https://cybersecuritynews.com/critical-unauthenticated-rce-flaw/
RTFM:
https://en.wikipedia.org/wiki/Snake_oil
I assume the RCE flaw that is spoken about is the one talked about by (somewhat well-known) Italian security aficionado evilsocket (see https://threadreaderapp.com/thread/1838169889330135132.html).
There is a timeline for release of details, it seems that there will be an initial release on OpenWall around September 30th, 2024.
I wouldn't assume so quickly that it's snake oil, but as all things it should be taken with a grain of salt.
It seems that EvilSocket is in contact with Canonical and RedHat, so all the correct procedures for reporting a security vulnerability are being followed, apparently.
I would say, let's see what comes out of it.
I came across this recently, although it's not a new discovery:
https://thehackernews.com/2019/08/dslr-camera-hacking.html
https://www.techradar.com/pro/security/this-devious-wi-fi-security-flaw-could-let-hackers-eavesdrop-on-your-network-with-ease
A lot of cameras and camcorders have included built in wifi for many years, on many devices it's permanently enabled with no "off" switch or setting. They don't get updates to fix security holes either, unless the manufacturer releases a new firmware version and the user installs it, both of which are unlikely. The camera can be remotely accessed for spying, existing pictures and videos can be viewed or it might be possible to use this as a route to install malware on your computer when you connect to the camera. The access can also be used to destroy the camera or for data deletion. Other internet enabled devices on your network might also create weaknesses, something to consider besides your computer itself.
Do you get off on posting RTFM? There's skepticism and then there's this.
its cups
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/
The rapidly advancing stultification can be recognised not least by the fact that more and more people perceive reading and understanding as two completely different, completely independent processes.
Or which part of "
Read
The
Friendly
Manual" is too complicated for you?
RTFM = "Read the fucking manual" not "Read the friendly manual."
For some reason you are hiding behind a bowdlerisation?
If I write STFU everybody will read that as "Shut the fuck up" not "Save the friendly Unicorn" no matter what I claim as my intended meaning.
Let's at least call a spade a spade
Hackthebox has a machine just released today to learn how to exploit this CUPS vuln
So, what about RTFM is relevant to this discussion?
Just when we were ready to relax
https://arstechnica.com/security/2024/10/persistent-stealthy-linux-malware-has-infected-thousands-since-2021/ (https://arstechnica.com/security/2024/10/persistent-stealthy-linux-malware-has-infected-thousands-since-2021/)
it uses systemd to stay persistent, so i guess it can fuck off outta our lawn xd
edit: smh, more red flags such as executable /tmp that shouldve been mounted as noexec (anything legit that tries to exec in /tmp should be accounted for from user's manual intervention)