@wdormann Will Dormann is on Mastodon

Will Dormann is on Mastodon posts on X about microsoft, vmware, twitter, $googl the most. They currently have [---------] followers and [---] posts still getting attention that total [-----] engagements in the last [--] hours.

Engagements: [-----] #

• [--] Week [-----] -17%
• [--] Month [------] -77%
• [--] Months [-------] -29%
• [--] Year [-------] -40%

Mentions: [--] #

• [--] Months [--] -57%
• [--] Year [--] -28%

Followers: [---------] #

• [--] Week [------] +0.06%
• [--] Month [------] +0.19%
• [--] Months [------] +1.10%
• [--] Year [------] +1.70%

CreatorRank: [-------] #

Social Influence

Social category influence social networks technology brands stocks currencies celebrities fashion brands finance travel destinations

Social topic influence microsoft, vmware, twitter, $googl, bots, elon musk, $4704t, if you, back to, mentions

Top accounts mentioned or mentioned by @mkolsek @haifeili @vxunderground @ronnytnl @malwarejake @cyb3rops @malwrhunterteam @0patch @arekfurt @attritionorg @awakecoding @simokohonen @sixtyvividtails @richinseattle @jamiesixworks @dwizzzlemsft @cpresearch @nathanmcnulty @iancoldwater @akamairesearch

Top assets mentioned Microsoft Corp. (MSFT) Alphabet Inc Class A (GOOGL) Uber Technologies, Inc. (UBER) Accenture (ACN) pizzacoin (PIZZACOIN) Peanut (NUX) TROLL (TROLL) Crowdstrike Holdings Inc (CRWD)

Top Social Posts

Top posts by engagements in the last [--] hours

"Props to the Fortinet team for figuring out a way to give an attackers an advantage here Why should anyone be bothered to prioritize installing an update that doesn't mention fixing any security issues 🤔 Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices patch now - @LawrenceAbrams https://t.co/3avSYs7hmD Fortinet fixes critical RCE flaw in Fortigate SSL-VPN devices patch now - @LawrenceAbrams https://t.co/3avSYs7hmD"
X Link 2023-06-11T17:02Z 26.5K followers, 21.1K engagements

"@matthew_d_green Try visiting twitter not logged in. These are the TOP TWO tweets that their stock algorithm gives you. One from Elmo from [--] hours ago and one from Elmo from [--] hours ago. The 3rd one is yet another from him from [--] hours ago. Nothing else in the world is noteworthy apparently"
X Link 2023-06-24T18:23Z 24.8K followers, [---] engagements

"Can you protect against the WindowsD termdd.sys driver exploit If you try the same exploit on an HVCI-enabled system it'll crash Windows. While not ideal perhaps this is better than allowing your system to be compromised at the kernel level"
X Link 2023-07-10T18:32Z 24.8K followers, [---] engagements

"@techspence @divinetechygirl A TXT file inside of an Android APK published to the Play store. (Plenty of times)"
X Link 2023-07-11T01:26Z 24.3K followers, [---] engagements

"TIL that a device's IPS rating is for non-moving non-chlorinated (don't even think about the ocean) water. No nothing happened to my phone. But a friend of mine is likely about to enter a world of hurt in reconstructing their digital life with respect to MFA codes. 😬"
X Link 2023-07-11T14:24Z 24.8K followers, [----] engagements

"Apparently these updates have been pulled due to terrible websites doing terrible version checking of the browser viewing it. I guess the ability to use terrible websites is more important than protection against an ITW-exploited vulnerability. 🤔"
X Link 2023-07-11T14:53Z 24.8K followers, [----] engagements

"@IanColdwater Can confirm. I've done this in the past and while there are some pretty decent discounts they're usually against inflated-for-the-occasion prices. It's a great trick against the human brain. We love sales to the point that the embracing of the sale overrides the actual cost"
X Link 2023-07-11T16:48Z 24.8K followers, [---] engagements

"Still think that BYOVD blocking is going to save you Get real. Apparently threat actors have been signing their own drivers using a Windows policy loophole that allows the drivers to be loaded without having gone through Microsoft validation. Where is your HVCI now"
X Link 2023-07-11T22:07Z 24.8K followers, 21.4K engagements

"@r00tbsd @tlansec @zcracga Is this indeed the document that triggers CVE-2023-36884 though The start.xml (and subsequently RFile.asp and following steps) don't even come into play on a system with the April [----] updates installed in my testing. MS Fixed several Office vulnerabilities in April"
X Link 2023-07-13T00:36Z 24.8K followers, [----] engagements

"@Harvesterify @GabrielLandau @arekfurt My single data point of a Windows [--] VM shows that if it's there before July's updates it's there after"
X Link 2023-07-12T20:40Z 24.8K followers, [---] engagements

"@mkolsek @StopMalvertisin @j00sean I plan to look further into what exactly is going on with CVE-2023-36884 when I have some time with a computer. But the exploit I've seen does a lot. And I can't tell why it's as complicated as it is. e.g. this part is [--] years old"
X Link 2023-07-17T17:16Z 24.8K followers, [---] engagements

"I recall seeing this behavior when I was looking at Android apps years ago. An app in the Google Play store could just download and run code from wherever after it's installed. Thus bypassing any malware scans involved in the Play store. Apparently nothing has changed since then"
X Link 2023-08-04T11:59Z 24.8K followers, [----] engagements

"For part 1) (no anon SMB) perhaps we have a custom SMB server that will happily accept whatever password hash a client provides For part 2) I can't reproduce a client requesting a MotW ADS from a remote server. Perhaps this too requires custom SMB server shenanigans"
X Link 2023-08-11T17:32Z 24.8K followers, [----] engagements

"Wow. This is no joke. In order to punish sites that Elmo is mad at they're making the sites appear slower by artificially adding a delay. Because this solves problems. Just normal business acumen from an intelligent person"
X Link 2023-08-15T18:22Z 24.8K followers, 100.5K engagements

"@KodyKinzie I only briefly glanced today but is there a free IFTTT way to post to both Most seemed for-pay"
X Link 2023-08-20T03:59Z 24.9K followers, [---] engagements

"CVE-2023-36884 is rightfully in the KEV. A vulnerable system having opened the exploit DOCX will have had a MotW-free file in %temp% briefly. Does the exploit CHAIN formerly known as CVE-2023-36884 deserve to be there Does "Exploitation detected" imply "Successful" Require 🤔"
X Link 2023-08-25T13:14Z 24.8K followers, [----] engagements

"I really hate this "Got it" form of @darkpatterns for deciding what users want. "Enhanced ad privacy in Chrome" is a new feature Got it That's exactly what I want. Oh. "Got it" means do the exact opposite of what the title text describes Now I've. got it"
X Link 2023-08-27T16:58Z 24.8K followers, 51.9K engagements

"@k0ck4 @assume_breach Patching g_CiEnabled / g_CiOptions is a touch trickier (but still possible) on a modern Windows system with HVCI enabled. ZWTerminateProcess() is the path of least resistance and HVCI won't care. 😀"
X Link 2023-08-28T13:12Z 24.8K followers, [--] engagements

"The fact that you can create subdirectories off of the system root as a non-admin user on a Windows system is the gift that keeps on giving. CVE-2023-40596 https://advisory.splunk.com/advisories/SVD-2023-0805 https://advisory.splunk.com/advisories/SVD-2023-0805"
X Link 2023-08-31T00:42Z 26.5K followers, 15K engagements

"I mean remember when Windows XP came with WAV files made by a Deepz0ne-cracked version of Sound Forge Software ain't cheap you know"
X Link 2023-09-07T14:34Z 24.8K followers, 102.3K engagements

