Red Hat Security Advisory 2024-0752-03 - An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0752.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: container-tools:rhel8 security updateAdvisory ID:        RHSA-2024:0752-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0752Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2024-21626====================================================================Summary: An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* runc: file descriptor leak (CVE-2024-21626)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-21626References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2024-001https://bugzilla.redhat.com/show_bug.cgi?id=2258725

Red Hat Security Advisory 2024-0752-03

Red Hat Security Advisory 2024-0751-03 - An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0751.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: libmaxminddb security updateAdvisory ID:        RHSA-2024:0751-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0751Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2020-28241====================================================================Summary: An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The libmaxminddb package contains the MaxMind DB library.Security Fix(es):* libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c (CVE-2020-28241)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2020-28241References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=1895379

Red Hat Security Advisory 2024-0751-03

Red Hat Security Advisory 2024-0750-03 - An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0750.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: libmaxminddb security updateAdvisory ID:        RHSA-2024:0750-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0750Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2020-28241====================================================================Summary: An update for libmaxminddb is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The libmaxminddb package contains the MaxMind DB library.Security Fix(es):* libmaxminddb: improper initialization in dump_entry_data_list() in maxminddb.c (CVE-2020-28241)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2020-28241References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=1895379

Red Hat Security Advisory 2024-0750-03

Red Hat Security Advisory 2024-0749-03 - An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include an integer overflow vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0749.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: unbound security updateAdvisory ID:        RHSA-2024:0749-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0749Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2019-25033====================================================================Summary: An update for unbound is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.Security Fix(es):* unbound: integer overflow in the regional allocator via the ALIGN_UP macro (CVE-2019-25033)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2019-25033References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=1954775

Red Hat Security Advisory 2024-0749-03

Advanced Page Visit Counter version 1.0 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title: Advanced Page Visit Counter 1.0 - Admin+ Stored Cross-SiteScripting (XSS) (Authenticated)# Date: 11.10.2023# Exploit Author: Furkan ÖZER# Software Link: https://wordpress.org/plugins/advanced-page-visit-counter/# Version: 8.0.5# Tested on: Kali-Linux,Windows10,Windows 11# CVE: N/A# Description:Advanced Page Visit Counter is a remarkable Google Analytics alternativespecifically designed for WordPress websites, and it has quickly become amust-have plugin for website owners and administrators seeking powerfultracking and analytical capabilities. With the recent addition of EnhancedeCommerce Tracking for WooCommerce, this plugin has become even moreindispensable for online store owners.Homepage | Support | Premium VersionIf you’re in search of a GDPR-friendly website analytics plugin exclusivelydesigned for WordPress, look no further than Advanced Page Visit Counter.This exceptional plugin offers a compelling alternative to Google Analyticsand is definitely worth a try for those seeking enhanced data privacycompliance.This is a free plugin and doesn’t require you to create an account onanother site. All features outlined below are included in the free plugin.Description of the owner of the plugin Stored Cross-Site Scripting attackagainst the administrators or the other authenticated users.The plugin does not sanitise and escape some of its settings, which couldallow high privilege users such as admin to perform Stored Cross-SiteScripting attacks even when the unfiltered_html capability is disallowed(for example in multisite setup)The details of the discovery are given below.# Steps To Reproduce:1. Install and activate the Advanced Page Visit Counter plugin.2. Visit the "Settings" interface available in settings page of the pluginthat is named "Widget Settings"3. In the plugin's "Today's Count Label" setting field, enter the payloadPayload: " "type=image src=1 onerror=alert(document.cookie)> "6. Click the "Save Changes" button.7. The XSS will be triggered on the settings page when every visit of anauthenticated user.# Video Linkhttps://youtu.be/zcfciGZLriM

Advanced Page Visit Counter 1.0 Cross Site Scripting

Red Hat Security Advisory 2024-0748-03 - An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0748.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Important: container-tools:4.0 security updateAdvisory ID:        RHSA-2024:0748-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0748Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2023-39326====================================================================Summary: An update for the container-tools:4.0 module is now available for Red Hat Enterprise Linux 8.Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.Security Fix(es):* runc: file descriptor leak (\"Leaky Vessels\") (CVE-2024-21626)A Red Hat Security Bulletin which addresses further details about the Leaky Vessels flaw is available in the References section.* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)* golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39326References:https://access.redhat.com/security/updates/classification/#importanthttps://access.redhat.com/security/vulnerabilities/RHSB-2024-001https://bugzilla.redhat.com/show_bug.cgi?id=2253193https://bugzilla.redhat.com/show_bug.cgi?id=2253330https://bugzilla.redhat.com/show_bug.cgi?id=2258725https://issues.redhat.com/browse/RHEL-15029https://issues.redhat.com/browse/RHEL-17145

