101010.pl

Blake PattersonNot a comforting thing to find in someone's old code you're trying to debug.<a href="https://oldbytes.space/tags/webdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#webdev</a> <a href="https://oldbytes.space/tags/code" class="mention hashtag" rel="nofollow noopener" target="_blank">#code</a> <a href="https://oldbytes.space/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#programming</a> <a href="https://oldbytes.space/tags/ColdFusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#ColdFusion</a> <a href="https://oldbytes.space/tags/codecomments" class="mention hashtag" rel="nofollow noopener" target="_blank">#codecomments</a> <a href="https://oldbytes.space/tags/developers" class="mention hashtag" rel="nofollow noopener" target="_blank">#developers</a> <a href="https://oldbytes.space/tags/screenshot" class="mention hashtag" rel="nofollow noopener" target="_blank">#screenshot</a>

Blake PattersonIt occurs to me, a web developer these 25 years, that I am in fact...The Gentleman of Shalott<a href="https://oldbytes.space/tags/web" class="mention hashtag" rel="nofollow noopener" target="_blank">#web</a> <a href="https://oldbytes.space/tags/webdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#webdev</a> <a href="https://oldbytes.space/tags/developer" class="mention hashtag" rel="nofollow noopener" target="_blank">#developer</a> <a href="https://oldbytes.space/tags/internet" class="mention hashtag" rel="nofollow noopener" target="_blank">#internet</a> <a href="https://oldbytes.space/tags/www" class="mention hashtag" rel="nofollow noopener" target="_blank">#www</a> <a href="https://oldbytes.space/tags/coldfusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#coldfusion</a> <a href="https://oldbytes.space/tags/php" class="mention hashtag" rel="nofollow noopener" target="_blank">#php</a> <a href="https://oldbytes.space/tags/asp" class="mention hashtag" rel="nofollow noopener" target="_blank">#asp</a> <a href="https://oldbytes.space/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#python</a> <a href="https://oldbytes.space/tags/webdeveloper" class="mention hashtag" rel="nofollow noopener" target="_blank">#webdeveloper</a>

Java WeeklyLucee: A light-weight dynamic CFML scripting language for the JVM<a href="https://www.lucee.org/" rel="nofollow noopener" translate="no" target="_blank">https://www.lucee.org/</a>Discussions: <a href="https://discu.eu/q/https://www.lucee.org/" rel="nofollow noopener" translate="no" target="_blank">https://discu.eu/q/https://www.lucee.org/</a><a href="https://mastodon.social/tags/coldfusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#coldfusion</a> <a href="https://mastodon.social/tags/jvm" class="mention hashtag" rel="nofollow noopener" target="_blank">#jvm</a> <a href="https://mastodon.social/tags/webdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#webdev</a>

Zuri (he/him) 🕐 CET<a href="https://mastodon.social/@nixCraft" class="u-url mention" rel="nofollow noopener" target="_blank">@nixCraft</a> In the <a href="https://mastodon.online/tags/ColdFusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#ColdFusion</a> implementation, they wanted to write x[y][z] but autocomplete changed it to x[y][zero], which CF then interpreted as a literal 0 and here we are

Reinald KirchnerMich wundert ja, das die <a href="https://nrw.social/tags/fdp" class="mention hashtag" rel="nofollow noopener" target="_blank">#fdp</a> noch keine Förderung für <a href="https://nrw.social/tags/ColdFusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#ColdFusion</a> ausgelobt hat 🤣

Zuri (he/him) 🕐 CETI've been <a href="https://mastodon.online/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#programming</a> for 14 years now, have been using <a href="https://mastodon.online/tags/PHP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PHP</a>, <a href="https://mastodon.online/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#JavaScript</a>, <a href="https://mastodon.online/tags/ColdFusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#ColdFusion</a>, <a href="https://mastodon.online/tags/Ruby" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ruby</a>, and whatnot, but holy cow, when reading the following chapter, I've literally been yelling "what the heck" at every second paragraph:<a href="https://tutorial.ponylang.io/types/traits-and-interfaces" rel="nofollow noopener" translate="no" target="_blank">https://tutorial.ponylang.io/types/traits-and-interfaces</a>I mean, <a href="https://mastodon.online/tags/PonyLang" class="mention hashtag" rel="nofollow noopener" target="_blank">#PonyLang</a> really tries to explain everything in depth, and I appreciate the effort, but while it works fine in earlier chapters, it confuses the heck out of me in this at length.<a href="https://mastodon.online/tags/amProgramming" class="mention hashtag" rel="nofollow noopener" target="_blank">#amProgramming</a> <a href="https://mastodon.online/tags/amCoding" class="mention hashtag" rel="nofollow noopener" target="_blank">#amCoding</a> <a href="https://mastodon.online/tags/computerScience" class="mention hashtag" rel="nofollow noopener" target="_blank">#computerScience</a>