"Looks like Microsoft added a couple of YOLO drivers to their blocklist recently. EchoDriver (non-admin can kill process): msr.sys (non-admin can write MSR): https://www.virustotal.com/gui/file/ea3c5569405ed02ec24298534a983bcb5de113c18bc3fd01a4dd0b5839cd17b9 https://www.virustotal.com/gui/file/ada2b855757c9062231f5ed4e80365b8d8094e9adbce8f26d1ff5ea0b7a70c77 https://www.virustotal.com/gui/file/6c6a4d07e95ab4212c2afefcb0ce37dc485fa56120b0419b636bd8bd326038c1 https://www.virustotal.com/gui/file/a41e9bb037cf1dc2237659b1158f0ed4e49b752b2f9dae4cc310933a9d1f1e47"
X Link 2023-09-07T20:12Z 26.4K followers, [----] engagements

"@0xm1rch As with most useful tools it scratched an itch that I had. And big props to @Accenture for the reminder that it was a thing that I wanted by way of their Spartacus tool that had most of the code to get me there 😀"
X Link 2023-09-10T17:08Z 24.8K followers, [--] engagements

"Well this is an interesting "MotW bypass" It sounds like CVE-2023-33150 but in my testing was fixed in June not July. 🤷♂ If a filename ends in Extended ASCII [---] (NBSP) the MotW is written and Office reads it. It just doesn't do anything with it. 🤔"
X Link 2023-09-11T14:49Z 24.8K followers, 41.9K engagements

"UGH I guess this isn't CVE-2023-33150 as a Semi-Annual Channel (AKA "I like to be exploited" channel) Office with August [----] updates is still vulnerable to this. I've heard some theories as to why some orgs run Semi-Annual but as somebody who works in security well DON'T"
X Link 2023-09-11T15:24Z 24.3K followers, 11.2K engagements

"If you're one of those people who managed to not have to disable SAC (congrats) the behavior is less consistent than SmartScreen. Not just wrt which files are deemed unsafe but also with the same file Here the BAT is allowed the 1st time but not 2nd CPL is always allowed"
X Link 2023-09-11T18:56Z 24.8K followers, [----] engagements

"Yeah so this works just splendidly. The BackBlaze vulnerability that this demo exploit leverages is reportedly a "know issues (sic)". CVE or other reference please 😀"
X Link 2023-09-11T20:30Z 24.8K followers, 33.4K engagements

"But back to the to-be-CVE'd vulnerability. Yes at some point winword.exe checks for the MotW. However presumably the part that determines whether or not Protected View is to be used is checking after path normalization which removes the NBSP char. No file == no MotW. 😕"
X Link 2023-09-11T22:16Z 24.8K followers, [----] engagements

"Good to see that Microsoft still doesn't get what a CVE means. The fact that Microsoft uses a CVE ID to represent a Microsoft update as opposed to a vulnerability doesn't mean that you need to clarify "non-Microsoft CVE" You make a product affected by a CVE. End. Of. Story"
X Link 2023-09-13T02:29Z 24.8K followers, [----] engagements

"@cyb3rops Remember whe Microsoft shared a screenshot of the CVE-2023-36884 exploit chain document as an IOC Which led to at least one copycat exploit. I don't get the impression that they're interested in helping"
X Link 2023-09-13T02:34Z 24.8K followers, [--] engagements

"The write up for CVE-2023-36761 which is being exploited in the wild mentions: "Yes the Preview Pane is an attack vector." without mentioning the Preview Pane for what. Outlook Explorer Both We shouldn't have to guess about these things"
X Link 2023-09-13T11:32Z 24.8K followers, 16.5K engagements

"Out-loud wonders: Citizen Lab reported an ITW 0day to Apple who assigned CVE-2023-41064 to ImageIo. Apple and Citizen Lab reported a libwebp issue to Google who filed CVE-2023-4863 to describe it saying it's for "Chrome" only. Are these both the same vulnerability 🤔"
X Link 2023-09-20T19:35Z 24.8K followers, [--] engagements

"If they are then: Apple got a libwebp vulnerability and decided to assign a CVE to their product rather than libwebp. Google got a libwebp vulnerability and also decided to assign a different CVE to their product rather than libwebp. Surely this isn't how CVE is to be used"
X Link 2023-09-20T19:40Z 24.3K followers, [----] engagements

"iOS 17.0.1 and Safari 16.6.1 have been released addressing CVE-2023-41991 CVE-2023-41992 CVE-2023-41993 all of which have been exploited in the wild. You know the drill"
X Link 2023-09-21T18:46Z 24.8K followers, 12.8K engagements

"@IanColdwater The no-aaaa option was only introduced in glibc [----] from [--] year ago. Ubuntu [-----] has [----] RHEL [---] has [----] But for some reason Red Hat backported the CVE-2023-4527 vulnerable feature to RHEL [---] and [---] I guess you gotta add value somehow"
X Link 2023-09-22T12:58Z 24.8K followers, [----] engagements

"We're fast approaching the point where the majority of content on the internet will have been written by ChatGPT. At which point ChatGPT will be trained on. ChatGPT-generated content 😬"
X Link 2023-09-26T12:02Z 24.8K followers, [--] engagements

"Google has taken the fix that they've assigned CVE-2023-4863 to and also assigned CVE-2023-5129 to the library that the vul is actually in: libwebp. I'm no CVE expert but it seems like assigning a different CVE to a product that uses a lib vs. the library itself seems. wrong"
X Link 2023-09-26T16:03Z 24.8K followers, 14.1K engagements

"When Google published CVE-2023-4863 for "Chrome" Mozilla Microsoft Signal Slack Brave Tor Opera Vivaldi Debian Ubuntu Gentoo Redhat SUSE Oracle etc. all recognized that this wasn't a "Chrome" issue and published updates. Now that CVE-2023-5129 has been released"
X Link 2023-09-27T14:10Z 24.8K followers, [----] engagements

"Ah it looks like CVE-2023-5129 was just rejected. Somebody at Mitre must've been paying attention to all of the yelling"
X Link 2023-09-27T21:35Z 24.8K followers, [----] engagements

"@AmitaiCo I've found that CVEs in general seem to get the minimum viable effort. Aside from adding reference links they don't really change much once they're public. How many CVEs out there are DISPUTED because they were completely invalid as opposed to disavowed by the vendor"
X Link 2023-09-28T13:29Z 24.8K followers, [--] engagements

"@AmitaiCo Related: How does one tell the difference between a DISPUTED CVE because it was simply invalid (e.g. it was made up by some fool wanting a CVE under their belt) vs. one that is DISPUTED because the vendor didn't want to admit that they were indeed vulnerable 🤔"
X Link 2023-09-28T13:32Z 24.8K followers, [--] engagements

"The entry for CVE-2023-4863 has finally been corrected to indicate that it's in libwebp and not just "Google Chrome" albeit [--] weeks late. This is part of a "-Synchronized-Data." git commit so the fix happened directly in the internal MITRE database"
X Link 2023-09-29T14:10Z 24.8K followers, [----] engagements

"@damiel_gc A simple grep shows only the OneDrive installer referencing qwebp so it could be a simple case of a file being present with no way for code to actually execute it. I'm reminded of the difficulty in determining if an app is actually vulnerable to a CVE or not"
X Link 2023-09-29T15:35Z 24.8K followers, [--] engagements

"New iOS 17.0.3 has been released fixing CVE-2023-42824 which is being exploited in the wild as well as CVE-2023-5217 for libvpx. This is becoming tiring. 😕 https://support.apple.com/en-us/HT213961 https://support.apple.com/en-us/HT213961"
X Link 2023-10-04T18:40Z 26.4K followers, 39.7K engagements

"I hate how cloud-hosted instances of software are made to imply that they don't have vulnerabilities. Case in point: Confluence CVE-2023-22515. "are not affected by this vulnerability" . But were they And if so do we need to invent language to clarify this distinction 🤔"
X Link 2023-10-04T21:18Z 24.4K followers, 44.4K engagements

"@SecurityAura This is one of the mitigations for the bizarre CVE-2023-36884 exploit chain. The behavior was changed in August"
X Link 2023-10-05T22:36Z 24.8K followers, [----] engagements

