"CVSS is a shitty system"

Esettanulmányok arról, hogy készül a virsli CVSS (Common Vulnerability Scoring System), a cURL vezető fejlesztőjének előadásában.

@muszeresz

Zoom joins the vulnerability fray: Will VISS move the needle on AppSec?

Here's what you need to know about Zoom's Vulnerability Impact Scoring System, how it compares to EPSS — and how it can advance your application security. https://jpmellojr.blogspot.com/2024/01/zoom-joins-vulnerability-fray-will-viss.html

Always On VPN July 2023 Security Updates

Hello, Always On VPN administrators! It’s the second Tuesday of the month, so you know what that means. Yes, it’s Patch Tuesday! This month’s security updates include several fixes for vulnerabilities potentially affecting Microsoft Always On VPN deployments. RRAS Vulnerabilities Microsoft’s July 2023 security updates include fixes affecting Windows Servers with the Routing and Remote Access…

View On WordPress

VMware Patches VM Escape Flaw Exploited at Geekpwn Event

VMware Patches VM Escape Flaw Exploited at Geekpwn Event

Home › Cyberwarfare VMware Patches VM Escape Flaw Exploited at Geekpwn Event By Ryan Naraine on December 13, 2022 Tweet Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine escape bug exploited at the GeekPwn 2022 hacking challenge. The VM escape flaw, documented as CVE-2022-31705,…

View On WordPress

ICS Medical Advisory (ICSMA-22-151-02)

BD Synapsys https://www.cisa.gov/uscert/ics/advisories/icsma-22-151-02 1. EXECUTIVE SUMMARY CVSS v3 5.7ATTENTION: Low attack complexityVendor: Becton, Dickinson and Company (BD)Equipment: SynapsysVulnerability: Insufficient Session Expiration 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access, modify, or delete sensitive information. This…

View On WordPress

I was just going in circles with the automated answering machine at Walgreens and it wouldn’t let me talk to a real person so I said “fuck you” under my breath and it went “Okay. I will connect you to someone who can help.” and then it HUNG UP ON ME IAHSHDKALLSKEJESJHZ💀💀💀

Hey everyone - if you live in or are near the US , you're over the age of 12, and it's been +2 months since your last jab you're eligible for a covid booster and Novavax is finally being rolled out! It's not an mRNA vaccine and has been shown to possibly be more effective against new variants than mRNA vaccines. It doesn't have the crappy side effects the day after either! It's the safest vaccine for anyone who has had adverse effects from the covid shot before. Here's a solid compilation of studies and news on it if you want to learn more

https://www.okdoomer.io/a-little-bit-of-good-news/

It'll be more widely available in a few weeks but many CVSs, RiteAids, and Costcos are carrying it nationwide. Costco doesn't require a membership. If you call your local pharmacy and ask them if/when they'll have it that might get them to sooner. Most of these have Novavax availability on their appointment scheduler websites but it's still worth calling to check or checking in person in case they're out of date. You can also search for it on vaccines.gov. Happy to help folks look locally where y'all are if you want. Important to check if the location will take your insurance because boosters are now >$100 out of pocket if you go out of network 🙃 If you don't have insurance there is also the Bridge Access Program. To be clear, the mRNA vaccines are still very good and getting boosted before the holiday season spike is the best thing to do regardless. https://www.cdc.gov/vaccines/programs/bridge/index.html

Something like 10 or 12 years ago, before I had a smartphone, before I even had a flip phone capable of taking photos, I went on a church youth group trip to Disney World, and had the bright idea to take along a disposable camera I got at CVS to record some choice memories.

I never got it developed, I just put it in a drawer and forgot about it. Years went by, the drawer was emptied, its contents moved around, a lot of stuff got thrown away, so I thought for sure the camera was gone for good, but just the other day I did a deep clean of my bedroom amd found it at the bottom of an old box of crap!

I hope the film is still viable! I wonder if there are any CVSs near me that still have photo centers. If not, maybe I can send it somewhere.

