[RSS] When Backups Open Backdoors: Accessing Sensitive Cloud Data via "Synology Active Backup for Microsoft 365"

https://modzero.com/en/blog/when-backups-open-backdoors-synology-active-backup-m365/

It is ridiculously hot in Europe, unbearably so, and yet we are building systems which are needlessly complex and power-hungry.

Something is very wrong with us.

Interesting links of the week:

Strategy:

* https://www.enisa.europa.eu/publications/the-eu-cybersecurity-index-2024 - EU's 2024 cyber security index
* https://assets.publishing.service.gov.uk/media/67cad8b18c1076c796a45c25/Cyber_Security_Sectoral_Analysis_Report_2025.pdf - HMG cyber security sectoral analysis 2025
* https://www.nao.org.uk/wp-content/uploads/2025/01/government-cyber-resilience.pdf - NAO paper on making UK more resilient
* https://www.ncsc.gov.uk/collection/security-principles-protecting-most-sensitive-personal-information-in-datasets - NCSC ideas on protecting data
* https://www.wired.com/story/how-to-protest-safely-surveillance-digital-privacy/ - protest early, protest safely, protest often

Threats:

* https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/umbrella-stand/ncsc-mar-umbrella_stand.pdf - NCSC exposes UMBRELLA STAND
* https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/shoe-rack-tipper/ncsc-tip-shoe_rack.pdf - ... and SHOE RACK
* https://cloud.google.com/blog/topics/threat-intelligence/creative-phishing-academics-critics-of-russia - GOOG reports on how Russia is targetting academics

Exploitation:

* https://sud0ru.ghost.io/windows-inter-process-communication-a-deep-dive-beyond-the-surface-part-4/ - a nice set of posts on Windows IPC's attack surface
* https://eprint.iacr.org/2025/1042 - whacking Falcons with a hammer
* https://forums.oracle.com/ords/r/apexds/community/q?question=interpositioning-in-java-2701 - had your caffeine? seamlessly injecting into Java

Hard hacks:

* https://skemman.is/handle/1946/50456 - emulating icey routers

Hardening:

* https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html - calling cc safely
* https://spiffe.io/docs/latest/spiffe-about/community-presentations/ - better authentication primitives for bots
* https://workos.com/blog/mcp-authorization-in-5-easy-oauth-specs - bring OAuth to MCP

Nerd:

* https://www.metoffice.gov.uk/forms/name-our-storms-call-for-names - so you want to work in marketing for storms
* https://activitypub.academy - so you want to learn about how the Fediverse works?

#security, #research

New Project Zero issue:

Double-fetch of root_size in fastrpc_pack_root_sharedpage leads to buffer overflow

https://project-zero.issues.chromium.org/issues/399463073

CVE-2025-21485

[RSS] The Journey of Bypassing Ubuntu's Unprivileged Namespace Restriction

https://u1f383.github.io/linux/2025/06/26/the-journey-of-bypassing-ubuntus-unprivileged-namespace-restriction.html

[RSS] Decrement by one to rule them all: AsIO3.sys driver exploitation

https://blog.talosintelligence.com/decrement-by-one-to-rule-them-all/

[RSS] exploits.club Weekly Newsletter 77 - MS-RPC Fuzzing, Printer Hacking, Arbitrary Decrement Primitives, And More

https://blog.exploits.club/exploits-club-weekly-newsletter-77-ms-rpc-fuzzing-printer-hacking-arbitrary-decrement-primitives-and-more/

CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS

https://github.com/ceph/ceph/security/advisories/GHSA-89hm-qq33-2fjm

CVE-2025-52555

We’re going the wrong way! How to abuse symlinks and get LPE in Windows https://cicada-8.medium.com/were-going-the-wrong-way-how-to-abuse-symlinks-and-get-lpe-in-windows-0c598b99125b

Interesting Git repos of the week:

Strategy:

* https://github.com/timb-machine/security-research-governance-toolkit - I started releasing Portcullis' old security research governance toolkit

Detection:

* https://github.com/sandflysecurity/sandfly-forensic-scripts - @SandflySecurity have release scripts for collecting Linux artefacts

Exploitation:

* https://github.com/stealth/injectso - @steaith demonstrates how to inject .so files into running processes at will
* https://github.com/NeffIsBack/wsuks - have you ever wanted to MITM WSUS?