"@RCS I'm sort of counting how many straws it'll take to break a back but if it does get rolled out that's when I leave for sure. I've heard rumors that removal of the blocking feature is against both Apple's and Google's TOS so despite his desire to do it it may not be possible"
X Link 2023-10-06T13:29Z 24.8K followers, [--] engagements

"@MalkavianBean @IanColdwater A world where Twitter users invent their own headlines for the articles that they link to is what Dear Leader wants. 🤷♂"
X Link 2023-10-07T17:27Z 24.8K followers, [--] engagements

"Better late than never I've written up the bizarre story of the convoluted CVE-2023-36884 attack chain in long form. Monster Twitter threads can only go so far"
X Link 2023-10-10T17:37Z 24.8K followers, [----] engagements

"And also Windows Server [----] proper. You better be paying the bucks for ESU if you're still using either of these platforms. Even then be sure to recognize that an old OS with backported CVE patches is still less secure than a modern OS"
X Link 2023-10-11T11:42Z 24.8K followers, [----] engagements

"Can we talk about advisory quality Microsoft The first proposed attack to disclose an NTLM hash is: First log on to the system 🙄 then run a crafted application 😳 which can take control of an affected system 😵💫 Are these things being written by ChatGPT https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36563 https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2023-36563"
X Link 2023-10-11T16:55Z 26.4K followers, [----] engagements

"The site that used to be Twitter is blocking the sharing of links to fortiguard.com because it's potentially harmful. Possibly because of an insufficient amount of misinformation being shared Keep up the good work folks. Really you're all doing a bang-up job around here"
X Link 2023-10-11T17:09Z 24.8K followers, [----] engagements

"So Microsoft Teams is now called Microsoft Teams classic And assuming they're playing the Coca Cola game it's the better of the two Teams"
X Link 2023-10-12T01:07Z 22.9K followers, [----] engagements

"@ericlaw @Google @YouTube @parkernate @apf So when they say the link is for that's not actually true"
X Link 2023-10-13T01:31Z 24.8K followers, 29.3K engagements

"@r3dbU7z No worries There's a clear lack of info about what CVE-2023-32046 actually is other than it's being exploited in the wild. I was sorta excited to see a sample But then noticed that it was nothing new or even patched. 😕"
X Link 2023-10-16T16:56Z 24.8K followers, [---] engagements

"A terrifying sequence of events: 1) Download a file which Chrome considers suspicious 2) Click "Download anyway" because I know what I'm doing 3) Witness Chrome attempt to OPEN the file I just downloaded because I clicked "Download anyway" 😬"
X Link 2023-10-17T17:53Z 24.4K followers, 40.9K engagements

"Looks like Microsoft posted a handful of new drivers to their recommended driver block rules blocklist. Some of which have YOLO ACLs. One of which (nvoclock.sys) isn't even signed. 🤔 I wonder what CVEs were assigned to each of the vulnerable drivers"
X Link 2023-10-17T18:35Z 24.8K followers, [----] engagements

"CVE-2023-45802 in Apache It's just a DoS but sure. I'll take it"
X Link 2023-10-19T14:00Z 24.4K followers, 12.2K engagements

"For anybody tracking the Cisco IOS XE fun the advisory that originally only mentioned CVE-2023-20198 now mentions CVE-2023-20273. No software updates for either are available yet. Maybe just maybe don't expose your management interfaces to the internet"
X Link 2023-10-20T17:31Z 22.9K followers, 21.9K engagements

""In general Okta recommends sanitizing all credentials and cookies/session tokens within a HAR file before sharing it." "In general" sounds like a thing that you just made up now. Where's the guidance that this should be done and how do customers do it https://sec.okta.com/harfiles https://sec.okta.com/harfiles"
X Link 2023-10-20T22:17Z 26.4K followers, 39.5K engagements

"This is fixed in main. If this doesn't get a CVE I'll be a touch disappointed. If a downloaded file is opened as the result of clicking "Download anyway" that sounds like a vulnerability no"
X Link 2023-10-21T21:11Z 24.4K followers, [----] engagements

"@ryanaraine Just to be clear the Talos blog post indicated that there were two vulnerabilities right from the start. It was known that they figured out the CVE-2023-20273 part [--] days ago"
X Link 2023-10-23T13:31Z 22.9K followers, [---] engagements

"@vxunderground @malwrhunterteam I sort of like that you're directed to this message by way of. an HTTPS connection to I guess it's an Akamai thing"
X Link 2023-10-25T20:26Z 24.3K followers, [----] engagements

"@enigma0x3 The ability for non-admin users to create directories off of the system root is the LPE gift that keeps on giving. One that Microsoft has no plans to address whatsoever"
X Link 2023-10-26T20:10Z 22.9K followers, [---] engagements

"@attritionorg @Microsoft It's PNG for me. Did I miss something"
X Link 2023-10-29T18:21Z 22.9K followers, [---] engagements

"@foxit Your checker seems to indicate that the check for a percent-encoded-percent is used merely to verify if the implant is present. But your readme and the above Tweet seem to indicate that the percent-encoded-percent is the CVE-2023-20198 vulnerability. Can you clarify It's both"
X Link 2023-10-30T17:38Z 24.8K followers, [----] engagements

"Remember kids It's simple: Just don't let attackers interact with your Exchange server. Also does ZDI not realize that CVEs are what people use to identify vulnerabilities It's not rocket science. 🤦♂"
X Link 2023-11-04T13:09Z 23K followers, 11.6K engagements

"The QNAP security update for CVE-2023-23368 was released about [---] months ago. Why is it only getting a CVE and attention now 🤔"
X Link 2023-11-06T14:33Z 24.3K followers, [----] engagements

"If you like weird CPU bugs check out Reptar CVE-2023-23583: Affected Intel CPUs include: Ice Lake Rocket Lake Tiger Lake Raptor Lake Alder Lake Sapphire Rapids Apply those firmware updates"
X Link 2023-11-14T18:08Z 24.3K followers, 13.7K engagements

"OK this is now fixed with CVE-2023-36025 With this update SmartScreen will engage if the remote (SMB/WebDav) target lives inside of a ZIP file. Prior to the update remote targets inside of a ZIP got no SmartScreen warning love. Publicly disclosed: No 🤷"
X Link 2023-11-16T13:46Z 24.4K followers, 61.3K engagements

"To those thinking of taking up VMware's offer of reencrypting your VMs think long and hard about the lineage of your snapshot tree and whether something unexpected might occur at any stage along the way. All snapshots broke after this. Yay for backups"
X Link 2023-11-17T16:21Z 24.2K followers, [----] engagements

"Note that there is no "Do not ask me again" checkbox on this dialog. I suppose I'm going to need to get used to clicking "Don't Upgrade" until the end of time"
X Link 2023-11-17T18:35Z 24.3K followers, [----] engagements

"@nas_bench They had a decent run. 😬"
X Link 2023-11-22T16:49Z 24.2K followers, [----] engagements

"Oh this was apparently fixed as CVE-2023-5857 I particularly enjoy the fact that they bothered to tell me that my case was considered for bounty but that I'm ineligible because I checks notes helped people not fall victim to the flaw by warning defenders. Lesson learned 🤷♂"
X Link 2023-11-23T23:04Z 24.3K followers, [----] engagements

"This OwnCloud CVE-2023-49103 vul. Yes the presence of an unauthenticated phpinfo() is a thing. Can we talk about how the docker image for it sets the admin user + cleartext pass via environment variables I don't know much Docker. Please tell me this isn't a common practice"
X Link 2023-11-28T21:12Z 24.4K followers, 52.4K engagements

"To be fair I've confirmed: 1) The presence of unauth phpinfo() in a stock non-container OwnCloud install. 2) Docker OwnCloud sends admin U/P in environment vars. But I've NOT seen an exploit work against a Docker install of it. It 302s to the login page in my testing. 🤷♂"
X Link 2023-11-29T03:39Z 24.3K followers, [----] engagements