Red Hat Security Advisory 2024-0748-03

Red Hat Security Advisory 2024-0746-03 - Updated container image for Red Hat Ceph Storage 5.3 is now available in the Red Hat Ecosystem Catalog. Issues addressed include cross site scripting and denial of service vulnerabilities.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0746.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Important: new container image: rhceph-5.3  
Advisory ID:        RHSA-2024:0746-03  
Product:            Red Hat Ceph Storage  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0746  
Issue date:         2024-02-09  
Revision:           03  
CVE Names:          CVE-2022-23498  
====================================================================

Summary: 

Updated container image for Red Hat Ceph Storage 5.3 is now available in  
the Red Hat Ecosystem Catalog.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Ceph Storage is a scalable, open, software-defined storage platform  
that combines the most stable version of the Ceph storage system with a  
Ceph management platform, deployment utilities, and support services.

This updated container image is based on Red Hat Ceph Storage 5.3 and Red  
Hat Enterprise Linux.

Space precludes documenting all of these changes in this advisory. Users  
are directed to the Red Hat Ceph Storage Release Notes for information on  
the most significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index

All users of Red Hat Ceph Storage are advised to pull these new images from  
the Red Hat Ecosystem catalog.

Security Fix(es):

* grafana: Use of Cache Containing Sensitive Information (CVE-2022-23498)

* grafana: cross site scripting (CVE-2023-0507)

* grafana: cross site scripting (CVE-2023-0594)

* haproxy: request smuggling attack in HTTP/1 header parsing (CVE-2023-25725)

* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

* haproxy: segfault DoS (CVE-2023-0056)

* grafana: JWT token leak to data source (CVE-2023-1387)

* grafana: stored XSS vulnerability affecting the core plugin \"Text\" (CVE-2023-22462)

* golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5/html-single/upgrade_guide/index

https://access.redhat.com/articles/2789521

https://access.redhat.com/articles/1548993

CVEs:

CVE-2022-23498

References:

https://access.redhat.com/security/updates/classification/#important  
https://bugzilla.redhat.com/show_bug.cgi?id=2160808  
https://bugzilla.redhat.com/show_bug.cgi?id=2161274  
https://bugzilla.redhat.com/show_bug.cgi?id=2164936  
https://bugzilla.redhat.com/show_bug.cgi?id=2167266  
https://bugzilla.redhat.com/show_bug.cgi?id=2168037  
https://bugzilla.redhat.com/show_bug.cgi?id=2168038  
https://bugzilla.redhat.com/show_bug.cgi?id=2169089  
https://bugzilla.redhat.com/show_bug.cgi?id=2184481  
https://bugzilla.redhat.com/show_bug.cgi?id=2186322  
https://bugzilla.redhat.com/show_bug.cgi?id=2256938

Red Hat Security Advisory 2024-0746-03

Red Hat Security Advisory 2024-0745-03 - An update is now available for Red Hat Ceph Storage 5.3 in the Red Hat Ecosystem Catalog.

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0745.json

Red Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

- Packet Storm Staff

====================================================================  
Red Hat Security Advisory

Synopsis:           Moderate: Red Hat Ceph Storage 5.3 Security update  
Advisory ID:        RHSA-2024:0745-03  
Product:            Red Hat Ceph Storage  
Advisory URL:       https://access.redhat.com/errata/RHSA-2024:0745  
Issue date:         2024-02-09  
Revision:           03  
CVE Names:          CVE-2023-43040  
====================================================================

Summary: 

An update is now available for Red Hat Ceph Storage 5.3 in the Red Hat  
Ecosystem Catalog.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat Ceph Storage is a scalable, open, software-defined storage platform  
that combines the most stable version of the Ceph storage system with a  
Ceph management platform, deployment utilities, and support services.

These updated packages include numerous bug fixes. Space precludes  
documenting all of these changes in this advisory. Users are directed to  
the Red Hat Ceph Storage Release Notes for information on the most  
significant of these changes:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index

All users of Red Hat Ceph Storage are advised to update to these packages  
that provide various bug fixes.

