Endlesstalk
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
neatchee@urusai.social to Cybersecurity@fedia.io · 7 days ago

🚨 SECURITY PSA - 7ZIP VULN🚨

message-square
message-square
20
fedilink
2
message-square

🚨 SECURITY PSA - 7ZIP VULN🚨

neatchee@urusai.social to Cybersecurity@fedia.io · 7 days ago
message-square
20
fedilink

🚨 SECURITY PSA - 7ZIP VULN🚨

Update your 7zip, folks

https://cybersecuritynews.com/7-zip-vulnerability-arbitrary-code/

#cybersecurity #zeroday #7zip #malware #security #it #infosec

  • neatchee@urusai.socialOP
    link
    fedilink
    arrow-up
    0    ·
    7 days ago

    @screaminggoat @arichtman ah interesting. I’ll update the link to point at the actual CVE

    • Not Simon 🐐@infosec.exchange
      link
      fedilink
      arrow-up
      1      ·
      7 days ago

      @neatchee oh this is the one from last month. My mistake. That one is legit: CVE-2024-11477 (7.8 high)

      There was some controversy this morning when someone dropped an alleged zero-day poc exploit.

      • neatchee@urusai.socialOP
        link
        fedilink
        arrow-up
        0        ·
        7 days ago

        @screaminggoat heh yeah, that was supposedly utilizing this CVE which is what led me to it.

        I would normally hold off on posting something this old but 7z has no self update mechanism so people tend to run old versions :/

        • Tom@urusai.social
          link
          fedilink
          arrow-up
          1          ·
          7 days ago

          @[email protected] In that regard, it’s neat when software is available via winget, because that can handle pulling updates for you. “winget upgrade” will also show updates for software that was installed manually, provided it’s registered as Windows application, and in its catalog (caveat: the catalog is not necessarily complete or up to date, but Windows Store can be used as a source for more options).

          winget can update everything or just a single application, like you can just do a “winget upgrade 7zip.7zip” to get the newest version that winget knows about.

          @[email protected]

          https://learn.microsoft.com/en-us/windows/package-manager/winget/

          result of running "winget upgrade 7zip.7zip" - a new version of 7zip is installed

          • neatchee@urusai.socialOP
            link
            fedilink
            arrow-up
            1            ·
            7 days ago

            @[email protected] @[email protected] I’m a big Winget proponent (and chocolatey before that) and have UnigetUI running on all my windows machines for managing Winget, pip, nuget, and PowerShell packages/scripts

            • Tom@urusai.social
              link
              fedilink
              arrow-up
              1              ·
              6 days ago

              @[email protected] I did not know about UniGetUi - that looks super useful, thanks!

        • thatdosbox@mstdn.ca
          link
          fedilink
          arrow-up
          0          ·
          7 days ago

          @neatchee @screaminggoat guilty as charged, so I appreciate you both mentioning the more recent vulnerability. Thanks 🫡

          • neatchee@urusai.socialOP
            link
            fedilink
            arrow-up
            1            ·
            7 days ago

            @[email protected] @[email protected] I encourage you to check out UnigetUI as a frontend for Winget, Microsoft’s not-very-well-known package manager

Cybersecurity@fedia.io

cybersecurity@fedia.io

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

  • Be kind
  • Limit promotional activities
  • Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 1 user / day
  • 137 users / week
  • 957 users / month
  • 1.45K users / 6 months
  • 1 local subscriber
  • 1 subscriber
  • 427 Posts
  • 373 Comments
  • Modlog
  • mods:
  • shellsharks@fedia.io
  • tweedge@fedia.io
  • BE: 0.19.7
  • Modlog
  • Legal
  • Instances
  • Docs
  • Code
  • join-lemmy.org