"Multiple outlets have reported that CVE-2023-49103 is being actively exploited in the wild. Which implies that it's successful right If CVE-2023-49103 only really matters in containers but the exploit only has a chance of working on non-container installs this doesn't add up"
X Link 2023-11-29T04:09Z 24.3K followers, [----] engagements

"Heck the exploit that @GreyNoiseIO links to doesn't even target the right OwnCloud URI. There's no "/owncloud" part of the target URI on a CVE-2023-49103 vulnerable system If use of a non-working exploit spikes in the wild does that count towards it being exploited in the wild"
X Link 2023-11-29T04:40Z 24.3K followers, [----] engagements

"It seems that VMware 17.15.0 causes keyboard and mouse input to break at unexpected times at least for Linux VMs. It's happened to me frequently. 1) Roll back to 17.0.2 (this fixes the problem) 2) Given the Broadcom purchase find a VMware alternative 😬"
X Link 2023-11-30T12:55Z 24.3K followers, [----] engagements

"@4Dgifts Yeah for as crufty VMware is it seems quite polished in comparison to VirtualBox. 😬"
X Link 2023-11-30T13:13Z 24.3K followers, [--] engagements

"@onyphe @wvuuuuuuuuuuuuu FTR Docker instances of ownCloud will not have "docker" anywhere in the phpinfo() output. Unless the hosting system coincidentally has "docker" somewhere in a phpinfo-reported attribute "OWNCLOUD_ADMIN_PASSWORD" is an indicator of a vulnerable (as ownCloud describes it) system"
X Link 2023-11-30T15:40Z 24.3K followers, [---] engagements

"Is the AcceptPathInfo-based mod_rewrite bypass in ownCloud a vulnerability in an of itself Probably. If any pages within the ownCloud webroot are blocked for security reasons from direct access by way of mod_rewrite this is a way around that. Bets on the next CWE-425 target 🤔"
X Link 2023-12-01T21:11Z 24.3K followers, [----] engagements

"While the ownCloud advisory for CVE-2023-49103 was released on November [--] [----] the removal of phpinfo() from docker images happened [--] days earlier. Was the removal of phpinfo [--] days before the advisory just.a coincidence"
X Link 2023-12-01T21:58Z 24.3K followers, [----] engagements

"75 days before the advisory for CVE-2023-49103 the "tests" subdirectories were removed from the Docker files which removes the vulnerable GetPhpInfo.php file. This too is perhaps just a coincidence Or a hint for where attackers should look Or ownCloud was merely very slow"
X Link 2023-12-01T22:05Z 24.3K followers, [----] engagements

"The ownCloud advisory for CVE-2023-49103 says "Docker-Containers from before February [----] are not vulnerable" So you ask to yourself: Self why is this so In February the mod_rewrite rules in .htaccess were changed from REQUEST_FILENAME to REQUEST_URI. Presumably for reasons"
X Link 2023-12-01T23:35Z 24.3K followers, 18.6K engagements

"@r0wdy_ Presumably the passengers liquify at [--] or above"
X Link 2023-12-02T22:08Z 24.3K followers, [---] engagements

"@RonnyTNL No this is as stock as it gets. e.g. a Clean Win11 VM with Google Chrome just installed"
X Link 2023-12-05T15:54Z 24.3K followers, [--] engagements

"FTR they've reached out to me and have confirmed that they've successfully decrypted my message. Yup PGP is a complete failure. 😬"
X Link 2023-12-07T20:51Z 24.4K followers, [----] engagements

"Setting up a new VM how is it possible that a trivial Bing search for a Microsoft thing doesn't even have what is clearly what I want on the first screen of results"
X Link 2023-12-11T14:46Z 24.4K followers, [----] engagements

"Dear websites that refuse to allow pasting in passwords: What's your threat model What are you trying to achieve Is your goal to ensure that users pick bad (things they remember and are easy to type) passwords"
X Link 2023-12-12T14:30Z 25.4K followers, 107.4K engagements

"Reminder: When you see an ad in a Google search result the domain name shown is in no way guaranteed to be what site you'll end up on if you click the link 1) NEVER EVER click on a Google ad link. 2) Using an ad blocker is good security hygiene. Not something to feel guilty about"
X Link 2023-12-17T15:43Z 24.4K followers, 88.8K engagements

"Yeah so this works just fine Unauthenticated RCE on SharePoint as the SharePoint Admin user. But just to be clear CVE-2023-24955 and CVE-2023-29357 patches were released in May and June of this year respectively. If you don't have those patches installed by now well. MS finally replys to our email and allow us to public more details about the Auth bypass and Code Injection chain in SharePoint which was used in Pwn2Own Vancouver [----]. Here is the (not-so) fully working PoC for that: https://t.co/kj6decsL4S Have a nice weekend ;) MS finally replys to our email and allow us to public more"
X Link 2023-12-19T16:21Z 26.4K followers, 34.8K engagements

"@akamai_research @nachoskrnl The title implies that RCE was achieved. And in the body it states that a "vulnerability chain" was achieved which sort of dodges whether or not successful exploitation was demonstrated. In part [--] it's admitted that exploitation might be possible. Was exploitation successful"
X Link 2023-12-19T16:41Z [--] followers, [----] engagements

"FTR the Windows LPE vulnerability that I reported was apparently addressed in Amazon WorkSpaces version 5.12.1 (August [--] 2023) as checks notes "Bug fixes and enhancements""
X Link 2023-12-19T16:48Z 24.4K followers, [---] engagements

"This is a nicely detailed 2-part writeup about two vulnerabilities that can affect Outlook: CVE-2023-35384 and CVE-2023-36710. But it's a good example of what I picture to be a problem in our field How does one distinguish between a vulnerability that might be exploitable vs. IS Did you hear that Akamai researcher @nachoskrnl has discovered two vulnerabilities within Windows. Leveraging the infamous custom reminder sound feature these can be chained together to achieve full 0-click RCE against Outlook. Full write-up: https://t.co/W2bXFwTxJK https://t.co/uUj88b4hS1 Did you hear that Akamai"
X Link 2023-12-19T21:35Z 24.8K followers, 16K engagements

"Skimming headlines and content one might conclude that Akamai demo'd a (working) exploit chain to achieve RCE with Outlook. This is definitely NOT the case. In this case "Achieving" an RCE "vulnerability chain" means that the chain was discovered. Not successfully demonstrated"
X Link 2023-12-19T21:41Z 24.8K followers, [---] engagements

"As consumers of CVEs we can start by reading the description. In the case of CVE-2023-36710 MS assigned it "Windows Media Foundation Core Remote Code Execution Vulnerability" which is pretty worthless. They also gave it a CVSS Attack Complexity of Low which is expect success"
X Link 2023-12-19T21:54Z 24.4K followers, [----] engagements

"Why the discrepancy Is Akamai just not clever enough Absolutely not CVE-2023-36710 is for the Windows Media LIBRARY for ANY app that may be using it. You can't just take the CVSS score for CVE-2023-36710 (a library) and apply it to one specific app that uses it (Outlook)"
X Link 2023-12-19T22:01Z 24.4K followers, [----] engagements

"Apple people: Every time I leave my home my phone notifies me that I left my MacBook at home. I know this because that's where it lives. It's not in my Devices list in Find My which is confusing to me. How do I stop these notifications"
X Link 2023-12-20T02:11Z 24.4K followers, [----] engagements

"@RayRedacted @rand0hmized Does that make it a better film I have not seen it FTR"
X Link 2023-12-24T01:15Z 24.4K followers, [--] engagements

"@CubicleApril "If our twitter bid succeeds we will defeat the spam bots or die trying" "My prediction is that any so-called social media network that doesn't do this will fail" Any other predictions oh wise one"
X Link 2023-12-25T19:01Z 25.2K followers, [----] engagements

