Looking for Cisco IOS-XE devices with an exposed web interface in your environment? (CVE-2023-20198), runZero can help: https://www.runzero.com/blog/finding-cisco-ios-xe-2/

Services query hotlink: https://console.runzero.com/inventory/services?search=%28products%3Anginx%20OR%20products%3Aopenresty%29%20AND%20_asset.protocol%3Ahttp%20AND%20protocol%3Ahttp%20AND%20http.body%3A%22window.onload%3Dfunction%25url%25%3D%25%2Fwebui%22

An actively exploited zero-day in Cisco IOS-XE's web interface is leading to mass compromise and implant (backdoor) installation: https://arstechnica.com/security/2023/10/actively-exploited-cisco-0-day-with-maximum-10-severity-gives-full-network-control/

CVSS 10.0 and bad enough that Cisco is providing methods to check for the specific implant being installed.

via @dangoodin

The spirit of full-disclosure is alive and well. "Squid Caching Proxy Security Audit: 55 vulnerabilities and 35 0days" https://megamansec.github.io/Squid-Security-Audit/

Excited to finally participate in #caturday! He likes to hang out like this.

PSA: Some of the "JA" series of fingerprints (HASSH, JARM, etc) are patented by Salesforce. The new JA4 methods are patent-pending by FoxIO. The JA4+ license is commercial ($ for OEM). Nothing wrong with charging for your work, but OSS projects should be careful about adoption.

Happy Monday! Looks like libwebp vulnerabilities expose a massive portion of daily productivity tools to RCE (via Chrome embedding and Electron):

https://arstechnica.com/security/2023/09/incomplete-disclosures-by-apple-and-google-create-huge-blindspot-for-0-day-hunters/ via @dangoodin

quote of the day: "anything is a server rack if you are brave enough"

This is the article to send to your IT team when they refuse to enforce boot-time PINs for BitLocker:

Bypassing Bitlocker using a cheap logic analyzer on a Lenovo laptop: https://www.errno.fr/BypassingBitlocker.html by Guillaume Quéré

Unix time stamps in OpenSSL handshakes are borking Windows clock settings https://arstechnica.com/security/2023/08/windows-feature-that-resets-system-clocks-based-on-random-data-is-wreaking-havoc/ by @dangoodin

The idea that random outbound TLS connections to untrusted third parties can reset the OS clock is wild. Possibly exploitable through SSRF vectors?

I love that NiNi Chen's (https://blog.terrynini.tw/) Mikrotik RADVD exploitation involves old-school fun like delay slots, encoding RISC instructions into IP addresses, and flushing the i-cache/d-cache: https://forum.defcon.org/node/245713 (live stream @ https://m.twitch.tv/defcon_dctv_one)