harrysintonen

joined 2 years ago
sorted by: new top controversial old
4
VMSA-2025-0004: #VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) (infosec.exchange)
 

VMSA-2025-0004: #VMware ESXi, Workstation, and Fusion updates address multiple vulnerabilities (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226)

VMCI heap-overflow vulnerability (CVE-2025-22224): A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

VMware ESXi arbitrary write vulnerability (CVE-2025-22225): A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.

HGFS information-disclosure vulnerability (CVE-2025-22226): A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390

#CVE_2025_22224 #CVE_2025_22225 #CVE_2025_22226 #infosec #cybersecurity

1
#curl predecessor httpget 0.2 from around 1996/1997 is 165 lines. Needless to say, it has multiple critical security vulnerabilities. How many can you spot? (infosec.exchange)
 

#curl predecessor httpget 0.2 from around 1996/1997 is 165 lines. Needless to say, it has multiple critical security vulnerabilities. How many can you spot?

If you build it on a modern system and want to try exploiting it in true 90s fashion, be sure to turn off address space layout randomisation (ASLR).

https://github.com/curl/httpget/blob/master/httpget-0.2.c

#infosec #cybersecurity

4
As expected #Apple has nuked Advanced Data Protection (ADP) for UK users. What does this mean in practice? UK govt will be able to decrypt all UK user's #iCloud data at will. (fedia.io)
 

As expected #Apple has nuked Advanced Data Protection (ADP) for UK users. What does this mean in practice? UK govt will be able to decrypt all UK user's #iCloud data at will.

Existing users' access will be disabled at a later date - this will likely mean that unless if you accept the new policy Apple will delete your existing iCloud data. Which I would recommend you do right now anyway - never trust someone else's computer with sensitive data.

https://www.bbc.com/news/articles/cgj54eq4vejo

#cybersecurity #privacy #enshittification

8
#OpenSSH client is vulnerable to MitM attacks if VerifyHostKeyDNS is enabled - https://www.openwall.com/lists/oss-security/2025/02/18/1 (infosec.exchange)
 

#OpenSSH client is vulnerable to MitM attacks if VerifyHostKeyDNS is enabled - https://www.openwall.com/lists/oss-security/2025/02/18/1

#CVE_2025_26465 #coordinateddisclosure #infosec #cybersecurity

4
#Nordnet - nordic digital platform for savings and investments - had an issue where people could see each others information. The website has been taken down for now. (fedia.io)
 

#Nordnet - nordic digital platform for savings and investments - had an issue where people could see each others information. The website has been taken down for now.

https://www.nordnet.fi/

#infosec #infosecurity #cybersecurity #privacy

14
#cURL doesn't validate SSH host identity if known_hosts file is missing. I think this is a #vulnerability, but the project disagrees. Advisory is here: (infosec.exchange)
 

#cURL doesn't validate SSH host identity if known_hosts file is missing. I think this is a #vulnerability, but the project disagrees. Advisory is here: https://sintonen.fi/advisories/curl-ssh-insufficient-host-identity-verification.txt

#infosec #cybersecurity #nocve

44
Warning: Do not trust *.g.co urls! #GoogleWorkspace domain verification seems to be quite lax and allow arbitrary .g.co to be created. This allows for extremely convincing #phishing to be performed (infosec.exchange)
 

Warning: Do not trust *.g.co urls! #GoogleWorkspace domain verification seems to be quite lax and allow arbitrary .g.co to be created. This allows for extremely convincing #phishing to be performed where all communication appears to be coming from "google".

ref. https://gist.github.com/zachlatta/f86317493654b550c689dc6509973aa4

#infosec #cybersecurity

Apparently there's a major #vulnerability in #AMD CPUs: "AMD Microcode Signature Verification Vulnerability." in c/cybersecurity@fedia.io
[–] harrysintonen@infosec.exchange 3 points 7 months ago

So what could you do if the microcode signature verification can be bypassed? While not directly applicable, this #defcon presentation "DEF CON 31 - Backdoor in the Core - Altering Intel x86 Instruction Set at Runtime - Krog, Skovsende" gives some ideas: https://www.youtube.com/watch?v=Zda7yMbbW7s

Apparently there's a major #vulnerability in #AMD CPUs: "AMD Microcode Signature Verification Vulnerability." in c/cybersecurity@fedia.io
[–] harrysintonen@infosec.exchange 2 points 7 months ago* (last edited 7 months ago)

@gabrielesvelto Yeah, information for that vulnerability is non-existent as well. In all the vulnerability management doesn't seem to be going great here.