Xavier «X» Santolaria :verified_paw: :donor:📨 Latest issue of my curated <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> and <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> list of resources for week #49/2023 is out! It includes the following and much more:➝ 🔓 🧬 <a href="https://infosec.exchange/tags/23andMe" class="mention hashtag" rel="nofollow noopener" target="_blank">#23andMe</a> updates user agreement to prevent <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#databreach</a> lawsuits ➝ 🔓 🇺🇸 Hackers Exploited <a href="https://infosec.exchange/tags/ColdFusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#ColdFusion</a> Vulnerability to Breach Federal Agency Servers ➝ 🔓 🇺🇸 <a href="https://infosec.exchange/tags/Navy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Navy</a> contractor Austal USA confirms <a href="https://infosec.exchange/tags/cyberattack" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberattack</a> after <a href="https://infosec.exchange/tags/dataleak" class="mention hashtag" rel="nofollow noopener" target="_blank">#dataleak</a> ➝ 🔓 🇯🇵 <a href="https://infosec.exchange/tags/Nissan" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nissan</a> is investigating cyberattack and potential data breach ➝ 🔓 🇬🇧 Sellafield nuclear site hacked by groups linked to <a href="https://infosec.exchange/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a> and <a href="https://infosec.exchange/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#China</a> ➝ 🔓 👾 <a href="https://infosec.exchange/tags/Roblox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Roblox</a>, <a href="https://infosec.exchange/tags/Twitch" class="mention hashtag" rel="nofollow noopener" target="_blank">#Twitch</a> allegedly targeted by <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#ransomware</a> cartel ➝ 🇰🇵 N. Korean <a href="https://infosec.exchange/tags/Kimsuky" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kimsuky</a> Targeting South Korean Research Institutes with <a href="https://infosec.exchange/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Backdoor</a> Attacks ➝ 🇷🇺 🦠 ITG05 operations leverage <a href="https://infosec.exchange/tags/Israel" class="mention hashtag" rel="nofollow noopener" target="_blank">#Israel</a>-<a href="https://infosec.exchange/tags/Hamas" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hamas</a> conflict lures to deliver Headlace <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> ➝ 🇷🇺 Russian military hackers target <a href="https://infosec.exchange/tags/NATO" class="mention hashtag" rel="nofollow noopener" target="_blank">#NATO</a> fast reaction corps ➝ 🇮🇪 🇮🇱 Cyberattack on Irish Utility Cuts Off Water Supply for Two Days ➝ 🇷🇺 🇬🇧 Russia hacking: '<a href="https://infosec.exchange/tags/FSB" class="mention hashtag" rel="nofollow noopener" target="_blank">#FSB</a> in years-long cyber attacks on UK', says government ➝ 🇷🇺 🤖 Russia's AI-Powered Disinformation Operation Targeting <a href="https://infosec.exchange/tags/Ukraine" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ukraine</a>, U.S., and <a href="https://infosec.exchange/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#Germany</a> ➝ 🇷🇺 📨 <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> Warns of Kremlin-Backed <a href="https://infosec.exchange/tags/APT28" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT28</a> Exploiting Critical <a href="https://infosec.exchange/tags/Outlook" class="mention hashtag" rel="nofollow noopener" target="_blank">#Outlook</a> Vulnerability ➝ 🚢 💊 Inside Job: How a Hacker Helped Cocaine Traffickers Infiltrate Europe’s Biggest Ports ➝ 📱 🕵🏻‍♂️ Governments spying on <a href="https://infosec.exchange/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#Apple</a>, <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> users through push notifications - US senator ➝ 🤖 🕵🏻‍♂️ Due to AI, “We are about to enter the era of mass spying,” says Bruce Schneier ➝ 🇺🇦 🫡 Ukraine appoints new cyber chief following ouster of top officials ➝ 🇳🇴 💰 Norwegian Labor and Welfare Administration fined for data protection failures ➝ 🇫🇷 💬 French government recommends against using foreign chat apps ➝ 🐛 🛜 "Sierra:21" vulnerabilities impact <a href="https://infosec.exchange/tags/criticalinfrastructure" class="mention hashtag" rel="nofollow noopener" target="_blank">#criticalinfrastructure</a> routers ➝ 🎠 🇹🇭 New Stealthy 'Krasue' <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> Trojan Targeting <a href="https://infosec.exchange/tags/Telecom" class="mention hashtag" rel="nofollow noopener" target="_blank">#Telecom</a> Firms in Thailand ➝ 🦠 🤖 SpyLoan <a href="https://infosec.exchange/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#Android</a> malware on Google Play downloaded 12 million times ➝ 🦠 <a href="https://infosec.exchange/tags/LogoFAIL" class="mention hashtag" rel="nofollow noopener" target="_blank">#LogoFAIL</a>: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks ➝ 🔓 💻 Just about every <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> and <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> device vulnerable to new LogoFAIL firmware attack ➝ 🔐 💬 <a href="https://infosec.exchange/tags/Meta" class="mention hashtag" rel="nofollow noopener" target="_blank">#Meta</a> Launches Default End-to-End Encryption for Chats and Calls on Messenger ➝ 🔐 Addressing post-quantum <a href="https://infosec.exchange/tags/cryptography" class="mention hashtag" rel="nofollow noopener" target="_blank">#cryptography</a> with <a href="https://infosec.exchange/tags/CodeQL" class="mention hashtag" rel="nofollow noopener" target="_blank">#CodeQL</a> ➝ 🤖 📨 <a href="https://infosec.exchange/tags/Gmail" class="mention hashtag" rel="nofollow noopener" target="_blank">#Gmail</a>’s AI-powered <a href="https://infosec.exchange/tags/spam" class="mention hashtag" rel="nofollow noopener" target="_blank">#spam</a> detection is its biggest security upgrade in years ➝ 📱 🔓 Your mobile password manager might be exposing your credentials ➝ 🐛 <a href="https://infosec.exchange/tags/Qualcomm" class="mention hashtag" rel="nofollow noopener" target="_blank">#Qualcomm</a> Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks 📚 This week's recommended reading is: "The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws" by Dafydd Stuttard Subscribe to the <a href="https://infosec.exchange/tags/infosecMASHUP" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosecMASHUP</a> newsletter to have it piping hot in your inbox every week-end ⬇️<a href="https://infosec-mashup.santolaria.net/p/infosec-mashup-week-492023" rel="nofollow noopener" translate="no" target="_blank">https://infosec-mashup.santolaria.net/p/infosec-mashup-week-492023</a>

