Scratch.md (10)

!noid

Cisco IOS XE Software Web UI Privilege Escalation Vulnerability
https://hatenablog-parts.com/embed?url=https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z</a>" frameborder="0">https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z

Workarounds: No workarounds available

CVE-2023-20198
CVSS Score:Base 10.0
Base 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:X/RL:X/RC:X

>>2
Thousands of Cisco IOS XE devices hacked in widespread attacks
https://hatenablog-parts.com/embed?url=https://www.bleepingcomputer.com/news/security/thousands-of-cisco-ios-xe-devices-hacked-in-widespread-attacks/</a>" frameborder="0">https://www.bleepingcomputer.com/news/security/thousands-of-cisco-ios-xe-devices-hacked-in-widespread-attacks/

XEになってからそれなりに使えるWebUIになったし、REST叩くこともあるからなぁ
とはいえCoPPに引っ掛けるしグローバルに全開放するのはアホだしBest PracticeにもCoPPのSecurityに言及されてるはずだが

Signal Mobile App
A zero day exploit for signal was discovered that gives access to your full device. To close the vulnerability, have everyone go to setting under your profile in signal> chats> deselect “generate link preview”. Also make sure your signal app is up to date.
https://hatenablog-parts.com/embed?url=https://www.linkedin.com/posts/misaylor_signal-mobile-app-a-zero-day-exploit-for-activity-7119139278810447872-TFc5/</a>" frameborder="0">https://www.linkedin.com/posts/misaylor_signal-mobile-app-a-zero-day-exploit-for-activity-7119139278810447872-TFc5/

>>5
🤔

Signal says there is no evidence rumored zero-day bug is real
https://hatenablog-parts.com/embed?url=https://www.bleepingcomputer.com/news/security/signal-says-there-is-no-evidence-rumored-zero-day-bug-is-real/</a>" frameborder="0">https://www.bleepingcomputer.com/news/security/signal-says-there-is-no-evidence-rumored-zero-day-bug-is-real/

link previewつーかOGP周りって色々できるよね

Tech CEO Sentenced to 5 Years in IP Address Scheme
https://hatenablog-parts.com/embed?url=https://krebsonsecurity.com/2023/10/tech-ceo-sentenced-to-5-years-in-ip-address-scheme/</a>" frameborder="0">https://krebsonsecurity.com/2023/10/tech-ceo-sentenced-to-5-years-in-ip-address-scheme/

By 2013, a number of Micfo’s customers had landed on the radar of Spamhaus, a group that many network operators rely upon to stem the tide of junk email. Shortly after Spamhaus started blocking Micfo’s IP address ranges, Micfo shifted gears and began reselling IP addresses mainly to companies marketing “virtual private networking” or VPN services that help customers hide their real IP addresses online.

Beyond Quantum: MemComputing ASICs Could Shatter 2048-bit RSA Encryption
https://hatenablog-parts.com/embed?url=https://www.securityweek.com/beyond-quantum-memcomputing-asics-could-shatter-2048-bit-rsa-encryption/</a>" frameborder="0">https://www.securityweek.com/beyond-quantum-memcomputing-asics-could-shatter-2048-bit-rsa-encryption/

The feared ‘cryptopocalypse’ (the death of current encryption) might be sooner than expected – caused by in-memory computing ASICs rather than quantum computers.

China requires any new domestic Wi-Fi kit to support IPv6 and run it by default
https://hatenablog-parts.com/embed?url=https://www.theregister.com/2023/10/17/china_networking_hardware/</a>" frameborder="0">https://www.theregister.com/2023/10/17/china_networking_hardware/

“The production or import of wireless LAN equipment with public network IP address allocation function sold and used in China shall support the IPv6 protocol,” declared the Ministry of Industry and Information Technology (MiiT) on Friday.

Furthermore, the “IPv6 wireless LAN devices should support and enable the IPv6 address allocation function by default, while retaining the option of users to configure the IPv6 address allocation function by themselves, and clarify the IPv6 configuration method in the product description.”