"What percentage of your current notifications on Twitter are from porn bots"
X Link 2023-12-27T04:28Z [--] followers, [----] engagements

"Microsoft (December 2021): Hey everybody we've fixed CVE-2021-43890 Microsoft (December 2023): Hey everybody CVE-2021-43890 is being exploited in the wild The unspoken part (as far as I can tell): Whoops we accidentally unfixed CVE-2021-43890 in April [----]. 🤦♂ Note that as of today's updates (CVE-2021-43890) the ms-appinstaller: URI has been disabled. https://t.co/tk9KpmHCy8 Note that as of today's updates (CVE-2021-43890) the ms-appinstaller: URI has been disabled. https://t.co/tk9KpmHCy8"
X Link 2023-12-28T22:16Z 26.4K followers, 81.7K engagements

"@malwrhunterteam Compliance"
X Link 2023-12-30T13:45Z 24.4K followers, [---] engagements

"@bettersafetynet Even the alternative that has the most infosec people on it is still a bit sparse. I searched for a CVE that got recent attention and there are zero hits on BlueSky has zero hits as expected. I wish something would happen to actually trigger the exodus"
X Link 2023-12-30T18:09Z 24.8K followers, [---] engagements

"@0xdabbad00 How does one mention "a recent CVE" without bothering to state which one it is 🤦♂"
X Link 2024-01-05T03:21Z 24.8K followers, [----] engagements

"@Volexity Also think for a moment about the concept of asking a maybe-compromised device to please run the integrity checker and truthfully report how it went. 🤔"
X Link 2024-01-10T22:25Z 24.8K followers, [----] engagements

"Well this all seems relevant again. @RonnyTNL @j00sean @angealbertini "Cannot guarantee the integrity of the appliance" combined with a critical organizational resistance to magical thinking perhaps. Remember that whole Ivanti Pulse Secure fiasco a few years ago where you ran this "ICT" thing to see if it's been compromised 😂 https://t.co/YalAVXQcPo @RonnyTNL @j00sean @angealbertini "Cannot guarantee the integrity of the appliance" combined with a critical organizational resistance to magical thinking perhaps. Remember that whole Ivanti Pulse Secure fiasco a few years ago where you ran this"
X Link 2024-01-11T03:59Z 24.8K followers, [----] engagements

"Let's use Ivanti VPN CVE-2024-21887 CVE-2023-46805 as an example of magical thinking. If you think your web server was compromised would you use a remote web browser to confirm whether this is true This is what the "external" ICT workflow does. Thoughts and prayers to customers"
X Link 2024-01-11T14:06Z 24.4K followers, 11.2K engagements

"So apparently starting with Linux [----] ASLR is weakened for 64-bit executables and absolutely BROKEN (i.e. not present) for 32-bit executables when the library is 2MB or larger. Oops 🤦♂"
X Link 2024-01-12T17:01Z [--] followers, 84.8K engagements

"@MalwareJake You're not running the cursed VMware Workstation [----] version are you"
X Link 2024-01-15T19:32Z 24.8K followers, [----] engagements

"@MalwareJake [--] is way better than [----]. Given that going back to [--] means completely giving up on all security updates from here on out it's clearly not a long-term solution. But given the Broadcom nonsense I figure that nobody should be holding on to VMware anything at this point"
X Link 2024-01-16T01:12Z 24.8K followers, [---] engagements

"CVE wonders: Apache created CVE-2023-49070 to capture: "Our OFBiz product has Apache XML-RPC which is vulnerable to CVE-2019-17570". This seems. wrong If every vendor created a new CVE to capture "Hey we use library foo that already has a CVE" how can this possibly scale"
X Link 2024-01-16T18:42Z 24.8K followers, [----] engagements

"This isn't the first time CVE abuse for libraries has happened. Take the recent libweb vulnerability. Apple got the report and assigned CVE-2023-41064 to "ImageIO" Google got the report and assigned CVE-2023-4863 to "Chrome" Eventually MITRE fixed the latter CVE to be libwebp"
X Link 2024-01-16T18:46Z 24.8K followers, [---] engagements

"CVE has assignment "rules" to avoid problems like these but I get the impression that they're not really enforced anywhere by anyone. What do you call rules that aren't enforced "Suggestions""
X Link 2024-01-16T18:51Z 24.8K followers, [----] engagements

"@msw I recall the time that Microsoft got mad at me for "leaking" "their" CVE ID for a vulnerability that affected them. At least at the time they were operating with the mindset that a CVE ID was an identifier for a Microsoft update and they hadn't released their update yet. 🤦♂"
X Link 2024-01-16T19:38Z 22.9K followers, [---] engagements

"Why did Apache assign CVE-2023-49070 to a vulnerability that was already assigned CVE-2019-17570 by. Apache Publishing new CVEs gets more attention than somebody piling on to an old CVE Software in [----] being vulnerable to a [----] CVE is too embarrassing Both are bad ideas"
X Link 2024-01-16T20:12Z 24.8K followers, [----] engagements

"This is great stuff. Ivanti Connect Secure CVE-2023-46805: You can access resources by prefixing with any number of no-auth resources and directory traversal to where you want to go. CVE-2024-21887: Command injection with certain targets. Paying customers can mitigate the former. We have posted our AttackerKB @rapid7 Analysis of the recent 0day exploit chain affecting Ivanti Connect Secure (CVE-2023-46805 and CVE-2024-21887). Full details of the auth bypass and command injection vulns. Read all the details here: https://t.co/qvnnV4d4y8 We have posted our AttackerKB @rapid7 Analysis of the"
X Link 2024-01-16T21:34Z 26.4K followers, 98.6K engagements

"@h4x0r_dz Does a VMware vCenter server run any of those things"
X Link 2024-01-19T18:02Z [--] followers, [---] engagements

""If our twitter bid succeeds we will defeat the spam bots or die trying" "My prediction is that any so-called social media network that doesn't do this will fail" They're even retweeting now. A job done oh wise one"
X Link 2024-01-20T15:28Z 26.4K followers, [----] engagements

"Smart quotes. In an official Microsoft PowerShell script. Let me guess. it was written in Microsoft Word 🤦 https://support.microsoft.com/en-us/topic/kb5034957-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2024-20666-0190331b-1ca3-42d8-8a55-7fc406910c10 https://support.microsoft.com/en-us/topic/kb5034957-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2024-20666-0190331b-1ca3-42d8-8a55-7fc406910c10"
X Link 2024-01-21T19:43Z 26.4K followers, [----] engagements

"In planning for a post-VMware world I'm once again poking around with Hyper-V. It took less than an hour to encounter a dealbreaker bug: If you have a snapshot of a powered-on VM that has an ISO mounted and that ISO goes away you. can never power that VM on again"
X Link 2024-01-22T19:06Z 24.8K followers, 78.1K engagements

"This is the equivalent of claiming "I absolutely can't turn on this computer The disc that was in the optical drive ISN'T THERE anymore1" Given the amount of time it took to encounter this I can't imagine that this product is getting much usage. What are alternatives 😬"
X Link 2024-01-22T19:10Z 24.8K followers, [----] engagements

"@DobarMomak76 Until I have something figured out my current plan is to run an out-of-date VMware instance indefinitely. 😬"
X Link 2024-01-22T19:21Z 24.8K followers, [----] engagements

"@HaifeiLi So in that way Hyper-V is significantly worse that VMware VirtualBox and Parallels"
X Link 2024-01-22T19:24Z 24.8K followers, [---] engagements

"For the record thanks for the workarounds that have been provided. But to be honest I wasn't looking for a way that I can fix the broken software. I was more just venting about my disappointment of Hyper-V being so fragile and why it doesn't meet my usability requirements. 😕"
X Link 2024-01-23T01:56Z 24.8K followers, [----] engagements

