Recent privilege escalation vulnerabilities in GNU C Library #glibc widely used in many #Linux distributions such as #Debian, #Ubuntu, #Fedora and others.

CVE-2023-6246 #privesc #vuln can be triggered via #syslog by using long program name or ident parameter in openlog().

Another vulnerability is in #qsort function. While real-world affected programs are currently not known, this vulnerability is pretty old - since 1992 until now.

Reference: https://blog.qualys.com/vulnerabilities-threat-research/2024/01/30/qualys-tru-discovers-important-vulnerabilities-in-gnu-c-librarys-syslog

This is just another reason to consider using Linux distribution without glibc, for example #Alpine Linux with #musl

It seems that #introductions is better hashtag than #introduction

So once again:

Hello #nostr

Time to short #intro of myself. I am a #cybersecurity analyst with a passion for #malwareanalysis, #dfir, #threathunting, #threatintel and other #blueteam stuff.

From time to time I would like to share some ideas, thoughts, tips&tricks and participate in discussions.

Hello #nostr. Time to short #introduction of myself. I am a #cybersecurity analyst with a passion for #malwareanalysis, #dfir, #threathunting, #threatintel and other #blueteam stuff.

From time to time I would like to share some ideas, thoughts, tips&tricks and participate in discussions.

nostr:npub1teawtzxh6y02cnp9jphxm2q8u6xxfx85nguwg6ftuksgjctvavvqnsgq5u Verifying My Public Key: "malwarelab_eu"

nostr:npub1teawtzxh6y02cnp9jphxm2q8u6xxfx85nguwg6ftuksgjctvavvqnsgq5u Verifying My Public Key for mastodon: "https://infosec.exchange/@malwarelab_eu"