Data:

* https://github.com/public-api-lists/public-api-lists - does what it says on the tin

Development:

* https://github.com/sapdragon/syscalls-cpp - headers for direct syscall invocation

#security, #research, #code

Actively exploited vulnerability in CVE-2024-54085 in AMI MegaRAC gives attackers extraordinary control over server fleets by allowing a remote attacker to create an admin account without any authentication:
👇
https://arstechnica.com/security/2025/06/active-exploitation-of-ami-management-tool-imperils-thousands-of-servers/

What's not to love about third-party software injecting itself into Firefox and causing crashes in the Rust standard library?

https://github.com/rust-lang/rust/issues/143078

#CISCO: Critical severity CVSS 10 CVE-2025-20281 and CVE-2025-20282 vulnerabilities allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root! Updates released - patched now:
👇
https://thehackernews.com/2025/06/critical-rce-flaws-in-cisco-ise-and-ise.html

Today we’re quietly (and finally!) opening up Railfinder to the public! This is our beta version and - hopefully - the first step towards that one booking site for trains across Europe that we all dream of.

Lots of work has gone into this and equally lots still to do before reach that vision, but if you’d like to try what we’be built you can now just go to https://www.railfinder.eu and have a go!

Any and all feedback more than welcome 🙏

Help request. My brother has Stage 4 colorectal cancer.

His life insurance has refused to pay out on a technicality, meaning he and his loved ones cannot afford the mortgage on their home.

I've never asked for anything in return for infosec stuff, but if you have anything spare, please chuck it this direction instead:

https://gofund.me/b9a0d8f4

🚀 Ghidra users! Looking for more power & flexibility in your reverse engineering workflow? Try ghidra-r2web — the plugin that lets you attach multiple Radare2 instances to your main #Ghidra session!
We need ideas, bug reports, feature requests and contributors to make this plugin shine! https://github.com/radareorg/ghidra-r2web

Project: kubernetes/kubernetes https://github.com/kubernetes/kubernetes
File: vendor/golang.org/x/text/encoding/japanese/eucjp.go:124 https://github.com/kubernetes/kubernetes/blob/a62752db5110225a89a83ec844a5884413e550ff/vendor/golang.org/x/text/encoding/japanese/eucjp.go#L124

func (eucJPEncoder) Transform(dst, src []byte, atEOF bool) (nDst, nSrc int, err error)

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fkubernetes%2Fkubernetes%2Fblob%2Fa62752db5110225a89a83ec844a5884413e550ff%2Fvendor%2Fgolang.org%2Fx%2Ftext%2Fencoding%2Fjapanese%2Feucjp.go%23L124&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fkubernetes%2Fkubernetes%2Fblob%2Fa62752db5110225a89a83ec844a5884413e550ff%2Fvendor%2Fgolang.org%2Fx%2Ftext%2Fencoding%2Fjapanese%2Feucjp.go%23L124&colors=light

Good morning Fedi friends!

My decision to upload the Fedi promo video to YouTube 2 weeks ago was really controversial.

@randahl posted a nice message about the video & encouraged his followers to like / comment on it so the YouTube algorithm would serve it to more people. He was inundated by hostile comments for days. Sorry Randahl!

Well, exhibit A of why this was a good decision in hindsight (see pic).

How else are people going to hear about the Fediverse?

As always thank for the support ❤️

Isn't it enough to see that a garden is beautiful without having to believe that there are fairies at the bottom of it too?

#HitchhikersGuide #DouglasAdams #quotes #quote #bot

Binary packages for our radare2-Ghidra bridge released for Ghidra 11.4:

https://github.com/radareorg/ghidra-r2web/releases/tag/ghidra-11.4

I cut down the release to support the last 3 minor Ghidra versions (11.4, 11.3.x, 11.2.y), if you need supoort for older versions, please let us know by opening an Issue!

#Ghidra #radare2