.

They're calling him The Adjuster, Robin Hoodie, The Hero We Need, The Batman. The Joker. The Riddler. etc.

They're asking "who will he hit next" and "finally someone is standing up to the Health Care Industry". "Do oil and gas and the banks next!" etc et al.

We saw similar reaction to Jack Smith, Robert Mueller, & Fani Willis. It's the same as people that hoped Elon Musk would save us. Or Bernie Sanders, or Kamala Harris, or Trump.

Look.

No one person is going to save you.

Not the CEO Assassin. Not Trump. Not Jack Smith. Not Elon Must. Not Robert Mueller.

The issues are systemic. No one "batman" superhero is going to change everything.

All of that leads to a mentality that celebrates strongmen and demagogues.

Without giving a call for violence (don't ban me @jerry !!!) ...

...be the change you want to see. Get into your local town and work with your neighbors to accomplish change. Pick a thing, any thing, and start working on it as you can.

No gods.

No heroes.

#ceo #assassin #unitedHealthCare #mutualAid #solarPunk

CVE-2023-48365 (9.8 critical, disclosed 15 November 2023) Qlik Sense Enterprise for Windows unauth remote code execution is being reported as exploited in the wild by @catc0n:

Personally observed in an environment: Rapid7 MDR has observed exploitation of this vulnerability in one or more customer environments

cc: @todb @ntkramer @dreadpir8robots @hrbrmstr @wvu

#vulnerability #CVE_2023_48365 #qlik #eitw #activeexploitation #threatintel #infosec #cyberthreatintelligence #CTI

This was kind of a funny bug (though by luck it is hard to reach): https://project-zero.issues.chromium.org/373391951

A tree structure containing pointers needs to be deep-copied (the objects pointed to by the tree need to be duplicated too), but as an optimization, the tree is first shallow-copied, and then, in the copied tree, the pointers to the original objects are replaced with pointers to copied objects. But the copying of objects can fail midway through, and in that case, there is special cleanup code that can properly tear down the not-fully-set-up copied tree... but between failure and cleanup, a lock is dropped, and some other codepath can do a lookup in the copied tree, causing UAF if the lookup happens in a shallow-copied part of the tree and the corresponding element in the original tree has been freed since.