Security Fix(es):

* rgw: improperly verified POST keys (CVE-2023-43040)

* ceph: RGW crash upon misconfigured CORS rule (CVE-2023-46159)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5/html-single/upgrade_guide/index#upgrade-a-red-hat-ceph-storage-cluster-using-cephadm

https://access.redhat.com/articles/1548993

CVEs:

CVE-2023-43040

References:

https://access.redhat.com/security/updates/classification/#moderate  
https://bugzilla.redhat.com/show_bug.cgi?id=2153448  
https://bugzilla.redhat.com/show_bug.cgi?id=2193419  
https://bugzilla.redhat.com/show_bug.cgi?id=2211758  
https://bugzilla.redhat.com/show_bug.cgi?id=2215374  
https://bugzilla.redhat.com/show_bug.cgi?id=2215380  
https://bugzilla.redhat.com/show_bug.cgi?id=2216855  
https://bugzilla.redhat.com/show_bug.cgi?id=2216857  
https://bugzilla.redhat.com/show_bug.cgi?id=2224636  
https://bugzilla.redhat.com/show_bug.cgi?id=2227806  
https://bugzilla.redhat.com/show_bug.cgi?id=2227810  
https://bugzilla.redhat.com/show_bug.cgi?id=2227997  
https://bugzilla.redhat.com/show_bug.cgi?id=2228001  
https://bugzilla.redhat.com/show_bug.cgi?id=2228039  
https://bugzilla.redhat.com/show_bug.cgi?id=2231469  
https://bugzilla.redhat.com/show_bug.cgi?id=2232164  
https://bugzilla.redhat.com/show_bug.cgi?id=2233444  
https://bugzilla.redhat.com/show_bug.cgi?id=2233886  
https://bugzilla.redhat.com/show_bug.cgi?id=2234610  
https://bugzilla.redhat.com/show_bug.cgi?id=2236190  
https://bugzilla.redhat.com/show_bug.cgi?id=2237391  
https://bugzilla.redhat.com/show_bug.cgi?id=2237880  
https://bugzilla.redhat.com/show_bug.cgi?id=2238665  
https://bugzilla.redhat.com/show_bug.cgi?id=2239149  
https://bugzilla.redhat.com/show_bug.cgi?id=2239433  
https://bugzilla.redhat.com/show_bug.cgi?id=2239455  
https://bugzilla.redhat.com/show_bug.cgi?id=2240089  
https://bugzilla.redhat.com/show_bug.cgi?id=2240144  
https://bugzilla.redhat.com/show_bug.cgi?id=2240586  
https://bugzilla.redhat.com/show_bug.cgi?id=2240727  
https://bugzilla.redhat.com/show_bug.cgi?id=2240839  
https://bugzilla.redhat.com/show_bug.cgi?id=2240977  
https://bugzilla.redhat.com/show_bug.cgi?id=2244868  
https://bugzilla.redhat.com/show_bug.cgi?id=2245335  
https://bugzilla.redhat.com/show_bug.cgi?id=2245699  
https://bugzilla.redhat.com/show_bug.cgi?id=2247232  
https://bugzilla.redhat.com/show_bug.cgi?id=2248825  
https://bugzilla.redhat.com/show_bug.cgi?id=2249014  
https://bugzilla.redhat.com/show_bug.cgi?id=2249017  
https://bugzilla.redhat.com/show_bug.cgi?id=2249565  
https://bugzilla.redhat.com/show_bug.cgi?id=2249571  
https://bugzilla.redhat.com/show_bug.cgi?id=2251768  
https://bugzilla.redhat.com/show_bug.cgi?id=2252781  
https://bugzilla.redhat.com/show_bug.cgi?id=2253672  
https://bugzilla.redhat.com/show_bug.cgi?id=2255035  
https://bugzilla.redhat.com/show_bug.cgi?id=2255436  
https://bugzilla.redhat.com/show_bug.cgi?id=2256172  
https://bugzilla.redhat.com/show_bug.cgi?id=2257421  
https://bugzilla.redhat.com/show_bug.cgi?id=2259297

Red Hat Security Advisory 2024-0745-03

Red Hat Security Advisory 2024-0728-03 - Logging Subsystem 5.8.3 - Red Hat OpenShift. Issues addressed include a denial of service vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0728.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: Logging Subsystem 5.8.3 - Red Hat OpenShiftAdvisory ID:        RHSA-2024:0728-03Product:            Logging Subsystem for Red Hat OpenShiftAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:0728Issue date:         2024-02-09Revision:           03CVE Names:          CVE-2023-39326====================================================================Summary: Logging Subsystem 5.8.3 - Red Hat OpenShiftRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:Logging Subsystem 5.8.3 - Red Hat OpenShiftSecurity Fix(es):* golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2023-39326References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2253330https://issues.redhat.com/browse/LOG-4822https://issues.redhat.com/browse/LOG-4893https://issues.redhat.com/browse/LOG-4962https://issues.redhat.com/browse/LOG-4963https://issues.redhat.com/browse/LOG-4969https://issues.redhat.com/browse/OU-319https://issues.redhat.com/browse/OU-320

Red Hat Security Advisory 2024-0728-03

REcon is a computer security conference with a focus on reverse engineering and advanced exploitation techniques. It will be held June 28th through the 30th, 2024, in Montreal, Canada.

