CVEs ARE DYING - ThreatWire
Вставка
- Опубліковано 31 тра 2024
- ⬇️ OPEN FOR LINKS TO ARTICLES TO LEARN MORE ⬇️
Support ThreatWire → / threatwire
@endingwithali →
Twitch: / endingwithali
Twitter: / endingwithali
Everywhere else: links.ali.dev
[❗] ThreatWire Patreon has moved to → / threatwire
0:00 Intro
0:12 - The NVD is MIA
2:09 - Linux Foundation CVE Reporting Changed
4:16 - Cisco Acquires Splunk
4:20 - It’s Literally Black Market Extortion
6:06 - Is the AT&T Leak Real?
7:02 - OUTRO
LINKS
🔗 Story 1: The NVD is MIA
blog.morphisec.com/national-v...
anchore.com/blog/national-vul...
nvd.nist.gov/
www.hackread.com/nist-nvd-hal...
🔗 Story 2: Linux Foundation CVE Reporting Changed
github.com/torvalds/linux/blo...
community.synopsys.com/s/ques...
lwn.net/ml/linux-kernel/20240...
lwn.net/Articles/961961/
openssf.org/blog/2024/02/14/l...
This story had help with sourcing by Karl and Lacey! Thank you for the help!
🔗 Story 3: Cisco Acquires Splunk
www.cisco.com/site/us/en/abou...
🔗 Story 4: It’s Literally Black Market Extortion
grahamcluley.com/incognito-ma...
krebsonsecurity.com/2024/03/i...
🔗 Story 5: Is the AT&T Leak Real?
www.scmagazine.com/brief/att-...
www.bleepingcomputer.com/news...
www.theregister.com/2024/03/1...
www.nextgov.com/cybersecurity...
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong. - Наука та технологія
The CVEs not being reported until they are fixed means vulnerabilities will exist without that information being provided to parties that need to deal with it until a fix is available.
The kernel team IS the party that needs to deal with it.
@@dingokidneys....and if one were to have a Linux kernel deployed somewhere... no deal?
@@arandomnamegoeshere Say there's a use after free error in the ICH9 driver affecting kernels newer than 5.6 to pull an example out of the air. What will you do with that knowledge in the absence of a kernel patch? There's nothing you can do to prevent processes running on the system from accessing that driver that would allow you to continue to use the machine the kernel is running on. It's literally keep on running and hope that you don't pick up anything that exploits that bug or power the machine down until the kernel patch comes out.
@dingokidneys add it to the risk register. Increase monitoring on hosts affected by the vulnerability. Enact further segregation to minimise exposures. Increase the priority on our project to isolate identified servers from the internet. Further restrict access to particular servers. Change hardware. Bring forward the migration project to move towards SaaS for our systems pushing the risk ownership to our cloud vendor.
Not every mitigation must be a patch. Without knowledge of vulnerabilities and their impact we have no knowledge of how to spend our limited budget, effort and time to best secure our estate.
To assume only kernel devs should be aware is exceedingly myopic.
that may be so, but the damage is already dealt to the customer base. most of the times companies report vulnarablities 6 months or more after finding the compromise. a company i used to worked for, waited a year, shut down its server, reloaded the information, made everyone change their password, offered life lock. they did so without warning, the sad part is, it is an PC company and they specialize in this type of protection. not to mention that lifelock has also been targeted by vulnerabilities manytimes before. I don't think anyone or anything is really safe from these issues. Somtimes they are not fixed at all and to reduce panic they just say they have done something. after all individual people are more often to get fired and the company is less likely to be found at fault and shut down. this is probably why when the great att outage of 2024 that took out an entire cell network was a result of a "bad update" and not a "hack attack"
We had an IT recruiter come in to our college class and he basically said stop trying to beautify your resumes. Put the important things that qualify you for the job and your contact info at the top, and leave the work history and what not towards the bottom/ next page.
This is a fantastic episode pointing to the fact that so many of these CVE's were at scale in years past. Today the level of sophistication of threats and a legitimate capability to keep up and categorize and process them in this model simply does not scale. Regardless of what happens a change to the model must take place.
Incognito was a textbook exit-scam. This just as Nemesis market got blasted by the German FEDS.
ShinyHunters back at it again, AT&T malding and balding.
Why are you calling them feds when it's Bundestag? Don't use English words. That one isn't that hard to spell. It makes it more difficult for other people to look up who did what.
We held a funeral for Splunk this week.
I actually LAUGHED OUT LOUD reading this
Why ?
amazing the amount of CVEs that have no fixes. I use them for work all the time. Gonna suck when they get rid of some of them.
👀 Appreciate your honesty about never being on the DW. You’re not missing much. Best to stay away from black holes….
yup, i felt for the clickbait
Somebody tell Linux patched CVEs are remediations not vulns. Duh.
Incognito tried to extort me but they couldn't find my history.
Ally should interview @LaurieWired on camera. That would be an interview to remember.
Got to see her do a talk at the Spokane Cyber Cup on February 10th and she’s a great speaker. +1 this
Just seeing them interact would be great, i feel like their sense of humor would match up in a badass way.
