A PoC for the Ivanti (MobileIron) RCE (CVE-2023-35078) has been uploaded on GitHub: https://github.com/vchan-in/CVE-2023-35078-Exploit-POC
Can anyone confirm this is legit?
Nice introduction article on TETRA CVEs affecting all the encrypted security radio communications.
A clear violation of the Kerckhoff's principle:
https://mastodon.uno/@ildisinformatico/110790524693536276
The Midnight Blue team published a preliminary report on
https://tetraburst.com/
Important reminder ⚠️
If you have used our platform in the past, please ensure that you add at at least one additional authentication provider NOW ☝️👀
Go to https://auth.abuse.ch, log in with your Twitter account and connect at least one addition authentication provider 🔐
Twitter integration on our platform is DEPRECATED and will be removed soon 👇👇👇
Since it seems #Google has decided to uni-laterally force through their new anti-#adblock #DRM euphemistically named "Web environment integrity", I decided to add a little bit of code to my website that blanks out the page and displays a protest message with a link to the firefox download page when you visit it from a browser with this DRM feature. Here's the source inside one toot, feel free to copy and put it at the end of your website's <body> before the closing tag:
A probably #ifsb campaign today:
pdf -> zip -> js
https://app.any.run/tasks/d745ae57-9145-4db5-99a5-fb9c3b109353/
secondary link:
https:// dybseta .com/MySelective
Some big malvertising-to-Cobalt-to-ransomware campaign has been spotted
Sophos: https://news.sophos.com/en-us/2023/07/26/into-the-tank-with-nitrogen/
Bitdefender: https://www.bitdefender.com/blog/labs/abusing-the-ad-network-threat-actors-now-hacking-into-companies-via-search/
Trend Micro: https://www.trendmicro.com/en_us/research/23/f/malvertising-used-as-entry-vector-for-blackcat-actors-also-lever.html
eSentire: https://www.esentire.com/blog/persistent-connection-established-nitrogen-campaign-leverages-dll-side-loading-technique-for-c2-communication
Security Update Required for Multiple Ubuntu Versions and Derivatives Due to Open VM Tools Vulnerability
Summary
A security vulnerability, identified as CVE-2023-20867, impacts multiple versions of Ubuntu and its derivatives. This issue specifically affects the open-vm-tools software used for virtual machines hosted on VMware. The following Ubuntu versions are affected:
Ubuntu 23.04
Ubuntu 22.04 LTS
Ubuntu 20.04 LTS
Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Details
The vulnerability is due to the incorrect handling of certain authentication requests by Open VM Tools. A fully compromised ESXi host could exploit this flaw to bypass host-to-guest authentication, compromising the confidentiality and integrity of the guest virtual machine.
Mitigation
To resolve this issue, users need to update their systems to the following package versions of open-vm-tools:
Ubuntu 23.04: open-vm-tools 2:12.1.5-3ubuntu0.23.04.1
Ubuntu 22.04 LTS: open-vm-tools 2:12.1.5-3~ubuntu0.22.04.2
Ubuntu 20.04 LTS: open-vm-tools 2:11.3.0-2ubuntu0~ubuntu20.04.5
Ubuntu 18.04 LTS (Available with Ubuntu Pro): open-vm-tools 2:11.0.5-4ubuntu0.18.04.3+esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro): open-vm-tools 2:10.2.0-3~ubuntu0.16.04.1+esm2
In general, a standard system update should implement all the necessary changes.
For more details on the vulnerability and updates, visit the Ubuntu security notice.
In case you haven’t seen it, this spreadsheet of infosec Mastodon addresses is pretty great. Not sure how up to date it is, but it’s definitely adding to my follow list. https://docs.google.com/spreadsheets/d/1t13k5_cNhP9_TgoUmqDZk2ROkWkF6Bg3O5269vKIqWw/edit
USB pendrives of DOOM.
Inserting them may hack your systems, leading to data theft. NEVER connect untrusted USB devices. Meaning, any devices you are not sure of. https://www.mandiant.com/resources/blog/infected-usb-steal-secrets
L'Illegal Migration Bill e la guerra della Gran Bretagna alle persone migranti https://www.ondarossa.info/redazionali/2023/07/lillegal-migration-bill-e-guerra-della
Due to popular demand, here is a list of the fedi-services that are part of the infosec.* family:
1 - https://infosec.exchange - Glitch-soc fork of Mastodon (the mothership)
2 - https://relay.infosec.exchange - Activitypub relay
3 - https://video.infosec.exchange - Peertube instance (like youtube)
4 - https://infosec.press - WriteFreely blog
5 - https://pixel.infosec.exchange - Pixelfed instance (like instagram)
6 - https://matrix.infosec.exchange - Synapse (with sliding sync) homeserver
7 - https://infosec.place - Akkoma instance (like mastodon)
8 - https://infosec.town - Firefish instance (like mastodon)
9 - https://infosec.pub - Lemmy instance (like reddit)
10 - https://fedia.io - General interest Kbin instance (also like reddit)
11 - https://fedia.social - General interst Firefish instance
12 - https://elk.infosec.exchange - Elk web interface for Mastodon
13 - https://books.infosec.exchange - Bookworym instance (like goodreads)
Risky.af is/was another mastodon instance that is being sunset due to a number of factors (lack of interest and may be losing the domain name)
Very sad RIP for a great one.
https://www.youtube.com/watch?v=NAOKzvL8dgk&ab_channel=SineadOConnorVEVO
Global hate against LGBTQI+ people continues and this time it is more discrimination in Italy : Italy starts removing lesbian mothers’ names from children’s birth certificates
https://edition.cnn.com/2023/07/21/europe/italy-lesbian-couples-birth-certificates-scli-intl/index.html
DISORDER 24/07/23 (Gothic,Electronics) https://www.ondarossa.info/newstrasmissioni/disorder/2023/07/disorder-240723-gothicelectronics
Step 1: Trip to IKEA
Step 2: Unpack air quality sensor and bag of 1000 tealights
Step 3: Hack air quality sensor with #RaspberryPi so you can play with it on the internet
Violenta grandinata ieri notte nel basso Lago di Garda. Raccolto semidistrutto. Un anno di lavoro perso in pochi minuti. Oggi non vedrete contadini che piangono, n'è cittadini preoccupati per tutto il cibo distrutto nelle campagne. Senza azioni concrete questi fenomeni climatici estremi saranno sempre più frequenti. E ai Neg'azionisti di #Coldiretti che gioivano solo pochi giorni fa per la bocciatura della UE al "ripristino della natura" dico loro che non sanno quello che fanno i loro dirigenti
Google has apologized for the recent customer data leak.
It blamed the incident on an employee accidentally uploading a CSV file with the account details of 5,600 of its customers on the VirusTotal platform, exposing their information to anyone with a VT account.
https://blog.virustotal.com/2023/07/apology-and-update-on-recent-accidental.html
Security researcher Bryan Smith has released a tool named CVE-2023-3519 Inspector that can scan and detect Citrix ADC and NetScaler devices that are vulnerable to the recent CVE-2023-3519 Citrix zero-day.