Not Simon

@simontsui@infosec.exchange
1.2K Followers
112 Following
687 Posts
This is not Simon. Opinions are made by a screaming goat and do not express the views or opinions of his goatherder.
Show threadNot SimonApr 17, 2024

TrustedSec CTO Justin Elze shared CVE-2024-3400 exploit in the wild on Twitter yesterday, reports that 149.28.194.95 was attempting to exploit CVE-2024-3400

#CVE_2024_3400 #PaloAltoNetworks #zeroday #activeexploitation #eitw #kev #KnownExploitedVulnerabilitiesCatalog #vulnerability #ProofofConcept #threatintel #IOC

Not SimonMar 28, 2024

U.S. State Department press release: Reward Offer for Information on ALPHV BlackCat-linked Cyber Actors Targeting U.S. Critical Infrastructure. State's Rewards for Justice (RFJ) program is offering a reward of up to $10 million for information leading to the identification or location of ALPHV BlackCat actors, their affiliates, activities, or links to a foreign government. 🔗 https://www.state.gov/rewards-for-justice-reward-offer-for-information-on-alphv-blackcat-linked-cyber-actors-targeting-u-s-critical-infrastructure/

#USStateDept #RewardsForJustice #BlackCat #ALPHV #threatintel

Show threadNot SimonMar 26, 2024

U.S. State Department Rewards for Justice (RFJ) program is offering a reward of up to $10 million for information leading to the identification or location of APT31, a collection of Chinese state-sponsored intelligence officers, contract hackers, and support staff that conduct malicious cyber operations on behalf of the Hubei State Security Department (HSSD), a provincial branch of the Ministry of State Security. 🔗 https://rewardsforjustice.net/rewards/apt31-wuhan-xiaoruizhi-science-technology-company-ltd/

#China #cyberespionage #StateDept #RewardsforJustice #APT31 #threatintel

APT31/Wuhan Xiaoruizhi Science & Technology Company, Ltd. – Rewards For Justice

Not SimonMar 21, 2024

iSoon

#Apple #PatchTuesday #iOS #vulnerability

×
Not SimonMar 21, 2024

iSoon

#Apple #PatchTuesday #iOS #vulnerability

Show threadNot SimonMar 25, 2024

Apple security advisories have been released:

All of the security advisories reference CVE-2024-1580 (5.9 medium) which is an integer overflow in dav1d AV1 decoder that could lead to out-of-bounds write (arbitrary code execution). It was fixed with improved input validation. No mention of exploitation in the wild. Discovered by Nick Galloway of Google Project Zero.

#Apple #PatchTuesday #vulnerability #securityadvisory #CVE_2024_1580

About the security content of macOS Sonoma 14.4.1

This document describes the security content of macOS Sonoma 14.4.1.

Apple Support
Show threadNot SimonMar 26, 2024

Apple publishes a security advisory 5 hours after the first two. It's for Safari 17.4.1: CVE-2024-1580 again affects WebRTC. An out-of-bounds write issue (processing an image may lead to arbitrary code execution) was addressed with improved input validation. No mention of exploitation. Nick Galloway of Google Project Zero again. 🔗 https://support.apple.com/en-us/HT214094

#Apple #PatchTuesday #vulnerability #CVE_2024_1580

About the security content of Safari 17.4.1

This document describes the security content of Safari 17.4.1.

Apple Support