Back when I was poking around with filesystem fuzzing stuff years back, I noticed something odd:

An EXT filesystem can tell the Linux OS how it should behave "if" the filesystem is corrupt, including triggering a kernel panic. In a world where USB thumb drives exist, this seems... not ideal.

Let's see what happens if we plug such a mass storage device into a fully patched Chromebook in 2024...

Oh.

"iDecompile: Writing a Decompiler for iOS Applications"(Laurie Kirk)

Things I learned:
When decompiling iOS apps it makes sense to think of the application life cycle, i.e. specific code is triggered when apps go from background to foreground. You can think of these triggers as multiple mains or entry points.

Tool for #reverseengineering
https://github.com/LaurieWired/Malimite

https://objectivebythesea.org/v7/talks.html#Speaker_8

#obts #obtsv7

LIEF 0.16.0 is out featuring new (extended) capabilities like Dyld Shared Cache support, Assembler/disassembler, ...

https://lief.re/blog/2024-12-10-lief-0-16-0/

It's the last Patch Tuesday of 2024, but that doesn't mean #Adobe or #Microsoft took it easy. There's one Microsoft CVE being actively exploited and Adobe released fixes for 167 CVEs(!) in total. Join @TheDustinChilds as he breaks down the release. https://www.zerodayinitiative.com/blog/2024/12/10/the-december-2024-security-update-review

Happy #PatchTuesday from Splunk:

• SVD-2024-1201 Information Disclosure in Mobile Alert Responses in Splunk Secure Gateway (CVE-2024-53243, 4.3 medium)
• SVD-2024-1202 Risky command safeguards bypass in "/en-US/app/search/report" endpoint through "s" parameter (CVE-2024-53244, 5.7 medium)
• SVD-2024-1203 Information Disclosure due to Username Collision with a Role that has the same Name as the User (CVE-2024-53245, 3.1 low)
• SVD-2024-1204 Sensitive Information Disclosure through SPL commands (CVE-2024-53246, 5.3 medium)
• SVD-2024-1205 Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway app (CVE-2024-53247, 8.8 high)
• SVD-2024-1206 Third-Party Package Updates in Splunk Enterprise - December 2024 (multiple CVEs)
• SVD-2024-1207 Third-Party Package Updates in Splunk Universal Forwarder - December 2024 (CVE-2024-5535, 9.1 critical)

No verbiage of exploitation.

#splunk #infosec #cybersecurity #vulnerability #CVE

CLFS seems like the gift that keeps on giving.
CVE-2024-49138 is being exploited ITW, apparently.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138

Given that it says that it's publicly disclosed, does anybody know offhand where CVE-2024-49138 is discussed publicly?

Happy #PatchTuesday from Microsoft: 71 new vulnerabilities, ONE ZERO-DAY:

• CVE-2024-49138 (7.8 high) Windows Common Log File System Driver Elevation of Privilege Vulnerability

Update for CVE-2024-38033 (7.3 high, from 09 July 2024) PowerShell Elevation of Privilege Vulnerability was reissued a patch for all affected versions of Windows Server 2012 and Windows Server 2012 R2.

The Microsoft data arrived almost 10 minutes early.

cc: @goatyell @mttaggart @hrbrmstr @ntkramer @iagox86 @zackwhittaker @dreadpir8robots @TheDustinChilds @neurovagrant @xorhex @campuscodi @briankrebs (remember to remove the mentions to avoid ReplyAll madness)

#microsoft #msrc #vulnerability #cve #infosec #cybersecurity

I'd imagine this is gonna change about three times an hour at the rate new info (and intel) is being shared, but Rapid7 is also investigating a bunch of incidents related to this. Our MDR folk have confirmed successful exploitation in customer environments and observed enumeration and post-exploitation behavior similar to what @huntress has already shared. https://www.rapid7.com/blog/post/2024/12/10/etr-widespread-exploitation-of-cleo-file-transfer-software-cve-2024-50623/

Cisco Talos' Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service. Read the latest in the Vulnerability Roundup: https://blog.talosintelligence.com/mc-lr-router-and-gocast-zero-day-vulnerabilities-2/

The official PeerTube app just released:

https://play.google.com/store/apps/details?id=org.framasoft.peertube

https://apps.apple.com/app/peertube/id6737834858

(coming soon to F-Droid)

How to add more servers:

1. Click Explore
2. Click "Show More Platforms" in middle of the screen
3. Click the + icon in top right
4. Enter server's web address & connect
5. Click "Platforms" at the bottom to browse added servers

Don't blame Framasoft for missing features, blame Apple and Google's idiotic rules:

https://framablog.org/2024/12/10/peertube-mobile-app-discover-videos-while-caring-for-your-attention

🧵 1/2

Over 350 musicians are speaking out to demand that major labels drop a lawsuit aimed to destroy the Internet Archive.

https://www.rollingstone.com/music/music-news/tegan-sara-kathleen-hanna-internet-archive-lawsuit-letter-1235195841/

The Ruby on Rails _json Juggling Attack https://nastystereo.com/security/rails-_json-juggling-attack.html

The register on mine and Seth's AI reactions:

https://www.theregister.com/2024/12/10/ai_slop_bug_reports/

Hello Rustaceans! Our technical director @raptor is back at it.

In this second installment of our #Rust series, “An offensive Rust encore”, he will guide you in bringing your skills to the next level by using a new PoC #RedTeaming tool as an excuse:

https://security.humanativaspa.it/an-offensive-rust-encore