SORRY FOR BEING HOT AND SMART LMFAO GET EM!!
Good info. Do you think automated scanners like SonarQube will incorporate these new CVE feeds?
Manager:
I look for a conpetant individual that is a criticsl thinker. Enough paper pushers and people who cant think for themselves, sick of printing silly meme-worthy motivational posters, just need people that dont need their hands to be held (at least not for more then a 2-3 weeks until they figure out where they fit in).
they have already found all vulnerabilities in Windows, now they are going to completely find all the ones for linux. they know some cannot be fixed, and some can, but they are all aware all windows vulnerabilities, including future ones. this does not mean that they will stop their dedication to finding them. now that more people are using Linux including the great gamer migration and because of proton implementation within steam, the CVE's are now going up due to a shift in users on linux. steam os is based around linux, android is linux based, bluestacks, and they have had even more time to prepare now that windows has linux for windows. with the world turning more to Open source products it will be getting much worse. this is why you macs are going to see more CVE's also.
Thanks for sharing !
Great job on the video! As CVEs continue to get more common with more and more bug bounty hunters out there every day, I really hope that the reporting structure continues to evolve. Hi Twitch Chat! Ali what does that pink sign behind you say? Also DRIP CHECK time Ali pog
Great follow up shirt, after last week ❤
watching their video still feels like early 2000s
Love LoVe Love the shirt!!!!
The stages of problem-solving for addressing the vulnerability problem, specifically in regards to the decline of CVEs, typically involve:
1. Identifying vulnerabilities
2. Evaluating vulnerabilities
3. Treating vulnerabilities
4. Reporting vulnerabilities
These stages are crucial in the vulnerability management process to effectively assess and mitigate security risks in IT infrastructure.
Where can we get the shirt ?
Love the shirt =D
Happy Nourouz
VERY very GOOD video
You Convince me, I like subscribe. And comment
Thanks sueety🎉❤😊😊😊 Just ignore cowbell tee-shirt commenters.
Accurate shirt 😂
Love the shirt 🥵❤️🔥
Seven words that make algorithms love You.
That blooper though haha
that shirt is funny
Free cookies!
where can i ask a SECQ without unfolding a POC ?
Love the T
I feel like this shirt is in direct response to some dude whining about hak5 “catering you younger crowds” back on one of Ali’s first videos haha!
No, you're not sorry
never
@@endingwithali
I blame chatgpt
😬
!idk, apology for being so hot and smart :) J.K
I like the shrit 🤣😂😴
nah
Dyer.
עליה? לא הבנתי, היא משלנו?
Do u know what necklace she's wearing
Her name in Hebrew I presume Aliche
Looks like a Hebrew name as already mentioned, lol!
its my hebrew name :)
עלית זה שם יפה…
linux LINUX L I N U X
You should read mean tweets. I love those bits
i actually dont get that many mean tweets or comments tbh 🤷♀
עליח או שרשום אלירז ? קשה לראות
Aliyah… her name
Gdi
The 👕 is 🔥
I was confused at first but its funny you fool me
That's shirt lol 😂😂😂
Click bait LOL 😅😂
the word is patch not fix! its never fixed!
This channel still alive? Lololol
what do you watch instead?
good girl.
and thats the unsub
Same Sh*t, different T-shirt.
Ali I am not convinced you get sufficient viewer feedback about what the viewers of infosec want? Also you look like a sales person much more rather than like a hacker?
what does a hacker even look like lmao
Good morning hand had my coffee yet let me think a bit I think in infosec to deliver valueable information such as news, or curiosities, you have to understand the business world big picture, top down, the IT world inside-out, the software development, and the people who work with this stuff, to heart. To understand and respect all the sentiment to be able to prioritize what is important news and what less important. Personal independence. And some pain from working long hours. Or street smarts. Trust. More male energy than female energy or a different balance of the energies than presented. I don't know it all depends what you want to do exactly. My comment is that if you want to deliver the infosec news you can pay attention to what infosec public really wants to hear and how, and if you want to have a IT related career you are not at all limited to infosec because of your energy that you bring forward. At least in these few videos. Also it's a more dangerous world infosec. But actually I remember you are backend engineer so keep doing that I guess it pays well for sure so youll be just fine. Much love.@@endingwithali
you are awesome you got this@@endingwithali
lmao i dont know @@endingwithali
side scrolling is painful please stop
No need to apologize for being hot and smart. We're the ones with the problem who can't take our eyes off your beauty 😍😊🌹
*"Sorry for being so hot and smart..."*
Uhm...You need a need T-shirt. Why?
You're neither hot nor smart.
It's a joke...
Ever wonder where the old "dumb broad" saying comes from?
(If you don't get it, people assume a decent looking woman is only where she is for everything but her brain).
LOL
Nice, I was 666th. ;P Thanks ThreatWire staff and @Hak5 for doing the world a service :)
i accept your apology 😩
Are you a hiring manager? Cuz I'm about to get fired. 😂