diff --git a/source/_posts/Linux-RCE-exploited-in-the-wild-via-CUPS-Print-Scheduler-before-disclosure.md b/source/_posts/Linux-RCE-exploited-in-the-wild-via-CUPS-Print-Scheduler-before-disclosure.md new file mode 100644 index 0000000..c697c0b --- /dev/null +++ b/source/_posts/Linux-RCE-exploited-in-the-wild-via-CUPS-Print-Scheduler-before-disclosure.md @@ -0,0 +1,33 @@ +--- +title: Linux RCE exploited in the wild via CUPS Print Scheduler before disclosure +date: 2024-09-29 22:47:59 +tags: + - linux + - cups + - rce + - exploit + - print scheduler +--- + +### Quick Report + +A high profile vulnerability with a CVSS score of 9.9 by RHEL and Canonical affecting widely used print server installed by default on many Linux and UNIX systems. The exploit discovered is a remote code execution vulnerability in the CUPS Print Scheduler allows attackers to run arbitrary code on the system without any user interaction required. + + +Summary of the vulnerability: +> CVE-2024-47176 | cups-browsed <= 2.0.1 binds on UDP INADDR_ANY:631 trusting any packet from any source to trigger a Get-Printer-Attributes IPP request to an attacker controlled URL. + CVE-2024-47076 | libcupsfilters <= 2.1b1 cfGetPrinterAttributes5 does not validate or sanitize the IPP attributes returned from an IPP server, providing attacker controlled data to the rest of the CUPS system. + CVE-2024-47175 | libppd <= 2.1b1 ppdCreatePPDFromIPP2 does not validate or sanitize the IPP attributes when writing them to a temporary PPD file, allowing the injection of attacker controlled data in the resulting PPD. + CVE-2024-47177 | cups-filters <= 2.0.1 foomatic-rip allows arbitrary command execution via the FoomaticRIPCommandLine PPD parameter. + +### Source(s) + +- [TPU][def] +- [Evil Socket][def2] +- [Github Gist][def3] +- [Shodan.io][def4] + +[def]: https://www.techpowerup.com/327067/new-linux-rce-vulnerability-leaks-ahead-of-disclosure-allows-arbitrary-code-execution-via-cups-print-scheduler +[def2]: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/#Internet-Printing-Protocol +[def3]: https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1 +[def4]: https://www.shodan.io/search/report?query=product%3Acups diff --git a/source/_posts/Microsoft-addresses-Security-Concerns-of-Recall-Features-on-Copilot-with-a-revamp.md b/source/_posts/Microsoft-addresses-Security-Concerns-of-Recall-Features-on-Copilot-with-a-revamp.md new file mode 100644 index 0000000..e4f3d54 --- /dev/null +++ b/source/_posts/Microsoft-addresses-Security-Concerns-of-Recall-Features-on-Copilot-with-a-revamp.md @@ -0,0 +1,31 @@ +--- +title: >- + Microsoft addresses Security Concerns of Recall Features on Copilot+ with a + revamp +date: 2024-09-29 22:54:22 +tags: + - microsoft + - copilot+ + - copilot + - ai + - ai-powered-tools + - recall + - security + - privacy +--- + +### Quick Report + +Microsoft addressed the privacy concerns of the recall feature on Copilot+ with a revamp. The feature requires Device Encryption, TPM 2.0, Kernel DMA protection, Virtualization based Code Integrity, Secure Boot and Bitlocker to view/record with the option to disable the feature if user's feels unsafe. + + +Recall will be a Opt-In feature and users can disable it during Windows installation. By default, it will be disabled unless the user enables it. In addition, Recall needs Windows Hello based Authentication Face or Biometrics and on-device is encrypted unlike the previous version which had stored data in plain text raising security concerns. +Microsoft confirmed it will not capture Private browsing, passwords, or other sensitive information with the help of Purview Privacy toolset technology developed by Microsoft. + +### Source(s) + +- [TPU][def] +- [Windows Blogs][def2] + +[def]: https://www.techpowerup.com/327068/microsoft-revamps-recall-for-copilot-pcs-with-a-focus-on-security-concerns +[def2]: https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/ diff --git a/source/_posts/Valve-turns-Rampant-Cheaters-in-Deadlock-into-a-Frog.md b/source/_posts/Valve-turns-Rampant-Cheaters-in-Deadlock-into-a-Frog.md new file mode 100644 index 0000000..2047f2f --- /dev/null +++ b/source/_posts/Valve-turns-Rampant-Cheaters-in-Deadlock-into-a-Frog.md @@ -0,0 +1,29 @@ +--- +title: Valve turns Rampant Cheaters in Deadlock into a Frog +date: 2024-09-29 22:53:29 +tags: + - valve + - steam + - moba game + - deadlock + - cheaters + - frog + - anti-cheat +--- + +### Quick Report + +Valve the makers of Steam released a new MOBA-like game called Deadlock which had serious cheating problems, despite being an invite-only beta testing. Valve has now turned the cheaters into frogs. It's an anti-cheat system with conservative to avoid any false positives. + + +According to changelog from the latest update, once the anti-cheat system detects a cheater, it will prompt rest of players in the game to either kick and ban the offending player(s) ending the match immediately or turn the cheater into a frog until the match ends and ban them indefinitely. + +### Source(s) + +- [TPU][def] +- [Steam][def2] +- [X post][def3] + +[def]: https://www.techpowerup.com/327060/valve-addresses-rampant-cheaters-in-deadlock-with-unorthodox-frog-anti-cheat-in-latest-update +[def2]: https://forums.playdeadlock.com/threads/09-26-2024-update.33015/ +[def3]: https://x.com/IntelDeadlock/status/1839535097747259804