GitS is RIGHT NOW, and the laughing man incident is literally today

whoa

https://thelaughingman2024.jp

AnyDesk was popped, with 170,000 advertised users.

They claim their install base is secure, but that the code signing cert was stolen. From the changelog, its clear that they knew this on January 29th but didn't announce until the end of the day on a Friday. Not cool.

Based upon their actions so far, I would recommend all enterprises kill AnyDesk across their fleet using EDR or other means for now until we know more.

https://anydesk.com/en/public-statement
https://anydesk.com/en/changelog/windows

I wanna surface this to my main timeline because it's kinda important to say out loud from time to time:

Businesses do NOT "have to" focus exclusively on their return to shareholders. Not legally, not morally.

That is the misguided OPINION of a 1970 essay by Milton Friedman, and the fact that everyone seemed to just hop on board that opinion is a significant reason why we switched gears into hyper-hell-capitaliam since then.

Push back on this every time you see it.

Given Okta's recent troubles with keeping their network secure, I guess I shouldn't be surprised by this blog post.

Still, a company that supposedly markets and sells security services, you would think they would have a better handle on something as rudimentary as password hashing.

TL;DR- Use SHA-2 or SHA-3 to hash passwords.

🤦🏻

https://auth0.com/blog/hashing-passwords-one-way-road-to-security/

interrupts

🚨 patch your Cisco AnyConnect boxes 🚨

For a 2020 vulnerability. Really.

Lots of ransomware cases coming in for Cisco AnyConnect/ASA recently and finally we know how - CVE-2020-3259

It was a vuln which allowed a CitrixBleed style memory dump, found by a Russian research org now under US sanctions. Ransomware operators have an exploit.

Sadly it looks like many orgs never patched.

https://www.truesec.com/hub/blog/akira-ransomware-and-exploitation-of-cisco-anyconnect-vulnerability-cve-2020-3259

#threatintel

We are planning to release critical security patches for versions 3.5, 4.1, 4.2 and nightly this Thursday, Feb 01, at 15:00 UTC. We encourage server administrators to plan for a timely upgrade to ensure their Mastodon server is protected.

Microsoft is trying to get all email users, including governments, to migrate to their cloud-based solutions. This makes their email cloud _THE_ prime target for nation-state/state sponsored hackers. Yet Microsoft appears to be leaving gaping security holes in the setup of their email services: https://arstechnica.com/security/2024/01/in-major-gaffe-hacked-microsoft-test-account-was-assigned-admin-privileges/

holy shit mozilla has a new issue tracker documenting all of the ways that apple, google, and microsoft purposefully put third party browsers at a disadvantage and is calling for action https://blog.mozilla.org/netpolicy/2024/01/19/platform-tilt/

Just read @pluralistic 's blog post about the difficulty that @2600 is having, both with its publication and producing the #HOPE con. This is tragic - I've never attended HOPE, but I've seen many videos and read so many recaps and articles inspired by it. Support 2600 today!

https://pluralistic.net/2024/01/19/hope-less/#hack-the-planet

https://www.hope.net/
https://store.2600.com/products/tickets-to-hope-xv

iOS vs Android Security

https://patchfriday.com/54/

RIP the man who was the absolute incarnation of XKCD's "one random dude holding up the entire internet". You may never have heard of David Mills, but your entire goddamn world depends on what he did.

https://en.m.wikipedia.org/wiki/David_L._Mills

Oh but the best part

Dude dumped the rom by CRASHING A GBA AND RECORDING THE CRASH SOUND FOR HOURS https://youtu.be/0-7PSmYYHF0

Yea so it turns out if you crash a gba game and wait long enough, the "crash sound" starts playing the entire address space, so if you take enough recordings and do a majority vote on differences, you can dump a ROM

How the fuck do people figure this shit pit

For my hackathon project I did try to make CFA (Cat Factor Authentication, using your cat's microchip as a second factor) a thing 😆 The project did win a prize, but more for the experimentation then the actual result https://wpengine.com/blog/hackathon-december-2023/

#catsofmastodon #mfa #hackathon #wpengine

Is remote code execution in UEFI firmware possible? Well, yes it is.

Meet #PixieFAIL: 9 vulnerabilities in the IPv6 stack of EDK II, the open source UEFI implementation used by billions of computers.

Full details by @fdfalcon and @4Dgifts in our new blog post:

https://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html

This blog post comes from deep inside the world of advertising, from people trying to move away from cookies. And along the way offer a VERY rare insight into the dark technology behind advertising and tracking ("hashed offline passbacks", "first and multi-touch attribution"), stuff you almost never read about. https://blog.sentry.io/we-removed-advertising-cookies-heres-what-happened/

After the takeover by Broadcom, VMware is in total chaos when it comes to orders and license renewals. Here is a status overview.

https://borncity.com/win/2024/01/13/order-license-chaos-for-vmware-products-after-broadcom-takeover-jan-2024/