FreemindThis exploitation allowed them to drop malware using HTTP POST commands to the directory path associated with ColdFusion.<a href="https://mastodon.online/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> <a href="https://mastodon.online/tags/Cyberattack" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyberattack</a> <a href="https://mastodon.online/tags/Government" class="mention hashtag" rel="nofollow noopener" target="_blank">#Government</a> <a href="https://mastodon.online/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#USA</a> <a href="https://mastodon.online/tags/Adobe" class="mention hashtag" rel="nofollow noopener" target="_blank">#Adobe</a> <a href="https://mastodon.online/tags/ColdFusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#ColdFusion</a> <a href="https://mastodon.online/tags/Vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vulnerabilities</a> <a href="https://cybersec84.wordpress.com/2023/12/06/critical-coldfusion-vulnerability-exploited-in-federal-agency-breach/" rel="nofollow noopener" translate="no" target="_blank">https://cybersec84.wordpress.com/2023/12/06/critical-coldfusion-vulnerability-exploited-in-federal-agency-breach/</a>

⊥ᵒᵚ⁄Cᵸᵎᶺᵋᶫ∸ᵒᵘ ☑️<a href="https://mastodon.social/@nixCraft" class="u-url mention" rel="nofollow noopener" target="_blank">@nixCraft</a> I still write <a href="https://qoto.org/tags/coldfusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#coldfusion</a> you insensitive clod :-) <a href="https://qoto.org/tags/lucee" class="mention hashtag" rel="nofollow noopener" target="_blank">#lucee</a> <a href="https://qoto.org/tags/geek" class="mention hashtag" rel="nofollow noopener" target="_blank">#geek</a>

stux⚡What is the Cyber Trust Mark? & Major ColdFusion & Microsoft Exchange Hacks Underway! <a href="https://mstdn.social/tags/ThreatWire" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatWire</a> <a href="https://mstdn.social/tags/Hak5" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hak5</a> <a href="https://mstdn.social/tags/ColdFusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#ColdFusion</a> <a href="https://mstdn.social/tags/MicrosoftExchange" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftExchange</a><a href="https://www.youtube.com/watch?v=yoVkxZ8JRcQ" rel="nofollow noopener" target="_blank">https://www.youtube.com/watch?v=yoVkxZ8JRcQ</a>

