Notices by screaminggoat (screaminggoat@infosec.exchange), page 3

@GossiTheDog thank you for emphasizing this.

Unrelated: You have a robust toot history which enables you to keep a running conversation linked to the earliest rumors of an issue/vulnerability. What's your secret?

CVE-2023-34990 is credited to @hacks_zach of Horizon3.ai. This gave me a starting point for figuring out where to look for information. It's contained in Fortinet FortiWLM Deep-Dive, IOCs, and the Almost Story of the “Forti Forty” posted on 14 March 2024.

It is described as an unpatched vulnerability: "Unauthenticated Limited Log File Read – Allows retrieval of arbitrary log files which contain administrator session ID tokens" Check out the Path to Remote Code Execution #2 section for vulnerability details:

This vulnerability allows remote, unauthenticated attackers to access and abuse builtin functionality meant to read specific log files on the system via a crafted request to the /ems/cgi-bin/ezrf_lighttpd.cgi endpoint. This issue results from the lack of input validation on request parameters allowing an attacker to traverse directories and read any log file on the system.

Based on the details of the blog, I can confidently say that the new CVE and the blog's vulnerability are almost certainly one and the same.

cc: @GossiTheDog @jerry

#CVE_2023_34990 #fortinet #fortiwlm #vulnerability #CVE #infosec #cybersecurity

Fortinet 18 December 2024 security advisory FG-IR-23-144 (error loading post)
CVE-2023-34990 (9.8 critical) relative path traversal in Fortinet FortiWLM leads to code and command execution: released today, 557 days after it was reserved by Fortinet on 09 June 2023. Unable to view the advisory in order to determine exploitation. Shame on them for waiting a year to patch/announce the vulnerability.

h/t: @cR0w

#fortinet #fortwlm #vulnerability #CVE #infosec #cybersecurity

@adulau thank you for this website! I've been meaning to see how others track social media posts besides Feedly: https://feedly.com/cve/CVE-2023-34990

@jerry Here are sources for your Fortinet CVE-2024-34990 (CVSSv3.1: 9.8 critical):

• https://www.fortiguard.com/psirt/FG-IR-23-144 (error loading)
• https://nvd.nist.gov/vuln/detail/CVE-2023-34990

A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests.

Note: FortiGuard PSIRT has a tendency to only list the temporal CVSS score 9.6 (lower score) to downplay the severity of its original base score.

I recreated another GIF of a "corner to corner" (c2c) crochet blanket, that I made in 2021. The symbol on the blanket is a Mahjong game tile known as "80,000" (ba wàn or 八萬) from the characters suit. I made a significant mistake at one point that required frogging (but I weaved in the ends too well, requiring scissors ✂). I continued to learn how often I should take photos for a time lapse GIF.

Yarn is a combination of Caron 1lb off-white acrylic, and other acrylics. People keep asking me if I would put a color border around the blanket, and I keep saying no. c2c is incredibly simple, and could allow for complex pixel art-style works if you map an image to a grid.

Most of my other "wearable" arts and crafts are in this toot thread. I forgot to post the knitted cabled sweater under the parent toots.

cc: @crochet

#crochet #blanket #mahjong

I recreated another GIF of a "corner to corner" (c2c) crochet blanket, that I made in 2020. The symbol on the blanket is a Mahjong game tile known as the green dragon. 發 (pronounced 'fah') is short for 發財, and represents fortune or wealth.

This is where I got my original inspiration to make time lapse GIFs. I learned that I should take consistent photos (horizontal versus landscape).

Yarn is Caron 1lb off-white and an unknown forest green acrylic. People keep asking me if I would put a color border around the blanket, and I keep saying no.

c2c is incredibly simple, and could allow for complex pixel art-style works if you map an image to a grid.

cc: @crochet

#crochet #blanket #mahjong

Forget infosec and cyber threat intelligence: This is now a knitting account. I recreated a GIF that I lost when gfycat[.]com shut down. I knitted this sweater in 2022 using Red Heart Super Saver "blacklight" yarn.

#knitting #yarn

Trend Micro: Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion
Trend Micro provides a case study in which the attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system. The attacker failed to install a Microsoft Remote Support application but successfully instructed the victim to download AnyDesk 😂. DarkGate malware was deployed to their machine and persistence was created, but the attack was stopped. Trend Micro is sharing infection chain and post-infection actions for security awareness. Indicators of compromise provided.

#darkgate #threatintel #cyberthreatintelligence #CTI #IOC #vishing #anydesk #infosec #cybersecurity

@cR0w I agree with @FritzAdalis, it looks like cvefeed.io dun goofed and wrote CVE-2024-21574 as Apache Solr when the vendor is ltdrdata and product ComfyUI-Manager.

