Conversation

Notices

1. Embed this notice
   IAintShootinMis (iaintshootinmis@digitaldarkage.cc)'s status on Tuesday, 24-Sep-2024 19:37:35 JST IAintShootinMis

   Who is paying attention to #EvilSocket on X and wheres the conversation happening? I'd like to follow whoever's mastodon is talking about it.

   If no one is, then there is a #Linux unauth #RCE being disclosed to openwall on the 30th.

   Appears to affect Linux and #BSD with a 9.9 CVSS score.

   From reading X thread seems to be not kernel or user space. Assuming protocol implementation?

   https://x.com/evilsocket/status/1838169889330135132

   #ThreatIntel #Vuln #Exploit #infosec #cve

   • Embed this notice
     IAintShootinMis (iaintshootinmis@digitaldarkage.cc)'s status on Tuesday, 24-Sep-2024 20:35:36 JST IAintShootinMis

     • Kevin Beaumont

     @GossiTheDog respectfully sir, and I mean this sincerely (your toots are considered Infosec scripture in this house), I argue there's a lot to do and I've been doing it. (Its in my Troop Leading Procedures thread here: https://digitaldarkage.cc/@iaintshootinmis/113189506131608638 )

     I can't put mitigations in place, or start patching, but we can brace ourselves and partners for the oncoming Storm.

   • Embed this notice
     Ben Aveling (benaveling@infosec.exchange)'s status on Tuesday, 24-Sep-2024 23:28:56 JST Ben Aveling

     • Kevin Beaumont

     @GossiTheDog @iaintshootinmis we’re told there’s some simple mitigations that will be included in the announcement on the 6th.
     Probably worth scheduling someone to watch for those, with stakeholder contact details and access to whatever mgt tooling you use for deploying changes/running commands across the fleet.
     For some companies that means scheduling a change/outage window, so there might be some prep required for that.
     #EvilSocket #EvilSocketVuln