The thing is, during that Disney trip, one of my friends showed me how to turn the camera into a flashbang. If you held the flash charger button until the electric hum stopped, and then whacked the camera hard against your other palm, the flash would go off without taking a picture. At least, I hope it didn't take pictures, because we must have done it a dozen times before one of our chaperones told us to stop. I fear that I may have double exposed or blown out a bunch of pictures and the film may be completely useless now. Only time and money will tell. If it's ruined, c'est la vie, I'll be in the same boat I've been in for the last decade when I thought it had been thrown away, so I won't feel too bad about it.

They still sell disposable cameras, so it stands to reason that there still exists a way to develop them. I'll keep you all posted.

Don't let CVEs distract you: Shift your AppSec team's focus to malware

Rather than wasting cycles on non-exploitable or remediated security holes, teams should focus on exploitability, and look for compromises including malware and tampering. Here's why. https://jpmellojr.blogspot.com/2023/11/dont-let-cves-distract-you-shift-your.html

On September 11th, 2023 Google released an emergency security fix for a critical vulnerability discovered, identified as CVE-2023-4863 affecting the Google Chrome for Windows, macOS, and Linux. CVE-2023-4863 is a zero day heap buffer overflow vulnerability in Google Chrome’s WebP with a HIGH 8.8 CVSS score. The vulnerability allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. According to Google’s report and the CISA KEV Catalog, the vulnerability is known to be exploited in the wild, which highlights its urgency and affects any application or software that uses the libwebp package of WebP codec, which significantly increases the attack surface. Rezilion analysis of the vulnerability reveals that: • The scope of this vulnerability is much wider than initially assumed, affecting millions of different applications worldwide • Vulnerability scanners will not necessarily provide a reliable indication of the presence of this vulnerability, due to being wrongly scoped as a Chrome issue. • It is highly likely that the underlying issue in the libwebp library is the same issue resulting in CVE-2023-41064 used by threat actors as part of the BLASTPASS exploit chain to deploy the NSO Group’s Pegasus spyware on target mobile devices. Rezilion analysis reveals that there are several common Linux applications that contain or use the vulnerable libwebp package as a dependency. Examples include: libtiff, python-pillow, libgd, gnuplot, libavcodec58, libmagickcor, libqt5webkit5, libgvc6, libimlib2, and others.  Rezilion has also identified the vulnerable library in several popular container images׳ latest versions, collectively downloaded and deployed billions of times, such as Nginx, Python, Joomla, WordPress, Node.js, and more.

(September 21st 2023)

(September 26th 2023)

A critical zero-day vulnerability Google reported on Wednesday in its Chrome browser is opening the Internet to a new chapter of Groundhog Day. Like a critical zero-day Google disclosed on September 11, the new exploited vulnerability doesn’t affect just Chrome. Already, Mozilla has said that its Firefox browser is vulnerable to the same bug, which is tracked as CVE-2023-5217. And just like CVE-2023-4863 from 17 days ago, the new one resides in a widely used code library for processing media files, specifically those in the VP8 format. Pages here and here list hundreds of packages for Ubuntu and Debian alone that rely on the library known as libvpx. Most browsers use it, and the list of software or vendors supporting it reads like a who’s who of the Internet, including Skype, Adobe, VLC, and Android. It’s unclear how many software packages that depend on libvpx will be vulnerable to CVE-2023-5217. Google’s disclosure says the zero-day applies to video encoding. By contrast, the zero-day exploited in libwebp, the code library vulnerable to the attacks earlier this month, worked for encoding and decoding. In other words, based on the wording in the disclosure, CVE-2023-5217 requires a targeted device to create media in the VP8 format. CVE-2023-4863 could be exploited when a targeted device simply displayed a booby-trapped image. “The fact that a package depends on libvpx does NOT necessarily mean that it'd be vulnerable,” Will Dorman, senior principal analyst at Analygence, wrote in an online interview. “The vuln is in VP8 encoding, so if something uses libvpx only for decoding, they have nothing to worry about.” Even with that important distinction, there are likely to be many more packages besides Chrome and Firefox that will require patching. “Firefox, Chrome (and Chromium-based) browsers, plus other things that expose VP8 encoding capabilities from libvpx to JavaScript (i.e. web browsers), seem to be at risk,” he said.