Xavier «X» Santolaria :verified_paw: :donor:📨 Latest issue of my curated <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> and <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> list of resources for week #29/2023 is out! It includes the following and much more:➝ 🇷🇺 ⚖️ <a href="https://infosec.exchange/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a> Seeks 18 Years in Jail for Founder of <a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybersecurity</a> Firm ➝ 🇷🇺 🇪🇺 Pro-Russian hacktivists increase focus on Western targets. The latest is <a href="https://infosec.exchange/tags/OnlyFans" class="mention hashtag" rel="nofollow noopener" target="_blank">#OnlyFans</a> ➝ 🧨 🤖 <a href="https://infosec.exchange/tags/DDoS" class="mention hashtag" rel="nofollow noopener" target="_blank">#DDoS</a> Botnets Hijacking <a href="https://infosec.exchange/tags/Zyxel" class="mention hashtag" rel="nofollow noopener" target="_blank">#Zyxel</a> Devices to Launch Devastating Attacks ➝ 🪱 New <a href="https://infosec.exchange/tags/P2PInfect" class="mention hashtag" rel="nofollow noopener" target="_blank">#P2PInfect</a> Worm Targeting Redis Servers on <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#Linux</a> and <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a> Systems ➝ 🚫 🛜 <a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> restricting internet access to some employees to reduce <a href="https://infosec.exchange/tags/cyberattack" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberattack</a> risk ➝ 🇬🇧 🍏 <a href="https://infosec.exchange/tags/Apple" class="mention hashtag" rel="nofollow noopener" target="_blank">#Apple</a> slams UK surveillance-bill proposals ➝ 🎭 💸 Cybersecurity firm <a href="https://infosec.exchange/tags/Sophos" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sophos</a> impersonated by new <a href="https://infosec.exchange/tags/SophosEncrypt" class="mention hashtag" rel="nofollow noopener" target="_blank">#SophosEncrypt</a> ransomware ➝ 🇺🇦 🤖 <a href="https://infosec.exchange/tags/Ukraine" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ukraine</a> takes down massive bot farm, seizes 150,000 SIM cards ➝ 🔐 🛜 <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISA</a> and <a href="https://infosec.exchange/tags/NSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#NSA</a> Issue New Guidance to Strengthen <a href="https://infosec.exchange/tags/5G" class="mention hashtag" rel="nofollow noopener" target="_blank">#5G</a> Network Slicing Against Threats ➝ 🇨🇳 🦠 Chinese <a href="https://infosec.exchange/tags/APT41" class="mention hashtag" rel="nofollow noopener" target="_blank">#APT41</a> Hackers Target Mobile Devices with New WyrmSpy and DragonEgg <a href="https://infosec.exchange/tags/Spyware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Spyware</a> ➝ 🇺🇸 🪦 Famed Hacker Kevin Mitnick Dead at 59 ➝ 🇺🇸 🕵🏻‍♂️ U.S. Government Blacklists <a href="https://infosec.exchange/tags/Cytrox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cytrox</a> and <a href="https://infosec.exchange/tags/Intellexa" class="mention hashtag" rel="nofollow noopener" target="_blank">#Intellexa</a> Spyware Vendors for Cyber Espionage ➝ ☁️ 🔓 <a href="https://infosec.exchange/tags/Citrix" class="mention hashtag" rel="nofollow noopener" target="_blank">#Citrix</a> alerts users to critical vulnerability in Citrix ADC and Gateway ➝ 🔓 📂 <a href="https://infosec.exchange/tags/VirusTotal" class="mention hashtag" rel="nofollow noopener" target="_blank">#VirusTotal</a> Data Leak Exposes Some Registered Customers' Details ➝ 🦠 🐈‍⬛ FIN8 Group Using Modified Sardonic <a href="https://infosec.exchange/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Backdoor</a> for <a href="https://infosec.exchange/tags/BlackCat" class="mention hashtag" rel="nofollow noopener" target="_blank">#BlackCat</a> Ransomware Attacks ➝ 👤 🔓 <a href="https://infosec.exchange/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#GitHub</a> Security alert: social engineering campaign targets technology industry employees ➝ 🇺🇸 🇨🇳 Analysis of <a href="https://infosec.exchange/tags/Storm0558" class="mention hashtag" rel="nofollow noopener" target="_blank">#Storm0558</a> techniques for unauthorized email access ➝ 🇨🇳 ☁️ <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens ➝ 🇺🇸 📱 White House, <a href="https://infosec.exchange/tags/FCC" class="mention hashtag" rel="nofollow noopener" target="_blank">#FCC</a> advance efforts to add security labels to connected devices ➝ 🇪🇸 🇺🇦 Police arrests Ukrainian <a href="https://infosec.exchange/tags/scareware" class="mention hashtag" rel="nofollow noopener" target="_blank">#scareware</a> developer after 10-year hunt ➝ 🇳🇴 💵 <a href="https://infosec.exchange/tags/Norway" class="mention hashtag" rel="nofollow noopener" target="_blank">#Norway</a> Threatens $100,000 Daily Fine on <a href="https://infosec.exchange/tags/Meta" class="mention hashtag" rel="nofollow noopener" target="_blank">#Meta</a> Over Data ➝ 🅰️ 🔓 Two New Adobe <a href="https://infosec.exchange/tags/ColdFusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#ColdFusion</a> Vulnerabilities Exploited in Attacks ➝ 🎣 🌍 <a href="https://infosec.exchange/tags/JumpCloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#JumpCloud</a> Says Sophisticated Nation-State Hackers Targeted Specific Customers ➝ 🦠 📊 <a href="https://infosec.exchange/tags/MOVEit" class="mention hashtag" rel="nofollow noopener" target="_blank">#MOVEit</a> Hack: Number of Impacted Organizations Exceeds 340 📚 This week's recommended reading is: "Leadership Is Changing the Game - The Transition from Technical Expert to Leader" by Brian DonovanSubscribe to the <a href="https://infosec.exchange/tags/infosecMASHUP" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosecMASHUP</a> newsletter to have it piping hot in your inbox every week-end ⬇️<a href="https://infosec-mashup.santolaria.net/p/infosec-mashup-week-292023" rel="nofollow noopener" translate="no" target="_blank">https://infosec-mashup.santolaria.net/p/infosec-mashup-week-292023</a>