       +                    +                     +         +                                  +                  +           +           +                                             +                                        \ /                       +     _        - _+_ -                   ,__         _=.    .:.         /=\       _|===|_                  ||::|        |  |    _|.        |   |     | |   | |     __===_  -=- ||::|        |==|   |  |  __    |.:.|   /\| |:. | |    |   | .|| : |||::|        |  |-  |.:|_|. :__ |.: |--|==| |  .| |_   | ' |. ||.  |||:.|      __|. | |_|. | |.|...||---|  |==| |   | | |_--.     ||   |||. |     |  |  |   |. | | |::.||: .|  |==| | . : |=|===|    :|| . ||| .|     |:.| .|   |  | | |:.:|| . |  |==| |     |=|===| .   |'   | |  |     |     |      |   |   |'           :   .   |   ;     ;    '    |     '     :      `   :   '            .       '  .      .         :     '     .                                             .               `        .        R E C O N     2 0 2 4      .                '                           .   C F P          '               .                    '         https://recon.cx                                      .            June 28 to 30, 2024                     .                            Montreal, Canada                    .     REcon is a computer security conference with a focus on reverseengineering and advanced exploitation techniques.  It is held annuallyin Montreal, Canada.The conference offers a single track of presentations over the spanof three days along with technical training sessions held beforethe presentation dates.  Technical training varies in length betweentwo and four days.REcon 2024 is almost upon us.  As with years past, it will offer agreat lineup of trainings, talks from some of the top reversers in theworld, and a lot of fun.Attendees help define the event. They have always been, and will alwaysbe, those looking to learn something new, share ideas, and unwind in awelcoming environment. With the release of this CFP, we are happy toannounce registration is now open.We are now inviting speakers to submit proposals for this year's talks.Some guidelines for talks are: - 30 or 60 minute presentations  - We are open to proposals for workshops that would occur alongside talks.    REcon have a dedicated area for workshop and    village, there will be a Software and a hardware village,          the Hardware village will have a electronic lab.                       We are planning to bring soldering equipment, BGA Station,        microscope, Oscilloscope, Spectrum Analyser, Protocol Analyser,        Bench Power supply, reflow oven, 3D Printer, ... Note that the         talks will be broadcasted in the workshops area so you won't miss      anything.         - There will be time for five to ten minute informal lightning talks   during the REcon partyRegistration for training is also now open. This year we have anothergreat set of trainings available: - Automating Reverse Engineering Processes with AI/ML, NLP, and LLMs by Malachi Jones - Modern Windows Malware OPSEC and Anti-Reverse Techniques Implementation and Reversing by Silvio La Porta and Antonio Villani - Mastering Advanced Fuzz Testing Techniques on UNIX by Marc 'vanHauser' Heuse - Software Deobfuscation Techniques by Tim Blazytko - The ARM64 Exploit Laboratory by Saumil Shah - Symbolic Execution with Angr by Jeremy Blackthorne - Windows Internals for Reverse Engineers by Yarden Shafir - Advanced IC Reverse Engineering and Data Extraction by Olivier Thomas - Advanced Malware Reverse Engineering by Nicolas Brulez - Program Analysis for Vulnerability Research by Sophia D'Antoine & Kyle Martin - MacOS Sonoma and iOS 17 Kernel Internals for Security Researchers by Stefan Esser - Practical Baseband Exploitation by Pedro Ribeiro and Seamus Burke - Attacking Instant Messaging Applications by Iddo Eldor and Jacob Bech - RISC-V Security Training by Don A. BaileyThe conference talks in the following fields are encouraged (but not limited to): - Hardware reverse engineering - Software reverse engineering - Protocol reverse engineering - Finding vulnerabilities and writing exploits - Novel data visualization for hackers and reverse engineers - Bypassing security and software protections - Attacks on cryptography in hardware and software - Techniques for any of the above on new or interesting architectures - Wireless hacking (We aren't talking about wifi here) Speakers Benefits:  - Invite to speaker dinner the night before the conference  - Invite to speaker after party  - Full access to the conference - Unless your employer can cover your travel costs, We will reimburse your travel for economic                       Class round trip and hotel for at least 1 speaker / talk ( for more than one speaker,    we'll need to evaluate) - If it's a new talk that has never been presented before, you get 1000 USD - 40% rebate for a Recon Training - 10% rebate for up to 5 of your friends / coworkers                     How to submit: https://cfp.recon.cx/recon2024/cfp Get back to us soon! The first round of the CFP will end on March 29,and the CFP closes on April 26.

Source

Packet Storm