Update: The "PeCoffLoader memory overflow issue for security" likely is CVE-2024-38796: https://nvd.nist.gov/vuln/detail/cve-2024-38796

23
Apparently there's a major #vulnerability in #AMD CPUs: "AMD Microcode Signature Verification Vulnerability." (fedia.io)
 

Apparently there's a major #vulnerability in #AMD CPUs: "AMD Microcode Signature Verification Vulnerability."

The vulnerability was leaked by #ASUS in their beta BIOS changelog:

https://web.archive.org/web/20250106151231/https://rog.asus.com/motherboards/rog-strix/rog-strix-x870-i-gaming-wifi/helpdesk_bios/

ASUS has since removed this entry from the changelog since it likely broke the embargo. Either way, this is not great as the new firmware is largely not yet available and likely won't be for a long while.

#infosec #cybersecurity

Apparently #macOS now considers #Docker malware. in c/cybersecurity@fedia.io
[–] harrysintonen@infosec.exchange 5 points 7 months ago

I had actually forgotten I still had Docker installed on this system. I've now fixed this issue by uninstalling the malicious app. I'm using #podman elsewhere already, just had this install lingering still. Apple: Thanks for the warning!

Apparently #macOS now considers #Docker malware. in c/cybersecurity@fedia.io
[–] harrysintonen@infosec.exchange 4 points 7 months ago (1 children)

@g@irrelephant.co Oof, that's not good at all.

35
Apparently #macOS now considers #Docker malware. (fedia.io)
 

Apparently #macOS now considers #Docker malware.

#infosec #cybersecurity

3
#curl 8.11.1 has been released. It includes a fix to #CVE_2024_11053 - a #vulnerability I discovered. (infosec.exchange)
 

#curl 8.11.1 has been released. It includes a fix to #CVE_2024_11053 - a #vulnerability I discovered.

It is a logic flaw in the way curl parses .netrc file. In certain situations, the configured password can be sent to a incorrect host. Luckily the affected configurations should be quite rare and thus the situation is unlikely to occur often.

The issue has existed in the curl source code for almost twenty-five years.

https://curl.se/docs/CVE-2024-11053.html
https://hackerone.com/reports/2829063

No AI tools were used in discovering or reporting the vulnerability.

#noai #handcrafted #infosec #cybersecurity

7
Heads up: If you've used the https://github.com/puckiestyle/CVE-2024-23113 for testing Fortinet systems vulnerable to #CVE_2024_23113: The code is broken and does not reliably check for the (infosec.exchange)
 

Heads up: If you've used the https://github.com/puckiestyle/CVE-2024-23113 for testing Fortinet systems vulnerable to #CVE_2024_23113: The code is broken and does not reliably check for the #vulnerability. #infosec #cybersecurity

In January 2022 I discovered that #Microsoft #Office365 Message #Encryption (OME) utilized Electronic Codebook (ECB) mode of operation. I reported this, got paid a $5000 bounty and then things fell in c/cybersecurity@fedia.io
[–] harrysintonen@infosec.exchange 1 points 9 months ago

@screaminggoat@infosec.exchange Yep, that's the one.

19
In January 2022 I discovered that #Microsoft #Office365 Message #Encryption (OME) utilized Electronic Codebook (ECB) mode of operation. I reported this, got paid a $5000 bounty and then things fell (fedia.io)
 

In January 2022 I discovered that #Microsoft #Office365 Message #Encryption (OME) utilized Electronic Codebook (ECB) mode of operation. I reported this, got paid a $5000 bounty and then things fell dead silent. By autumn I tried to follow up on this, and after numerous attempts to inquire about the schedule for a fix I was told that no fix was planned.

Luckily, Microsoft seems to have changed their mind about this, and the fix was applied in late 2023, after all:

https://learn.microsoft.com/en-us/purview/technical-reference-details-about-encryption#aes256-cbc-support-for-microsoft-365

#vulnerability #infosec #cybersecurity

A company appears to be abusing #BugCrowd’s #bugbounty program to hide essential details of a critical vulnerability. The company itself has rated the vulnerability as low severity. This has led many in c/cybersecurity@fedia.io
[–] harrysintonen@infosec.exchange 1 points 1 year ago (1 children)

@EndlessMason@hachyderm.io No struggle really, just figuring out the details.

As to bounty: I think they're just using the BugCrowd platform to manage their vulnerability program. At no point did they promise any rewards, nor did I expect any.

A company appears to be abusing #BugCrowd’s #bugbounty program to hide essential details of a critical vulnerability. The company itself has rated the vulnerability as low severity. This has led many in c/cybersecurity@fedia.io
[–] harrysintonen@infosec.exchange 1 points 1 year ago (3 children)

@EndlessMason@hachyderm.io I presume they will kick me out of the BugCrowd platform. I have no problem with that really. I've already considered the platform and this bug bounty in particular a lost cause.

view more: ‹ prev next ›