(September 28th, 2023)

Zero-Day CVE-2024-24919 Discovered in Check Point's VPN Software

Cybersecurity software vendor Check Point has issued a critical warning to customers, urging them to update their software immediately due to a zero-day vulnerability in their Virtual Private Network (VPN) products that is actively being exploited by attackers. The vulnerability, assigned CVE-2024-24919 and a CVSS score of 8.6 (high severity), affects Check Point's CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances.

VPN Exploit Targets Older Local Accounts

According to Check Point's advisory, the vulnerability involves attackers "using old VPN local accounts relying on unrecommended password-only authentication method." The company strongly recommends against relying solely on password authentication for logging into network infrastructure, emphasizing that it is an unfavorable method for ensuring the highest levels of cybersecurity.

Potential Impact and Lateral Movement

If successfully exploited, the vulnerability could grant an attacker access to sensitive information on a security gateway, as well as enable lateral movement within the network with domain administrator privileges. Threat intelligence firm Mnemonic, which was contacted by Check Point regarding the vulnerability, has confirmed that the exploit allows threat actors to retrieve all files on the local filesystem, including password hashes for local accounts, SSH keys, certificates, and other critical files.

Patches Available and Recommended Mitigations

Check Point has released patches for all affected systems, and customers are strongly advised to apply the updates as soon as possible. In addition to installing the patches, Check Point recommends hardening VPN posture by implementing multi-factor authentication (MFA) and reviewing and removing unnecessary local VPN accounts. For any necessary local accounts, additional authentication measures should be added to mitigate the risk of exploitation. The actively exploited zero-day vulnerability in Check Point's VPN products underscores the importance of promptly applying security updates and following best practices. While implementing MFA can be a hassle, the consequences of a data breach or network compromise can be far more severe. Organizations using affected Check Point products are urged to take immediate action to secure their systems and protect their valuable data and infrastructure. Read the full article

Gaping Authentication Bypass Holes in VMWare Workspace One

Gaping Authentication Bypass Holes in VMWare Workspace One

Home › Cyberwarfare Gaping Authentication Bypass Holes in VMWare Workspace One By Ryan Naraine on November 09, 2022 Tweet Virtualization technology giant VMware joined the Patch Tuesday train this week to deliver urgent security patches to its VMWare Workspace One product. The company published an urgent bulletin (VMSA-2022-0028) with barebones details on at least five documented security…

View On WordPress

Bulletin (SB22-150)

Vulnerability Summary for the Week of May 23, 2022 https://www.cisa.gov/uscert/ncas/bulletins/sb22-150 The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin…

View On WordPress

GitHub は、CVE-2024-4985 として追跡されている最大重大度 (CVSS v4 スコア: 10.0) の認証バイパス脆弱性を修正しました。これは、SAML シングル サインオン (SSO) 認証を使用する GitHub Enterprise Server (GHES) インスタンスに影響します。 この欠陥を悪用すると、攻撃者が SAML 応答を偽造して管理者権限を取得し、認証を必要とせずにインスタンスのすべてのコンテンツに無制限にアクセスできるようになります。 GHES は、独自のサーバーまたはプライベート クラウド環境にリポジトリを保存することを好む組織向けに設計された GitHub のセルフホスト バージョンです。 これは、資産のより高度な制御を必要とする大企業や開発チーム、機密データまたは専有データを扱うエンティティ、高パフォーマンスのニーズを持つ組織、およびオフライン アクセス機能を必要とするユーザーの��ーズに応えます。 この欠陥は GitHub の Bug Bounty プログラムに提出されており、暗号化されたアサーションを持つ Security Assertion Markup Language (SAML) SSO を利用するインスタンスにのみ影響します。 このオプション機能は、データを傍受 (中間者攻撃) から保護します。

GitHub、Enterprise Server の SAML 認証バイパスの欠陥を警告

Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack

The Hacker News : Palo Alto Networks is warning that a critical flaw impacting its PAN-OS software used in its GlobalProtect gateways is being exploited in the wild. Tracked as CVE-2024-3400, the issue has a CVSS score of 10.0, indicating maximum severity. "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature http://dlvr.it/T5QBTY Posted by : Mohit Kumar ( Hacker )

As someone who literally surveys so many CVSs yeah its not you they complain all the time about being over staffed on mornings due to the worker age range skewing higher than more places of employment 👍

That makes me feel a little better thank you.