"@sixtyvividtails I've poked at Proxmox a bit and it wasn't too bad. It's definitely not a drop-in replacement for VMware Workstation though. But having tried both Hyper-V and VirtualBox on Windows I'm not sure such a product exists. /me hugs Parallels on his ARM Mac"
X Link 2024-01-23T14:03Z 24.8K followers, [---] engagements

"@TheSenMat It's on my list of contenders. How viable of an alternative it is probably depends on your workflow. Two things I've definitely done with VMware that I'd love to continue doing are: - Plug in a USB device and connect it to the VM. - Pause a VM edit its RAM file and resume it"
X Link 2024-01-23T16:19Z 24.8K followers, [---] engagements

"What's the CVE ID for this vulnerability he wonders out loud"
X Link 2024-01-24T13:40Z [--] followers, [----] engagements

"@richinseattle If you ever ask yourself whether something should get a CVE the answer is inevitably "yes". 😀 Especially when it is removed mitigated fixed etc. any unique security issue should get a CVE. As that action sort of counts as acknowledgement of it as a thing"
X Link 2024-01-25T20:10Z 24.8K followers, [---] engagements

"@richinseattle That's a touch trickier. If it's not something like a shared library and each vendor is required to create their own code from a baseline pile of code then it's presumably something where each vendor should get their own CVE. And I'd probably argue the SDK or OEM get one too"
X Link 2024-01-25T20:34Z 24.8K followers, [---] engagements

"@richinseattle The world of CVE assignment "rules" is sort of the wild west where everybody does their own thing. This might be a case worth reaching out to MITRE as opposed to listening to my hunches though. 😀"
X Link 2024-01-25T20:41Z 24.8K followers, [---] engagements

"@richinseattle I don't have any insight into what happens at CERT these days but I do believe that they still do vulnerability coordination. FWIW from one who'd know: "Forks" should each get their own CVEs. If code isn't modified then share the same root CVE. But in practice it's more YOLO"
X Link 2024-01-26T18:11Z 24.9K followers, [---] engagements

"Every account created on this hellsite from [----] on is either a porn bot or a cryptocurrency scammer. I can see what this is leading to and it looks real grim. Warning: @lfgexchange is falsely claiming to have worked with us on an audit. The report on their page is fake. If you want to verify the authenticity of a @trailofbits report find it on our publications repo the authoritative source straight from us. https://t.co/Rdqy3LvKSR https://t.co/c2sT5xM1T1 Warning: @lfgexchange is falsely claiming to have worked with us on an audit. The report on their page is fake. If you want to verify the"
X Link 2024-01-30T13:31Z 24.8K followers, [----] engagements

"Hyper-V: "The virtual machine's current state will be lost" (when reverting to a checkpoint) Also Hyper-V: Please wait while I write the contents of the VM's RAM to a file first. Maybe I'm just used to VMware but in what universe does this even make any sense"
X Link 2024-01-30T15:54Z 24.8K followers, [---] engagements

"Hey everybody there are unfixed vulnerabilities in Ivanti Connect Secure No not those (which are STILL unfixed). The new ones: CVE-2024-21888 (privesc to admin) and CVE-2024-21893 (SSRF to access "restricted resources") mitigation.release.20240126.5.xml https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways"
X Link 2024-01-31T13:00Z 26.4K followers, 27.6K engagements

"@collysucker @cyb3rops Done. I really wish people would get their CVE shit together. But who am I kidding. that ain't gonna happen. Hey everybody there are unfixed vulnerabilities in Ivanti Connect Secure No not those (which are STILL unfixed). The new ones: CVE-2024-21888 (privesc to admin) and CVE-2024-21893 (SSRF to access "restricted resources") mitigation.release.20240126.5.xml https://t.co/hYaMum0uR7 https://t.co/W88DB9LKpM Hey everybody there are unfixed vulnerabilities in Ivanti Connect Secure No not those (which are STILL unfixed). The new ones: CVE-2024-21888 (privesc to admin) and"
X Link 2024-01-31T13:06Z 24.8K followers, [--] engagements

"While I don't have access to this NEW mitigation mitigation.release.20240126.5.xml (I'll happily take a copy from anybody who has it 😃) I've found another mitigation that seems to work for this product"
X Link 2024-01-31T13:43Z 26.4K followers, [----] engagements

"@SDSchap Right. I've worked with ZFS for years. It's hard to imagine any universe where this is magically ZFS's fault"
X Link 2024-01-31T13:45Z 24.8K followers, [---] engagements

"@GossiTheDog Yeah that plus the "We have no evidence of customers being impacted by CVE-2024-21888" is just a touch odd"
X Link 2024-01-31T14:05Z 24.8K followers, [---] engagements

"@pentestit There are [--] different filters that block incoming requests with the mitigations in place. I suspect that these each address CVE-2023-46805 CVE-2024-21887 and CVE-2024-21893. I'm doubtful that there's a mitigation for CVE-2024-21888 (the privilege escalation) in place"
X Link 2024-01-31T23:25Z 24.8K followers, [---] engagements

"Looks like some kind soul uploaded mitigation.release.20240126.5.xml to VirusTotal. As such here are the mitigitations for CVE-2023-46805 CVE-2024-21887 and CVE-2024-21893. CVE-2024-21888 has no love http://tinyurl.com/4jjmtnj9 http://tinyurl.com/bp5t7vr5 http://tinyurl.com/2vyjedh6 http://tinyurl.com/4jjmtnj9 http://tinyurl.com/bp5t7vr5 http://tinyurl.com/2vyjedh6"
X Link 2024-02-01T15:50Z 26.4K followers, [----] engagements

"@akamai_research @oridavid123 Can we avoid the use of "one-day exploit" I mean this thing is over two years old 😀"
X Link 2024-02-01T16:46Z 24.8K followers, [---] engagements

"@attritionorg Every vendor bends CVE rules because nobody enforces them"
X Link 2024-02-02T01:32Z 24.8K followers, [---] engagements

"We all know that the Ivanti ICT cannot be trusted on a maybe-compromised device. Even the external ICT. But what about this recommended factory reset That restores it to the state when you got it from the factory right Get real. Please avoid magical thinking folks. 🪄"
X Link 2024-02-02T17:24Z 24.9K followers, 18.4K engagements

"Remember when Barracuda Networks told customers to discard devices exposed during CVE-2023-2868 Completely ridiculous right Actually no. This advice is evidence that Barracuda actually understands how things work. Thoughts and prayers for the Ivanti customers out there"
X Link 2024-02-02T17:33Z 24.9K followers, [----] engagements

"@stephenfewer If xmltooling has a CVE and Ivanti uses xmltooling. Shouldn't Ivanti use the existing CVE"
X Link 2024-02-02T23:37Z 24.9K followers, [----] engagements

"@attritionorg Well this is timely. Ivanti Connect Secure is vulnerable to xmltooling CVE-2023-36661. How was this handled HackerOne assigned CVE-2024-21893 to capture this. 🤦♂ The SSRF as we found it is actually an n-day in the xmltooling library patched out around June [----] and assigned CVE-2023-36661. The SSRF can be chained to CVE-2024-21887 for unauthenticated command injection with root privileges. The SSRF as we found it is actually an n-day in the xmltooling library patched out around June [----] and assigned CVE-2023-36661. The SSRF can be chained to CVE-2024-21887 for unauthenticated"
X Link 2024-02-03T13:57Z 24.9K followers, 25.6K engagements

"@MalwareJake @felixw3000 The core of the product is a 23-year-old version of Perl. I'm pretty sure that the negligence started before Ivanti was involved. There's a clear fear of performing regression testing so we have a product that hasn't fundamentally changed in [--] years"
X Link 2024-02-04T05:31Z 24.9K followers, [---] engagements

