July 3, 2024

ryanruby

                            July 3, 2024

                July 3, 2024

                        July 3, 2024
We’re honoured to welcome the new team to the Gecko family 🦎 https://t.co/VJPAyEhQVD
— Binary Gecko (@Binary_Gecko) July 2, 2024

Today @RecordedFuture released a research paper on using malware infostealer logs to identify CSAM consumers.

RecordedFuture identified over 3,000 individuals purchasing CSAM. All users were reported to their respective law enforcement agency.https://t.co/0uz5jPAJfS
— vx-underground (@vxunderground) July 2, 2024

Regarding the SSH bug  1) First OpenSSH vuln discovered in almost 20 years - wow 2) Bug was (re)introduced almost 4 years ago.  So remote root in OpenSSH for 4 years and nobody found it?  3) Exploit takes hours/days to run.  Watch your logs!
— Charlie Miller (@0xcharlie) July 1, 2024

Whilst I have your attention: we got Mark Dowd on SCW about exploit markets(!). I had a whole list of HN grudges to settle teed up, but was 7 minutes late to the recording trying to level up an ER character for the DLC and was too flustered to pull it off. https://t.co/xMItU4V3X9
— Thomas H. Ptacek (@tqbf) June 27, 2024

Security researcher @raghav127001 believes he may have identified a host actively exploiting CVE-2024-6387. However, they're not sure (and neither are we).

We've archived the binaries before the identified host nukes them.

Possible CVE-2024-6387: https://t.co/jBGYCACUr8
— vx-underground (@vxunderground) July 3, 2024

This is just so fascinating.

cc: @thegrugq https://t.co/rD8x9j4vg2
— Ravi Nayyar (@ravirockks) July 3, 2024

https://x.com/ryanruby/status/1808235119427440902

use-after-free vulnerability due to the interaction between Unix garbage collection (GC) and the io_uring Linux kernel componenthttps://t.co/HZ9FQrpitt

Credits Shoily Rahman (@Oracle)#Linux #cybsersecurity pic.twitter.com/hzqj9deEwa
— 0xor0ne (@0xor0ne) July 3, 2024

I guess some of those vulnerabilities were probably fixed in the Samsung July update.

Out of bound write in the heap in 2G (no auth)https://t.co/289D398jRg

Out of bound of a heap buffer in SIM Proactive Commandhttps://t.co/gm81IpT2yz

Out of bound write in the heap in 2G (no… https://t.co/3FBkH5Bttj
— Anderson Nascimento (@andersonc0d3) July 3, 2024

I'm very excited to finally share the first part of the research I did into Ghostscript. This post details the exploitation of CVE-2024-29510, a classic format string bug, which we abuse to bypass the SAFER sandbox and gain RCE.https://t.co/gym3XltBpe
— Thomas Rinsma (@thomasrinsma) July 2, 2024

Just released the write-up for CVE-2024-4367, a bug I found recently in PDF.js (and hence in Firefox), resulting in arbitrary JavaScript execution when opening a malicious PDF.https://t.co/sex6fR0xHS
— Thomas Rinsma (@thomasrinsma) May 20, 2024

#GitHub actions #exploitation series by @Synacktiv https://t.co/SO5Os4sGCP https://t.co/vvvjTzJ62r
— raptor@infosec.exchange (@0xdea) July 3, 2024

Virtual Escape; Real Reward: Introducing Google’s kvmCTF https://t.co/2ERM5V3AKV
— Anderson Nascimento (@andersonc0d3) July 2, 2024

                            Don't miss what's next. Subscribe to the grugq's newsletter: