Notices by Tim (Wadhwa-)Brown :donor: (timb_machine@infosec.exchange)

PoC for CVE-2024-6387 in OpenSSH is out:

https://github.com/YassDEV221608/CVE-2024-6387_PoC

32-bit only...

#linux, #threatintel

WTAF. DigiCert are actively removing IPv6 support:

https://knowledge.digicert.com/alerts/digicert-certificate-status-ip-address

@skylark13 Hit the fork button and move on.

@ryanc Sounds like a DM bug. Tried rebooting them?

PSA: Wild speculation is the best speculation.

#rumops

Rumours look to have been accurate, it looks like it's CUPS:

https://www.linkedin.com/posts/benjamin-harris-sg_15-minutes-ago-our-monitoring-systems-went-activity-7245132773902983168-xZ0u?utm_source=share&utm_medium=member_android

(Courtesy of an old friend at @watchtowrcyber)

Add in, runs as root and likely listens on the network.

If you wanted to speculate on the upcoming CVE in Linux distros, correlating Popcon with those that have listening parts and CVE data might be one way to make a prediction:

https://popcon.debian.org/

I wish Mastodon had the concept of drafts and/or scheduled posts but meantime, I've hacked together a solution of writing "Mentioned people" only posts and not mentioning anyone. Pretty it is not.