"I get it that it's a touch more effort to do your homework and determine if a vulnerability is new or whether it's merely another product affected by an EXISTING vulnerability. But can we at least pretend that we want to follow CVE rules CVE-2024-21893 is merely CVE-2023-36661 @attritionorg Well this is timely. Ivanti Connect Secure is vulnerable to xmltooling CVE-2023-36661. How was this handled HackerOne assigned CVE-2024-21893 to capture this. 🤦♂ https://t.co/PNU9vzeVDG https://t.co/hR8KQ1Ax0a @attritionorg Well this is timely. Ivanti Connect Secure is vulnerable to xmltooling"
X Link 2024-02-05T14:00Z 26.4K followers, 24.6K engagements

"@hacks_zach Yes I don't doubt that. However I've seen no CVE guidance that after n amount of time a product discovered to be vulnerable to an existing library's CVE should be assigned a new CVE as opposed to the library's CVE. Sounds like a weakness in CVE-handling workflows"
X Link 2024-02-05T14:28Z 24.9K followers, [---] engagements

"If vulnerability handling workflows follow what orgs typically and historically do with CVEs as opposed to what the rules say SHOULD happen this seems wrong. But this raises the question of which is better CVE rules"
X Link 2024-02-05T15:16Z 24.9K followers, [----] engagements

"Imagine that somebody today discovers that a popular app exposes a 10-year-old vulnerability in a library that already has a CVE. Would the world be better off if this new discovery got a new CVE or if the existing CVE was updated to reflect this (Where JSON references)"
X Link 2024-02-05T15:34Z 24.9K followers, [----] engagements

"This is just a spot check of a few execuables on the system. I didn't even look at any of the libraries. If customers knew what they were purchasing do you think they'd go through with the purchase Imagine a complete SBOM for everything on the box"
X Link 2024-02-05T18:37Z 24.9K followers, [----] engagements

"Just to clarify when I say "on a current Ivanti VPN box" this is what comes with the VMware version of the appliance that Ivanti provides for download which is a [----] version of the software. There may be some upgraded packages with newer versions of the Ivanti software. YMMV"
X Link 2024-02-05T19:07Z 24.9K followers, [----] engagements

"@Harvesterify "In visionOS you can design apps and games that extend beyond windows and volumes and let people immerse themselves in your content." Or you know you can make it worse than just holding up a smartphone in the way of where you are walking. You do you"
X Link 2024-02-06T04:57Z 24.9K followers, [---] engagements

"Dear documentation authors You. You do know that people can't click buttons on paper right"
X Link 2024-02-11T17:13Z 25K followers, [----] engagements

"I can't keep track of SmartScreen bypasses anymore especially given mostly-content-free bulletins. But CVE-2024-21351 says that it is being exploited in the wild and was reported by @ericlaw Is it (or can it be) publicly known as to what exactly it is"
X Link 2024-02-13T18:20Z 25.2K followers, 18.8K engagements

"Similarly CVE-2024-21412 covers .URL files and is also being exploited in the wild. As to what's actually fixed who knows"
X Link 2024-02-13T18:25Z 25.2K followers, [----] engagements

"Ah so it looks like CVE-2024-21412 is to address a bypass for CVE-2023-36025 which was the fact that remote targets inside of a ZIP didn't get SmartScreen love. The fix for CVE-2023-36025 didn't consider the case where a .URL file points to a .URL file"
X Link 2024-02-13T18:34Z 25.2K followers, 19.2K engagements

"@PhreakingGeek A number of those merely exploit CVE-2023-36025. However it seems that as of November [--] [----] attackers are targeting CVE-2024-21412 which is a .URL that points to a .URL file"
X Link 2024-02-13T20:15Z 25K followers, [---] engagements

"@thorirbaldurs Yeah that could probably be used as a starting point of a post-mortem to see if CVE-2024-21412 or CVE-2023-36025 was potentially being used. The former CVE being when a .URL points to a .URL and the latter CVE being when a .URL points to a thing inside of a remote ZIP file"
X Link 2024-02-15T17:05Z 25K followers, [---] engagements

"@cyb3rops So they've assigned CVSS scores to two CWEs huh One more for the "people truly don't understand CVE" pile. 🤦♂"
X Link 2024-02-20T15:14Z 25.2K followers, [----] engagements

"This is probably important. But given that we all clearly don't understand anything about CVE good luck tracking it (Obviously CVSS scores get assigned to CVEs not CWEs) 🤦♂ This doesn't sound good #ConnectWise #ScreenConnect https://t.co/ToDPy0eKAD https://t.co/1Nwss1M5Ej This doesn't sound good #ConnectWise #ScreenConnect https://t.co/ToDPy0eKAD https://t.co/1Nwss1M5Ej"
X Link 2024-02-20T16:16Z 25.2K followers, 12.2K engagements

"@cyb3rops Yeah CVSS scores are for a "vulnerability" which are usually (but not required to be) identified by a CVE. You don't score a weakness. 🤷♂"
X Link 2024-02-20T16:31Z 25.2K followers, [---] engagements

"@EthicalChaos @cyb3rops There are ZERO CVEs"
X Link 2024-02-20T17:59Z 25.3K followers, [---] engagements

"With this I implore you: Make sure that you've installed patches for CWE-288 (See how well that works) 🤦♂"
X Link 2024-02-21T12:44Z 25.3K followers, [----] engagements

"Looks like @CISAgov has stepped in an has assigned CVE-2024-1708 and CVE-2024-1709 to these two issues. Great job folks"
X Link 2024-02-21T16:00Z 25.3K followers, [----] engagements

"I think it's time to replace my aging desktop PC and I want something that supports modern Windows security features. But there are no Secured-Core PC desktops What does one do Buy a PC check AvailableSecurityProperties and then return it as needed"
X Link 2024-02-22T04:30Z 25.2K followers, [----] engagements

"Given that the Microsoft page for Secured Core PCs says that "Secured-core PCs are the most secure Windows [--] devices I can only assume that the concept of Secured-core PCs is a fad that has passed So how do people know what security features are supported before they buy 🤔"
X Link 2024-02-22T04:53Z 25.2K followers, [---] engagements

"@getwired I'd think that if Microsoft cared about making Secured-core PCs a thing that customers should care about they'd have these Lenovo machines on their list. Anyway thanks for the tip"
X Link 2024-02-22T05:00Z 25.2K followers, [---] engagements

"Hunch: Secured-core PCs was an experiment that failed. The PC-purchasing masses apparently don't care about such things. It's only security-conscious weirdos like me"
X Link 2024-02-22T05:19Z 25.2K followers, [----] engagements

"I'm willing to overlook the fact that one of the selling points of Secured-core PCs is a lie: It protects against BYOVD. (It doesn't) However I do want all of the HVCI-provided protections. As someone in the PC-shopping world why isn't this more clear"
X Link 2024-02-22T05:28Z 25.2K followers, [----] engagements

"@RonnyTNL Yeah this is a personal computer that doesn't have VMware. 😀"
X Link 2024-02-22T13:01Z 25.2K followers, [---] engagements

"@RonnyTNL But actually now that I think about it. In my brief (no nested virtualization = no go for me) experimentation with VMware using the Hyper-V WHP the performance seemed fine. Perhaps from a performance perspective it depends on what HVCI features your CPU/motherboard supports"
X Link 2024-02-22T13:11Z 25.2K followers, [---] engagements

"@MalwareJake Isn't that the Fox News tagline"
X Link 2024-02-22T14:08Z 25.2K followers, [---] engagements

"@FrankLesniak @N805DN Where is this elusive page that has Secured-Core current-gen Intel CPU desktop (or small form factor) PCs"
X Link 2024-02-23T16:40Z 25.2K followers, [--] engagements

"@N805DN @FrankLesniak Yeah I'm aware of this page. The fact that "Workstation" is greyed out suggests to me that a Secured-core Workstation PC isn't a thing"
X Link 2024-02-23T19:56Z 25.2K followers, [--] engagements

