Security News

Microsoft PlayReady - complete client identity compromise

Full Disclosure - 9 May, 2024 - 03:02

Posted by Security Explorations on May 09

Hello All,

We have come up with two attack scenarios that make it possible to
extract private ECC keys used by a PlayReady client (Windows SW DRM
scenario) for the communication with a license server and identity
purposes.

More specifically, we successfully demonstrated the extraction of the
following keys:
- private signing key used to digitally sign license requests issued
by PlayReady client,
- private encryption key used to decrypt license...

secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki

Full Disclosure - 6 May, 2024 - 18:37

Posted by Simon Bieber via Fulldisclosure on May 06

secuvera-SA-2024-02: Multiple Persistent Cross-Site Scritping (XSS) flaws in Drupal-Wiki

Affected Products
Drupal Wiki 8.31
Drupal Wiki 8.30 (older releases have not been tested)

References
https://www.secuvera.de/advisories/secuvera-SA-2024-02.txt (used for updates)
CVE-2024-34481
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS-B: 6.4 (...

OXAS-ADV-2024-0002: OX App Suite Security Advisory

Full Disclosure - 6 May, 2024 - 18:35

Posted by Martin Heiland via Fulldisclosure on May 06

Dear subscribers,

We're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those
vulnerabilities. Feel free to join our bug bounty programs for OX App Suite, Dovecot and PowerDNS at YesWeHack.

This advisory has also been published at
https://documentation.open-xchange.com/appsuite/security/advisories/html/2024/oxas-adv-2024-0002.html.

Yours sincerely,
Martin Heiland, Open-Xchange...

Microsoft PlayReady toolkit - codes release

Full Disclosure - 6 May, 2024 - 03:52

Posted by Security Explorations on May 06

Hello All,

We released codes for "Microsoft PlayReady toolkit", a tool that has
been developed as part of our research from 2022:

https://security-explorations.com/microsoft-playready.html#details

The toolkit illustrates the following:
- fake client device identity generation,
- acquisition of license and content keys for encrypted content,
- downloading and decryption of content,
- content inspection (MPEG-4 file format),
- Manifest...

Live2D Cubism refusing to fix validation issue leading to heap corruption.

Full Disclosure - 3 May, 2024 - 11:36

Posted by PT via Fulldisclosure on May 03

Live2D Cubism is the dominant "vtuber" software suite for 2D avatars for use in livestreaming and integrating them in
other software.
They publish various SDKs and a frameworks for integrating their libraries with your own program. You're supposed to
use those to deserialize and render/animate the models created with their main software - often untrusted files from
random people on the internet.
While their main java-based...

Microsoft PlayReady white-box cryptography weakness

Full Disclosure - 1 May, 2024 - 07:01

Posted by Security Explorations on May 01

Hello All,

There is yet another attack possible against Protected Media Path
process beyond the one involving two global XOR keys [1]. The new
attack may also result in the extraction of a plaintext content key
value.

The attack has its origin in a white-box crypto [2] implementation.
More specifically, one can devise plaintext content key from white-box
crypto data structures of which goal is to make such a reconstruction
difficult / not...

Re: Excellent piece by Chris Rohlf - " No, LLM Agents can not Autonomously Exploit One-day Vulnerabilities "

Daily Dave - 24 April, 2024 - 13:50

Posted by Arun Koshy via Dailydave on Apr 24

This is probably an independent issue ( imvho ).

Re LLMs and present AI / ML regime, my only public comment is that
we're in the Hindenburg [1] era .. caveat emptor. Another insightful
paper that probably will be ignored this summer:

https://arxiv.org/abs/2308.03762 ( author :
https://people.csail.mit.edu/kostas/ )

[1] - https://en.wikipedia.org/wiki/LZ_129_Hindenburg

Defense in depth -- the Microsoft way (part 87): shipping more rotten software to billions of unsuspecting customers

Full Disclosure - 24 April, 2024 - 13:44

Posted by Stefan Kanthak on Apr 24

Hi @ll,

this post is a continuation of
<https://seclists.org/fulldisclosure/2023/Oct/17> and
<https://seclists.org/fulldisclosure/2021/Oct/17>

With the release of .NET Framework 4.8 in April 2019, Microsoft updated
the following paragraph of the MSDN article "What's new in .NET Framework"
<https://msdn.microsoft.com/en-us/library/ms171868.aspx>

| Starting with .NET Framework 4.5, the clrcompression.dll assembly...

Response to CVE-2023-26756 - Revive Adserver

Full Disclosure - 24 April, 2024 - 13:43

Posted by Matteo Beccati on Apr 24

CVE-2023-26756 has been recently filed against the Revive Adserver project.

The action was taken without first contacting us, and it did not follow
the security process that is thoroughly documented on our website. The
project team has been given no notice before or after the disclosure.

Our team has been made aware of this report by a community member via a
GitHub issue. All of this resulted in an inability for us to produce an
appropriate...

A Familiar World of Chaos

Daily Dave - 21 April, 2024 - 11:08

Posted by Dave Aitel via Dailydave on Apr 21

After spending some time looking at "Secure by Design/Default" I have no
doubt many of you feel like something is missing - something that's hard to
put your finger on. So you go back to the treadmill of reading about bugs
in Palo Alto devices, or the latest Project Zero blogpost, or something the
Microsoft Threat Team is naming RidonculousBreeze, or whatever.

For those of you who chose to read the latest Project Zero post, one...
Syndicate content