IT NewsExploited 0-days, an incomplete fix, and a botched disclosure: Infosec snafu reigns - Enlarge (credit: Getty Images) Organizations big and small are... - <a href="https://arstechnica.com/?p=1954819" rel="nofollow noopener" target="_blank">https://arstechnica.com/?p=1954819</a> <a href="https://schleuss.online/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#vulnerability</a> <a href="https://schleuss.online/tags/coldfusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#coldfusion</a> <a href="https://schleuss.online/tags/netscaler" class="mention hashtag" rel="nofollow noopener" target="_blank">#netscaler</a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://schleuss.online/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#exploit</a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener" target="_blank">#biz</a>⁢ <a href="https://schleuss.online/tags/citrix" class="mention hashtag" rel="nofollow noopener" target="_blank">#citrix</a> <a href="https://schleuss.online/tags/adobe" class="mention hashtag" rel="nofollow noopener" target="_blank">#adobe</a>

Caitlin CondonThis was a wild ride. Simplified timeline below, <a href="https://infosec.exchange/tags/Adobe" class="mention hashtag" rel="nofollow noopener" target="_blank">#Adobe</a> <a href="https://infosec.exchange/tags/ColdFusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#ColdFusion</a> users need to update to the versions released on July 14, NOT the versions released July 11. Active exploitation in multiple Rapid7 customer environments. * July 11: July ColdFusion updates go out, including for Rapid7-discovered access control bypass (<a href="https://infosec.exchange/tags/CVE_2023_29298" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE_2023_29298</a>) * July 12: Project Discovery blogs an (accidental?) <a href="https://infosec.exchange/tags/0day" class="mention hashtag" rel="nofollow noopener" target="_blank">#0day</a> <a href="https://infosec.exchange/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#exploit</a> chain for what will become CVE-2023-38203 * July 13: Rapid7 detects exploitation of the two vulns above * July 14: <a href="https://infosec.exchange/tags/CVE_2023_38203" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE_2023_38203</a> patched out of band * July 17: Rapid7 finds CVE-2023-29298 patch is incomplete, re-reports to AdobePatching to the July 14 versions should still prevent the attacker behavior <a href="https://infosec.exchange/tags/Rapid7" class="mention hashtag" rel="nofollow noopener" target="_blank">#Rapid7</a> MDR is seeing since patching the deserialization(s) breaks the chain. <a href="https://www.rapid7.com/blog/post/2023/07/17/etr-active-exploitation-of-multiple-adobe-coldfusion-vulnerabilities/" rel="nofollow noopener" translate="no" target="_blank">https://www.rapid7.com/blog/post/2023/07/17/etr-active-exploitation-of-multiple-adobe-coldfusion-vulnerabilities/</a>

