Cybersecurity Flow

Article Link: Wicked Good Development Episode 26: Tom Cools
1 post - 1 participant
Read full topic

Some functions in programs do not return to caller: well-known examples include C runtime functions like exit(), abort(), assert() but also many others. Modern compilers can exploit this knowledge to optimize the code better: for example, the code which would normally follow such a function call does not need to be generated which decreases the program size. Other functions, which call non-returning functions unconditionally also become non-returning, which can lead to further optimizations.
Well-known functions
IDA uses function names to mark well-known non-returning functions. The list of such names is stored in the file cfg/noret.cfg, which can be edited to add more names if necessary:
Marking non-returning functions manually
Instead of editing noret.cfg, you can also mark a function as non-returning manually on a case-by-case basis. This can be done by editing function properties: Edit > Functions > Edit Function… in the main menu, Edit Function… in the context menu or the Alt–P shortcut.
Another option i

Article Link: [Control systems] Mitsubishi security advisory (AV23-064) - Canadian Centre for Cyber Security
1 post - 1 participant
Read full topic

Microsoft’s Digital Threat Analysis Center says a hacking group within the Iranian government is behind a cyber operation that targeted French satirical magazine Charlie Hebdo.
The group — which Microsoft calls Neptunium and the U.S. Justice Department calls Emennet Pasargad — claimed in January it had stolen the personal information of 200,000 Charlie Hebdo customers after hacking into one of the magazine’s databases.
In several social media posts under the name Holy Souls, the group marketed samples of the stolen data that included names, phone numbers, addresses, emails and more from subscribers to the magazine. Holy Souls published the stolen data on YouTube and on several hacker forums, amplifying the posts across several social media platforms.
According to Microsoft, the attack was orchestrated in response to the magazine’s decision to hold a cartoon contest asking readers to submit drawings ridiculing Iranian Supreme Leader Ali Khamenei.
“The issue featuring the winning cartoons was to be published in

Article Link: [Control systems] Baicells security advisory (AV23-065) - Canadian Centre for Cyber Security
1 post - 1 participant
Read full topic

Article Link: https://isc.sans.edu/diary/rss/29508
1 post - 1 participant
Read full topic

Article Link: VMware security advisory (AV23-066) - Canadian Centre for Cyber Security
1 post - 1 participant
Read full topic

A Tallahassee hospital has been forced to divert patients to other facilities and cancel all non-emergency surgical procedures after being hit by a cyberattack that began on Thursday night.
Tallahassee Memorial HealthCare – one of the biggest hospitals serving a 21-county region in north Florida and south Georgia – said they have had to take their IT systems offline due to the security issue.
“We are also diverting EMS patients and will only be accepting Level 1 traumas from our immediate service area. All non-emergency surgical and outpatient procedures have been canceled and rescheduled,” the hospital said in a statement on Friday.
“As a result of this issue, we have rescheduled non-emergency patient appointments. Patients will be contacted directly by their provider and/or care facility if their appointment is affected.”
Hospital officials said it has created protocols to deal with system downtime designed to minimize disruption and noted that its IT department discovered the attack quickly before working 

The Defense Department’s Office of Inspector General points out longstanding unmet requests in a report rounding up recent cybersecurity oversight.
Article Link: DOD's Open Cyber Recommendations Date Back to 2012 - Nextgov
1 post - 1 participant
Read full topic

Article Link: Unpacking NullMixer - Identifying and Unraveling ASPack (Part 2) - YouTube
1 post - 1 participant
Read full topic

[GitHub]The vulnerable recurrence docker environment for CVE-2022-44268

Redis is an in-memory database that persists on disk. A specially crafted `XAUTOCLAIM` command on a stream key in a specific state may result with heap overflow, and potentially remote code execution. This problem affects versions on the 7.x branch prior to 7.0.4. The patch is released in version 7.0.4.
[GitHub]CVE-2022-31144 dos pt redis, not finished yet or too soon, this can be turned into rce but oh well if you smart enough

[GitHub]Responsive FileManager v.9.9.5 vulnerable to CVE-2022–46604.

[GitHub]An information disclosure vulnerability that could be exploited to read arbitrary files from a server when parsing an image in Image Magic.

Bypass Userland EDR hooks by Loading Reflective Ntdll in memory from a remote server based on Windows ReleaseID to avoid opening a handle to ntdll …

前言

Some functions in programs do not return to caller: well-known examples include C runtime functions like exit(), abort(), assert() but also many others. Modern compilers can exploit this knowledge to optimize the code better: for example, the code which would normally follow such a function call does not need to be generated which decreases the [...]

有新的漏洞组件被发现啦,组件ID:vBulletin
vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors. The fixed versions are 5.6.7 PL1, 5.6.8 PL1, and 5.6.9 PL1.

有新的漏洞组件被发现啦,组件ID:DedeCMS
DedeCMS v5.7.97 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /file_manage_view.php?fmdo=edit&filename.

Path traversals could ‘void reverse engineering efforts and tamper with evidence collected’

2023年02月03日，360CERT监测发现Adobe Acrobat Reader任意代码执行漏洞的漏洞细节在互联网公开，漏洞编号为 `CVE-2023-21608` ，漏洞等级： `高危` ，漏洞评分： `7.8` 。该漏洞 `POC` 和 `EXP` 已公开。

测试当前网络的 NAT 类型（STUN）

Turn any program that uses STDIN/STDOUT into a WebSocket server. Like inetd, but for WebSockets.

据多家媒体消息，阿里云盘在2月3日22点30分左右出现故障无法访问。

影响厂商:Sorare 奖励:300.0USD 危险等级:low