@GossiTheDog I was wondering, actually. Where does it say that?
Side note: I have personally seen large ISO27001-certified orgs use this exact method to e-mail sensitive info. It's security theater and checkbox compliance, mimics the practices of credit card companies, mailing cards and PINs separately. However, real-life analogies rarely work, and vice versa. If an adversary has capabilities to exfil _one_ e-mail, they could exfil _all_ e-mails.
I kinda love the edit history on the US DOD's statement about the purported stand-down order. "There has been no stand-down order whatsoever from that priority, said the official who was granted anonymity to discuss internal decisions." @TheGuardian
@GossiTheDog This is a screenshot of the first snapshot for the CVE-2024-49035 advisory on MSRC. MS knew about exploitation from the get-go. Not sure why CISA is picking this up only now, being long patched and whatnot.
Finally, after two weeks, an update to the 2025 Insecurity Appliance Bingo sheet. CVE-2024-22467 is an Auth RCE vulnerability in Ivanti Connect Secure that qualifies for the Bingo scorecard. Current Bingo Card is always at: https://cku.gt/appbingo25
@GossiTheDog I read half a VPN password aloud to a victim on the phone, they completed the other half. They're *definitely* legit. They also seem to be mostly cleartext, even those not looking like cleartext?
@GossiTheDog@lawrenceabrams figures. I'll update my news item later if I get the chance. Why a cable customer in Medellin is running pre-release software is another question though... which I'm not going to ask, given the geographic circumstances. ;-)
@GossiTheDog@lawrenceabrams Yes. It's either a pre-release build or the machine was owned before 7.2.2 was installed. The backdoor user exists in the config, so both could be possible.
@lawrenceabrams@GossiTheDog RE #FortiGate leak: I have found the version string "FWF61E-7.2.2-FW-build1327-220914" on one FortiWifi config from Colombia. I'm not sure which build date the first final version had but maybe a pre-release version?
Yeah, sure, why not dismantle the German Federal government, too. We haven't used up our daily contingent of push notifications yet.
As in: The German Chancellor has apparently asked the Federal President to fire the Minister of Finance, Mr. Lindner (Liberals). This means that the coalition of Greens, Liberals and Social Democrats is effectively over.