At-Bay’s Cyber Research Team has confirmed that AvosLocker is using several vulnerabilities in Veritas's Backup Exec, a popular data backup and recovery software, as a means to launch ransomware attacks.

It marks the second RaaS syndicate to use the vulns to launch ransomware attacks, as ALPHV/BlackCat also has been observed using the flaw as an initial access point

https://www.at-bay.com/articles/avoslocker-adds-veritas-vulnerabilities-to-access-arsenal/

We want your Chrome full chain exploits https://security.googleblog.com/2023/06/announcing-chrome-browser-full-chain.html?m=1

So I caught the recruiting tram again and made more photos for all you dorks 😄

(This is a tram that runs in Budapest that has clear paneling so you can see the inner workings. They use it to recruit engineers and mechanics for public transport.)

#Budapest #trams #tramstodon #PublicTransport

When children are first taught to read/write in your country (or state), what writing style do they use considering both text they write and text they read?

Boosts for reach are appreciated!

Remember the #Gitlab 16.0 vulnerability and the message to patch it asap ?
Well: https://securityonline.info/poc-exploit-released-for-gitlab-cve-2023-2825-vulnerability/
The PoC is here: https://github.com/Occamsec/CVE-2023-2825

Got a new shirt

New: NSO Group is under new ownership after lenders forced a change of control with plans to keep its controversial spyware business going. Lenders have been working with Omri Lavie, a co-founder of NSO, after foreclosing on the parent company. https://www.wsj.com/articles/israeli-cyber-company-nso-group-has-new-ownership-after-u-s-blacklist-a2cda00a

Technology and defense systems giant Rheinmetall AG has been breached by Black Basta.

Rheinmetall has over 27,000 employees and is in 138 countries.

Oh wow, Stalker and Solaris are just on Youtube for free, officially uploaded by Mosfilm, the original production company. They've got a bunch of other Soviet films up there too.

https://www.youtube.com/watch?v=Q3hBLv-HLEc
https://www.youtube.com/watch?v=Z8ZhQPaw4rE

Finally, JavaScript in the browser

What does it say about these products if Google thinks they can't be made to respect privacy laws in the EU and Canada?

Instead of blaming regulators, maybe the industry is seriously dysfunctional?

This is like a car manufacturer claiming that it's impossible for them to make a car with seat belts and a catalytic converter and opting instead not to sell cars in many of the largest markets in the world

That co would obviously and unquestionably be dysfunctional and in terminal decline

Twitter’s encrypted DM feature is technically flawed, opt-in, limited to 1-to-1 text-based messages, restricted to a small user base, and generally inferior in just about every way to encrypted apps like Signal and WhatsApp.

And all for just $8 a month. https://www.wired.com/story/twitter-encrypted-dm-signal-whatsapp/

It turns out you can simply serve a file from a domain to use it as your bsky handle.

So this guy is now S3. All of S3.

Hi all! Firefox Attack & Defense is now on Mozilla's Mastodon Instance. Follow us for news about our bug bounty program: How to find bugs and participate more effectively.
We won't post a lot, but we promise a high signal-to-noise ratio.
#introduction

netcat, 1995

Kindergarten children dropped seeds in the crack of the sidewalk to see what would happen 🤗 https://streetartutopia.com/2023/04/15/kindergarten-children-dropped-seeds-in-the-crack-of-the-sidewalk-to-see-what-would-happen/

Nature is everything 🌱

DOJ actually detected the SolarWinds hack in its network back in May 2020 and Microsoft, Mandiant, SolarWinds all looked at it at the time, but didn't grasp what they were seeing. Six months later Mandiant publicly exposed the campaign. @kimzetter back in WIRED! https://www.wired.com/story/solarwinds-hack-public-disclosure/

Here, I made you a Slack emoji for when you're talking about GenAI

back in January of 2016, we started getting reports on WordPress.com that people were publishing blog posts and the letter F was going missing. they initially thought it was a typo, but when they'd edit the post, the words would be spelled right in the post editor. but on the live site? no Fs

sounds like user error, right? but the reports kept coming in. and it wasn't just missing, sometimes it was switched, like the word "first" would become "ifrst". if you know anything about fonts maybe you can guess what was up...

Why do people remove it? Because NVD has exaggerated a curl security flaw to an inflated level, and now "security scanners" insist that the bundled curl executable has a "high severity" security flaw and scaremongers people into removing it.

And then they realize Windows update refuses to work.

Are we sure this is the best we can do?