Alex Furey (TheFakeInYellow)This is my <a href="https://kind.social/tags/introduction" class="mention hashtag" rel="nofollow noopener" target="_blank">#introduction</a> post. I definitely did not make any posts before this.- He/him - I enjoy <a href="https://kind.social/tags/cooking" class="mention hashtag" rel="nofollow noopener" target="_blank">#cooking</a> a lot. - I'm a <a href="https://kind.social/tags/SoftwareEngineer" class="mention hashtag" rel="nofollow noopener" target="_blank">#SoftwareEngineer</a> doing <a href="https://kind.social/tags/webdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#webdev</a> and <a href="https://kind.social/tags/mobiledev" class="mention hashtag" rel="nofollow noopener" target="_blank">#mobiledev</a> (<a href="https://kind.social/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#JavaScript</a>, <a href="https://kind.social/tags/JQuery" class="mention hashtag" rel="nofollow noopener" target="_blank">#JQuery</a>, <a href="https://kind.social/tags/ColdFusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#ColdFusion</a>, <a href="https://kind.social/tags/MySQL" class="mention hashtag" rel="nofollow noopener" target="_blank">#MySQL</a>, <a href="https://kind.social/tags/MSSQL" class="mention hashtag" rel="nofollow noopener" target="_blank">#MSSQL</a>, <a href="https://kind.social/tags/Flutter" class="mention hashtag" rel="nofollow noopener" target="_blank">#Flutter</a>, <a href="https://kind.social/tags/Dart" class="mention hashtag" rel="nofollow noopener" target="_blank">#Dart</a>). - I like <a href="https://kind.social/tags/manga" class="mention hashtag" rel="nofollow noopener" target="_blank">#manga</a>, <a href="https://kind.social/tags/anime" class="mention hashtag" rel="nofollow noopener" target="_blank">#anime</a>, and <a href="https://kind.social/tags/manhwa" class="mention hashtag" rel="nofollow noopener" target="_blank">#manhwa</a>, <a href="https://kind.social/tags/DnD" class="mention hashtag" rel="nofollow noopener" target="_blank">#DnD</a>, <a href="https://kind.social/tags/MagicTheGathering" class="mention hashtag" rel="nofollow noopener" target="_blank">#MagicTheGathering</a>, <a href="https://kind.social/tags/EDH" class="mention hashtag" rel="nofollow noopener" target="_blank">#EDH</a>, <a href="https://kind.social/tags/Wildermyth" class="mention hashtag" rel="nofollow noopener" target="_blank">#Wildermyth</a>, <a href="https://kind.social/tags/LeagueOfLegends" class="mention hashtag" rel="nofollow noopener" target="_blank">#LeagueOfLegends</a> (but ARAM shenanigans only!) - Eclectic music tastes. - Recognizes the benefits of going outside but struggles to do so. - I write lists often.

IT NewsAnother Room-Temperature Superconductivity Claim and Questions of Scientific Integrity - In early March of 2023, a paper was published in Nature, with the researchers clai... - <a href="https://hackaday.com/2023/03/20/another-room-temperature-superconductivity-claim-and-questions-of-scientific-integrity/" rel="nofollow noopener" target="_blank">https://hackaday.com/2023/03/20/another-room-temperature-superconductivity-claim-and-questions-of-scientific-integrity/</a> <a href="https://schleuss.online/tags/superconductivity" class="mention hashtag" rel="nofollow noopener" target="_blank">#superconductivity</a> <a href="https://schleuss.online/tags/hackadaycolumns" class="mention hashtag" rel="nofollow noopener" target="_blank">#hackadaycolumns</a> <a href="https://schleuss.online/tags/measurement" class="mention hashtag" rel="nofollow noopener" target="_blank">#measurement</a> <a href="https://schleuss.online/tags/coldfusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#coldfusion</a> <a href="https://schleuss.online/tags/skepticism" class="mention hashtag" rel="nofollow noopener" target="_blank">#skepticism</a> <a href="https://schleuss.online/tags/science" class="mention hashtag" rel="nofollow noopener" target="_blank">#science</a>

