Kevin Beaumont@beej During the pandemic in the depths of looking for things to do (and deep in Play in Forward archives as background noise) I took the Betrayal At Krondor MIDIs and cleaned up a few with more contemporary instrument packs and arranging. Never properly finished them, but any interest in hearing the rough cuts?
The Bard At Work
- 16 Followers
- 52 Following
- 27 Posts
I do vulnerability management and traditional Irish music.
Notably, for the second year running (and same with all prior reports) (and the same across other IR and MDR providers), the report doesn't mention AI or Generative AI once.
Absolutely not popular to say that and always get next to zero engagement on LinkedIn, but let me be super clear on this one:
The threat to your business is foundational IT and security. The big incident that screws you over will be somebody pointing and clicking. Focus on what actually matters, not AI.
The number of unsolicited vendor e-mails I'm getting with 'reply to unsubscribe' or 'send us a note if you want to unsubscribe' is too damn high.
Lesley Carhart 
Oh to be young again, and believe I was really clever recommending technical cybersecurity solutions to the average human being.
As I engage more, it's come to my attention that #introduction posts are a thing here!
I'm Micha, an audio engineer/musician turned piano technician turned security analyst cause this is America and I like health insurance.
I mostly do incident response and vulnerability management, but I see and engage with a lot of areas.
Outside of work I mostly do music, especially of the traditional Irish variety.
New vulnerability from Zero Day initiative that's getting a lot of attention
#vulnintel #threatintel #linuxkernel
https://www.zerodayinitiative.com/advisories/ZDI-22-1690/
A few notes -
No CVE; not sure what's going on with this disclosure but I don't even see notes from the major enterprise Linux vendors?
The disclosure also doesn't actually state affected versions; the patch note in question identifies the kernel component as ksmbd, which is the new in-kernel SMB3 server they added in the 5.15 LTS release in October 2021, so scope is almost certainly extremely limited, at least in any enterprise environment.
As for exploitability, looking at the patch note again it states that the disconnect function leaves a dangling pointer, meaning you have to establish a connection first to have the object exist, so this is probably exploitable over SMB if you're running an SMB server using ksmbd.