I don't go off assumptions so I will rely on the public record of ComfyUI-Manager (which I've never heard of).

@GossiTheDog public Cleo security advisory: https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Advisory-CVE-Peding

Cleo Product Security Advisory (CVE Peding) [sic]

@GossiTheDog yeah, that threw me for a loop because I don't think anyone took credit. Wall Street Journal first broke the story back in like August, and I thought "Salt Typhoon" was an arbitrary USG threat actor name choice.

U.S. Department of Defense: Cyber Command Chief Discusses Challenges of Getting Intel to Users
A generic-looking press release revealed additional information about the Salt Typhoon hack:

• "the Chinese government led hack aimed at North America and Southeast Asian targets."
• "The hack — discovered by Microsoft"
• "is just one part of China's global cyber program"
• The agency did send out cyber security advisories in 2022 "that laid out this exact series of things that we had observed overseas,"

I don't know about you, but this is my first time hearing confirmation of Southeast Asian victims from a government official, that it was discovered by Microsoft (obvious in hindsight), and that there were early indicators and warnings (I&W) since 2022. cc: @nattothoughts

#china #cyberespionage #nsa #cybercom #salttyphoon #cisa #dod #infosec #cybersecurity #threatintel #cyberthreatintelligence #CTI

Meta: Third Quarter Adversarial Threat Report (PDF)
The biggest takeaway of this December 2024 Meta report on "coordinated inauthentic behavior" (which is covert influence operations)... is that there's another operator of the Russian Doppelganger campaign, the Moscow State Institute of International Relations (MGIMO). Other countries that conducted influence operations (and subsequently shut down by Meta) were India, Iran, Lebanon and Moldova.

#influenceoperations #propaganda #disinformation #russia #iran #mgimo #infosec #cybersecurity #threatintel #cyberthreatintelligence #CTI

@cR0w Shamelessly stolen from the Bad Place

Rapid7: Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
Rapid7 reports a resurgence of activity from Black Basta ransomware operators in early October 2024 with new malware payloads, improved delivery, and increased defense evasion. They provide a technical analysis of the attack lifecycle. Indicators of compromise provided at their GitHub repo (EDIT: 404 file missing), and TTPs are mapped to MITRE ATT&CK.

#blackbasta #ransomware #cybercrime #ioc #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI

Business Insider: Microsoft's Copilot has an oversharing problem. The company is trying to help customers fix it. (non-paywalled link)
"On Tuesday, Microsoft released new tools and a guide to help customers mitigate a Copilot security issue that inadvertently let employees access sensitive information, such as CEO emails and HR documents."

WHAT DID I FUCKING SAY ABOUT PUTTING AI INTO EVERYTHING? h/t: @Viss

#microsoft #copilot #vulnerability #ai #infosec #cybersecurity

ICC: Situation in the State of Palestine: ICC Pre-Trial Chamber I rejects the State of Israel’s challenges to jurisdiction and issues warrants of arrest for Benjamin Netanyahu and Yoav Gallant
This will definitely provoke strong comments from everyone: The International Criminal Court (ICC) issued arrest warrants for Israeli Prime Minister Benjamin Netanyahu and Israeli Minister of Defense Mr Yoav Gallant or crimes against humanity and war crimes committed from at least 8 October 2023 until at least 20 May 2024.

#news #icc #warcrimes #israel #netanyahu #gallant #humanrights #IsraelWarCrimes #israelhamaswar

Recorded Future Russia-Aligned TAG-110 Targets Asia and Europe with HATVIBE and CHERRYSPY
An ongoing cyber-espionage campaign by Russian threat actor TAG-110 targets government entities, human rights groups, and educational institutions in Central Asia, East Asia, and Europe with custom malware. TAG-110's efforts are likely part of a broader Russian strategy to gather intelligence on geopolitical developments and maintain influence in post-Soviet states. Indicators of compromise and Yara rules provided. See the 16 page PDF report.

#Russia #TAG110 #cyberespionage #intelligence #IOC #yara #threatintel #infosec #cybersecurity #cyberthreatintelligence #CTI

CISA: Joint Statement from FBI and CISA on the People's Republic of China (PRC) Targeting of Commercial Telecommunications Infrastructure
CISA-hosted copy of the joint statement that I already mentioned. To add some value to this toot, I'll link an article written by @serghei at Bleeping Computer: US govt officials’ communications compromised in recent telecom hack

#china #cyberespionage #cyberthreatintelligence #CTI #infosec #cybersecurity #threatintel #nationalsecurity #news #FBI #CISA