Opalsec :verified:Get up to speed on the week's infosec news before another week in the trenches:<a href="https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-e05" rel="nofollow noopener" target="_blank">https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-e05</a>Last week's patch Tuesday had SmartScreen bypasses and the Ping of Death, but nothing could beat the <a href="https://infosec.exchange/tags/Outlook" class="mention hashtag" rel="nofollow noopener" target="_blank">#Outlook</a> zero-click credential leak that <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> patche-er, uh, wait, no not quite patched - turns out you can still abuse it locally to harvest NTLM credentials, yikes!Non-transitive trusts have one job - to enable cross-domain authentication between only the two domains that maintain it. Turns out, that's not the case - you can actually pivot between domains and forests, authenticating to Services well outside the intended scope of the trust. And Microsoft aren't going to fix it.<a href="https://infosec.exchange/tags/Emotet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Emotet</a> have realised in week two of their return that there's more to life than Macros, and have joined in the abuse of <a href="https://infosec.exchange/tags/OneNote" class="mention hashtag" rel="nofollow noopener" target="_blank">#OneNote</a> files to deliver their lures.In the world of ransomware, <a href="https://infosec.exchange/tags/BianLian" class="mention hashtag" rel="nofollow noopener" target="_blank">#BianLian</a> have opted to focus on exfil-and-extortion campaigns, after Avast released a pesky decryptor for their ransomware in January this year. <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISA</a> have opened their books and shared a detailed profile on <a href="https://infosec.exchange/tags/LockBit" class="mention hashtag" rel="nofollow noopener" target="_blank">#LockBit</a> 3.0's favoured TTPs and tooling that's worth a read.<a href="https://infosec.exchange/tags/Google" class="mention hashtag" rel="nofollow noopener" target="_blank">#Google</a> TAG have ousted Microsoft taking the easy way out in their previous patch of a SmartScreen bypass, opting to issue a half-baked patch that the <a href="https://infosec.exchange/tags/Magniber" class="mention hashtag" rel="nofollow noopener" target="_blank">#Magniber</a> ransomware crew quickly circumvented, enabling them to deliver over 100,000 malicous lures unencumbered by the now-patched security control.If you're running Adobe's ColdFusion, Aruba ClearPass, or SAP software - you're going to want to make sure you caught and patched these vulnerabilities that debuted last week.<a href="https://infosec.exchange/tags/Redteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#Redteam</a> members have a new and improved AD lab environment to play in, as well as new evasion techniques for remote shells and macros to add to the toolkit!Offensive Security have a gift for the <a href="https://infosec.exchange/tags/blueteam" class="mention hashtag" rel="nofollow noopener" target="_blank">#blueteam</a> in the defensive Kali Purple distro, and we've caught a bunch of awesome write-ups to help in scaling Detection Engineering and mitigating common initial access vectors.Catch all this and much more in this week's newsletter:<a href="https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-e05" rel="nofollow noopener" target="_blank">https://opalsec.substack.com/p/soc-goulash-weekend-wrap-up-e05</a><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/cyber" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyber</a> <a href="https://infosec.exchange/tags/news" class="mention hashtag" rel="nofollow noopener" target="_blank">#news</a> <a href="https://infosec.exchange/tags/cybernews" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybernews</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://infosec.exchange/tags/infosecnews" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosecnews</a> <a href="https://infosec.exchange/tags/informationsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#informationsecurity</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacking</a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://infosec.exchange/tags/technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#technology</a> <a href="https://infosec.exchange/tags/hacker" class="mention hashtag" rel="nofollow noopener" target="_blank">#hacker</a> <a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#vulnerability</a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#vulnerabilities</a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener" target="_blank">#ransomware</a> <a href="https://infosec.exchange/tags/dfir" class="mention hashtag" rel="nofollow noopener" target="_blank">#dfir</a> <a href="https://infosec.exchange/tags/soc" class="mention hashtag" rel="nofollow noopener" target="_blank">#soc</a> <a href="https://infosec.exchange/tags/threatintel" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatintel</a> <a href="https://infosec.exchange/tags/threatintelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#threatintelligence</a> <a href="https://infosec.exchange/tags/patchtuesday" class="mention hashtag" rel="nofollow noopener" target="_blank">#patchtuesday</a> <a href="https://infosec.exchange/tags/adobe" class="mention hashtag" rel="nofollow noopener" target="_blank">#adobe</a> <a href="https://infosec.exchange/tags/ColdFusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#ColdFusion</a> <a href="https://infosec.exchange/tags/Aruba" class="mention hashtag" rel="nofollow noopener" target="_blank">#Aruba</a> <a href="https://infosec.exchange/tags/ClearPass" class="mention hashtag" rel="nofollow noopener" target="_blank">#ClearPass</a> <a href="https://infosec.exchange/tags/SAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#SAP</a> <a href="https://infosec.exchange/tags/Kali" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kali</a>

BillWait, there is a known exploited vulnerability in COLD FUSION? What decade is it?<a href="https://coldfusion.adobe.com/2023/03/released-coldfusion-2021-and-2018-march-2023-security-updates/" rel="nofollow noopener" target="_blank">https://coldfusion.adobe.com/2023/03/released-coldfusion-2021-and-2018-march-2023-security-updates/</a><a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#appsec</a> <a href="https://infosec.exchange/tags/coldfusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#coldfusion</a>

☮ ♥ ♬ 🧑‍💻A good summary can be found listening to this vidcast summarising the MS vs Alphabet product release: “Google Embarrass Themselves (A.I. War Is Heating Up)” <a href="https://ioc.exchange/tags/Coldfusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#Coldfusion</a> <<a href="https://youtube.com/watch?v=5X1O5AS4nTc" rel="nofollow noopener" target="_blank">https://youtube.com/watch?v=5X1O5AS4nTc</a>>

