Notices by Kevin Beaumont (gossithedog@cyberplace.social)

@nosnilmot more work to be done on that 😅

@HaTetsu I think many of them are scraping the RSS feed tbh (add .rss to a username gives you an RSS feed, but it doesn’t include non-public toots)

And yes, this was (and is) a supply chain attack - just everybody was too busy wacking off about GenAI and react2shell to notice.

Also, long time followers may remember this one playing out in real time over the last few weeks - I just tooted about it in Follower mode to stop threat intel companies scraping the toots 🤣

Impacted boxes have things like FatBeehive and other tools installed, there’s hunting guides in that blog.

Notepad++ author really good btw, quick turn around.

I did have a thread on this at the time but I think it auto deleted, whoops. It was being used for entry into telcos and financial services in East Asia anyhoo.

Notepad++ have released a new version to fix the auto update process being hijacked https://notepad-plus-plus.org/news/v889-released/

I reported the vulnerability, it is being hijacked by threat actors in China. https://doublepulsar.com/small-numbers-of-notepad-users-reporting-security-woes-371d7a3fd2d9

I hadn’t put the full details in the blog at the time, but the Notepad++ updater didn’t check if the update package was valid in any way - it just executed it. Also the update process used TLS.. but didn’t validate the session, so it could be hijacked to change the download.

There’s one very crucial detail about the ‘react2shell’ stuff and the level of threat it does or doesn’t pose, which I’ve decided to sit on while the entire industry sets itself on fire about it.

RE: https://masto.ai/@phoronix/115690887166897257

“Platinum Members of the new Agentic AI Foundation include Amazon Web Services, Anthropic, Block, Bloomberg, Cloudflare, Google, Microsoft, and OpenAI.”

Linux Foundation’s decided to guzzle the AI money.

time.cloudflare.com suddenly 5-10 ms off the real time in the eastern US.

I'd guess probably something boring, like network asymmetry near the top of the tree (bottom of the tree?).

(When the service was new, the accuracy was routinely worse than this.)

Elon Musk and X are once again proving why institutions should never rely on corporate-owned, centrally-controlled social media platforms to reach their people.

https://www.bbc.com/news/articles/c0589g0dqq7o

@metacurity *in Korea

If you're into reverse engineering malware, this might tickle your fancy: a511be5164dc1122fb5a7daa3eef9467e43d8458425b15a640235796006590c9

Entry via a supply chain attack, sideloads off a legit AV product, remote access trojan, drops FatBeehive.

#threatintel

Somebody put offroad cars into Microsoft Flight Simulator 2024, much dumb fun was had just now in Canada. #GossiAirways

@sawaba @todb yeah, the fixed version cited was released months ago

@todb they say it's the same vulnerability in the write up though, they just forgot to include the full scope as I read it. Ultimately doesn't really matter now, just curious - I don't think they realised it was triggerable via tika-core, which is where they fixed it but forgot to scope.

@huronbikes It's almost like vibe-coding an entire class of product was a bad idea.

@tonanio cool. Go do that somewhere else.

@tonanio why are you telling me what to toot?