"@HackingLZ @bettersafetynet Things on a currrent Ivanti VPN box: curl 7.19.7 2009-11-04 (14 years) openssl 1.0.2n-fips 2017-12-07 (6 years) perl 5.6.1 2001-04-09 (23 years) psql 9.6.14 2019-06-20 (5 years) cabextract [---] 2001-08-20 (22 years) ssh 5.3p1 2009-10-01 (14 years) unzip [----] 2009-04-29 (15 years) Things on a currrent Ivanti VPN box: curl 7.19.7 2009-11-04 (14 years) openssl 1.0.2n-fips 2017-12-07 (6 years) perl 5.6.1 2001-04-09 (23 years) psql 9.6.14 2019-06-20 (5 years) cabextract [---] 2001-08-20 (22 years) ssh 5.3p1 2009-10-01 (14 years) unzip [----] 2009-04-29 (15 years)"
X Link 2024-02-25T15:09Z 25.2K followers, [----] engagements

"This is incredible. In one of my usual VMs it takes regedit over [--] minute to search the registry also requiring the user to manually search again and click "Find Next" for every single hit it finds. With RegCool it takes [--] seconds for the same search and it shows ALL hits Tired of using RegEdit an abandoned Windows utility that uses 100% CPU for five minutes to do a basic search. I finally found RegCool. OMG switch now. Full regex search across entire registry in one minute. https://t.co/lvyZIn6Ugk https://t.co/M2a4Pz5elV Tired of using RegEdit an abandoned Windows utility that uses 100% CPU"
X Link 2024-02-25T23:30Z 25.2K followers, 14.5K engagements

"@ronin3510 @zodiacon Eh in my testing it: - Won't find what I search for unless the cursor has currently selected "REGISTRY" as opposed to the default location or "Standard Registry". 🤷♂ - Still only shows one match at a time. - Is almost as slow as regedit.exe"
X Link 2024-02-26T14:20Z 25.2K followers, [---] engagements

"@awakecoding @arekfurt Hm no luck there but. Windows Sandbox uses "vEthernet (Default Switch)" which works. WDAG Edge uses "vEthernet (Ethernet 2)" which doesn't work. This 2nd switch gets automatically created on boot on the problematic machine. My test VM only has ONE vEthernet adapter. 🤔"
X Link 2024-02-27T22:59Z 25.3K followers, [--] engagements

"@jonasLyk @arekfurt This is quite useful Although seemingly undocumented. At least from the perspective of Google not being aware of it as a tool that people use. And although "scrub" is in the name it seems to only display things"
X Link 2024-02-28T21:43Z 25.3K followers, [---] engagements

"Boot-level factory reset subversion sounds tricky Eh it was a touch beyond trivial. What's NOT beyond trivial Subverting the OFFICIAL Ivanti factory reset process in which you use the perl menu system to select the factory reset option. Commenting out a line would do it. 🤦♂"
X Link 2024-02-29T20:30Z 25.4K followers, [----] engagements

"Remember when Barracuda told customers that devices compromised with CVE-2023-2868 would need to be REPLACED as opposed to fixed And how people got mad This is evidence of Barracuda actually understanding the limitations of their product instead of promoting magical thinking"
X Link 2024-02-29T20:41Z 25.4K followers, [----] engagements

"@jamie_sixworks @dwizzzleMSFT The security provided by WDAG is second to none among commodity operating systems. It's incredibly disappointing to see Microsoft giving up on it. I've been fighting this bug for days and only today tied it to an Edge update. BUT the same Edge is fine in Windows Sandbox. 🤔"
X Link 2024-03-01T20:55Z 25.3K followers, [--] engagements

"@jamie_sixworks @dwizzzleMSFT I just got a personal computer capable enough to run it and I spent countless cycles testing and wondering if it wasn't working because my system was upgraded from Windows [--] or what. Only to finally pin it down today to being the Edge upgrade"
X Link 2024-03-01T21:11Z 25.3K followers, [--] engagements

"@jamie_sixworks @dwizzzleMSFT I fail to see how Edge can be at fault though. Nothing changes from a network perspective as the result of updating Edge. Perhaps whatever automagic network/switch configuration that WDAG does isn't compatible with new Edge's traffic. But Win Sandbox does differently"
X Link 2024-03-01T21:14Z 25.3K followers, [---] engagements

"@jamie_sixworks @dwizzzleMSFT For all I know the automagic networking configuration that WDAG performs is hacky but Windows Sandbox is more robust In my test VM WDAG uses "Default Switch (Ethernet0)" and breaks with new Edge. Sandbox uses "Default Switch" and is fine But perhaps w/ deprecation all is moot"
X Link 2024-03-01T21:21Z 25.3K followers, [---] engagements

"@awakecoding @MalwareJake I would love this But I'll probably say "(Legacy) VMware style" instead. 😂"
X Link 2024-03-02T16:34Z 25.3K followers, [---] engagements

"@awakecoding @MalwareJake I predict that there will be a lot of new people trying out Hyper-V for the first time such as myself with the VMware demise being what it is. You'd think that someone like Microsoft would have interest in making the transition as seamless as possible. Yet here we are. 😬"
X Link 2024-03-02T16:47Z 25.3K followers, [---] engagements

"@skrappy0x4a @TheDFIRReport My screenshot is from the linked report"
X Link 2024-03-04T17:04Z 25.3K followers, [---] engagements

"@skrappy0x4a @TheDFIRReport I don't dispute that they worked with WPScan to get a CVE assigned. But that all happened over two years ago. The CVE is NOT new. That's my point. 😀"
X Link 2024-03-04T17:12Z 25.3K followers, [---] engagements

"@TheDFIRReport Ah thanks I suspect that there are a lot of people out there who would see a [----] CVE and assume that it was assigned in [----] (like I unfortunately did). The fact that you can't look at a CVE and see when the CVE itself was created seems less than ideal"
X Link 2024-03-04T19:16Z 25.3K followers, [---] engagements

"I'm not sure if something changed with Mastodon or if it's something with the recent iOS update but images no longer load on this site if Lockdown Mode is enabled on the phone. Other sites are just fine. 🤔"
X Link 2024-03-07T15:14Z 25.3K followers, [----] engagements

"@MalwareJake @Uber @lyft "While making a K-turn she put the car in reverse instead of drive" Weird that such things could happen when the vendor is throwing out the concept of things being done with muscle memory. "Use the drive mode strip to shift Model X: swipe up for Drive swipe down for Reverse""
X Link 2024-03-10T13:27Z 25.3K followers, [----] engagements

"@MalwareJake @Uber @lyft See also: the removal of turn signal stalks in lieu of buttons on the steering wheel and the desire for bulletproof glass for reasons that are hard to explain beyond YOLO"
X Link 2024-03-10T13:33Z 25.3K followers, [---] engagements

"@awakecoding Actually now that I look the ZIP parser that comes with my [---] editor actually isn't granular enough to break down what the ExternalAttributes field field for the file actually means. But 7-zip will show you graphically. More info here:"
X Link 2024-03-12T03:37Z 25.3K followers, [---] engagements

"About this potential TikTok ban. Personally I think the app should be yeeted into the sun. But let's say that it does get banned only by way of removal from app stores. This just ensures that TikTok users continue using it but will be unable to receive security updates. 🤔"
X Link 2024-03-14T03:58Z 25.4K followers, [----] engagements

"@jduck Baby steps"
X Link 2024-03-15T17:22Z 25.4K followers, [---] engagements

"Theory: We're already in the state where content creators are leveraging LLM/ChatGPT/AI to do their work for them. And as such things you read will be confidently wrong / made-up. As LLM/ChatGPT/AI is trained on LLM/ChatGPT/AI-generated content this will only get worse. 😬 Wait what https://t.co/tKqjzCiPW9 Wait what https://t.co/tKqjzCiPW9"
X Link 2024-03-18T16:20Z 25.4K followers, 15.8K engagements

Limited data mode. Full metrics available with subscription: lunarcrush.com/pricing