ScienceFictionBooks<a href="https://bookstodon.com/tags/introduction" class="mention hashtag" rel="nofollow noopener" target="_blank">#introduction</a> I'm the author of 100 books on <a href="https://bookstodon.com/tags/Science" class="mention hashtag" rel="nofollow noopener" target="_blank">#Science</a> and <a href="https://bookstodon.com/tags/ScienceFiction" class="mention hashtag" rel="nofollow noopener" target="_blank">#ScienceFiction</a>. I love anything <a href="https://bookstodon.com/tags/StarWars" class="mention hashtag" rel="nofollow noopener" target="_blank">#StarWars</a> or <a href="https://bookstodon.com/tags/NASA" class="mention hashtag" rel="nofollow noopener" target="_blank">#NASA</a> or <a href="https://bookstodon.com/tags/SpaceX" class="mention hashtag" rel="nofollow noopener" target="_blank">#SpaceX</a> related. Currently the originator of the idea that we could SOON have Two Suns in the sky by simply using a <a href="https://bookstodon.com/tags/ColdFusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#ColdFusion</a> jump start on <a href="https://bookstodon.com/tags/Jupiter" class="mention hashtag" rel="nofollow noopener" target="_blank">#Jupiter</a>. What I call 'The Greatest Achievement in Human history. Check out - The Book To End All Books on <a href="https://bookstodon.com/tags/Amazon" class="mention hashtag" rel="nofollow noopener" target="_blank">#Amazon</a> Books ASAP - solution to our <a href="https://bookstodon.com/tags/EnergyCrisis" class="mention hashtag" rel="nofollow noopener" target="_blank">#EnergyCrisis</a> - OVERNIGHT~! <a href="https://www.amazon.com/dp/B0BL2JMSSJ/" rel="nofollow noopener" target="_blank">https://www.amazon.com/dp/B0BL2JMSSJ/</a> Would appreciate some kind <a href="https://bookstodon.com/tags/BookReviews" class="mention hashtag" rel="nofollow noopener" target="_blank">#BookReviews</a>

MJ :verified:<a href="https://mastodon.social/@wfaler" class="u-url mention" rel="nofollow noopener" target="_blank">@wfaler</a> <a href="https://fosstodon.org/@alexandru" class="u-url mention" rel="nofollow noopener" target="_blank">@alexandru</a> This could be interesting to see how many things I can remember (and then to look back and realized I’ve forgotten 😂)<a href="https://techhub.social/tags/java" class="mention hashtag" rel="nofollow noopener" target="_blank">#java</a> <a href="https://techhub.social/tags/CSharp" class="mention hashtag" rel="nofollow noopener" target="_blank">#CSharp</a> (or is it <a href="https://techhub.social/tags/C" class="mention hashtag" rel="nofollow noopener" target="_blank">#C</a># 😂) <a href="https://techhub.social/tags/PLSql" class="mention hashtag" rel="nofollow noopener" target="_blank">#PLSql</a> <a href="https://techhub.social/tags/TransactSql" class="mention hashtag" rel="nofollow noopener" target="_blank">#TransactSql</a> <a href="https://techhub.social/tags/bash" class="mention hashtag" rel="nofollow noopener" target="_blank">#bash</a> <a href="https://techhub.social/tags/perl" class="mention hashtag" rel="nofollow noopener" target="_blank">#perl</a> <a href="https://techhub.social/tags/ksh" class="mention hashtag" rel="nofollow noopener" target="_blank">#ksh</a> <a href="https://techhub.social/tags/VisualBasic" class="mention hashtag" rel="nofollow noopener" target="_blank">#VisualBasic</a> <a href="https://techhub.social/tags/ColdFusion" class="mention hashtag" rel="nofollow noopener" target="_blank">#ColdFusion</a> <a href="https://techhub.social/tags/php" class="mention hashtag" rel="nofollow noopener" target="_blank">#php</a> <a href="https://techhub.social/tags/c" class="mention hashtag" rel="nofollow noopener" target="_blank">#c</a> <a href="https://techhub.social/tags/cpp" class="mention hashtag" rel="nofollow noopener" target="_blank">#cpp</a> <a href="https://techhub.social/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#python</a> <a href="https://techhub.social/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#JavaScript</a>Really looking back at that list, it hasn’t been that many that I’ve used extensively. Have just gone deep in the ones used most. Either with different frameworks or functionality.

Recent searches

Search options

Administered by:

Server stats:

#coldfusion