EU MEP accusing #Hungary for trying to infect his phone with spyware:

https://www.politico.eu/newsletter/brussels-playbook/orban-critic-mep-targeted-with-spyware/

Hungarian news talk about Pegasus, but this seems wrong as the Politico article mentions #Candiru (tech journalism at its best...).

Also the accusation is not supported by evidence, and frankly I wouldn't expect that even our gov is this stupid.

@verge #a16z

@hajovonta Nominal resource consumption for endpoint security? :)

Pwnie Awards Nominations 2024

https://docs.google.com/document/d/13Jdwlw-jvdBI3N6JSZZqHTmj9rvld7WvhGykvDcE5x0/mobilebasic?s=09

Congrats @nachoskrnl for being nominated @pwnieawards for his 3-episode research work on Windows paths - well deserved (yes, I nominated it:)).
https://x.com/PwnieAwards/status/1815894380789592298

https://bird.makeup/@pwnieawards/1815894380789592298

In case you don't feel like untangle the #CrowdStrike post-mortem, this is the gist of it:

"Based on the testing performed before the initial deployment of the Template Type (on March 05, 2024), trust in the checks performed in the Content Validator, and previous successful IPC Template Instance deployments, these instances were deployed into production."

In other words they simply didn't do e2e tests on the problematic update data that triggered the bug in their parser, because prev updates worked fine.

We still don't know how the malformed Template Instances were produced.

Something I've had on my list for quite some time and finally got around to now: updating the HowFuzzilliWorks document: https://github.com/googleprojectzero/fuzzilli/blob/main/Docs/HowFuzzilliWorks.md

Besides a number of smaller changes (e.g. new mutators), the design of the HybridEngine has changed considerably since the document was initially written.

Happy fuzzing!

#TIL that the #IAEA uses something called a „COBRA seal“ to seal relevant objects against manipulation. One type of these seals works by using a multi-core optical cable. When the seal is locked a random number of cores are cut. This creates a unique optical pattern that can be verified simply by shining a light into the cable and can’t be recreated.

The moral bankruptcy of Marc Andreessen and Ben Horowitz https://www.theverge.com/2024/7/24/24204706/marc-andreessen-ben-horowitz-a16z-trump-donations

The initial Post Incident Review is out from CrowdStrike. It’s good and really honest.

There’s some wordsmithing (eg channel updates aren’t code - their parameters control code).

The key take away - channel updates are currently deployed globally, instantly. They plan to change this at a later date to operate in waves. This is smart (and what Microsoft do for similar EPP updates).

https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/

Do I know anyone with a mail address on a mail server managed by barracuda networks who would help me with something? I'd like to test a few things (just sending you a few test mails and see if they arrive).

Wild, true story from the security awareness and training company KnowBe4 that details how they inadvertently hired a North Korean hacker who was posing as a Western tech worker.

Kudos to them for publishing this. If it can happen to a security awareness company, it can happen to anyone (full disclosure: they've been an advertiser on my site for ages).

https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us

I've published a little blog on binary patching Golang produced assembly to alter the stdlib net/http functionality. #golang and #infosec frens maybe interested! https://pulsesecurity.co.nz/articles/golang-patching

We're proud our testing helps ensure the security of Thinkst's OSS Canary Tokens! As part of their transparency efforts, you can read the results of our latest round of testing here:

https://www.doyensec.com/resources/Doyensec_ThinkstCanaryTokensOSS_Report_Q22024_WithRetesting.pdf

#doyensec #appsec #security #thinkst

[RSS] Micropatches Released for Windows MSHTML Platform Spoofing (CVE-2024-38112)

https://blog.0patch.com/2024/07/micropatches-released-for-windows.html

CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Hot off the press! CISA adds two vulnerabilities to the KEV Catalog:

• CVE-2012-4792 (CVSSv2: 9.3 "high") Microsoft Internet Explorer Use-after-free vulnerability
• CVE-2024-39891 (5.3 medium) Twilio Authy Information Disclosure Vulnerability

cc: @iagox86 h/t: @hrbrmstr

#CISA #KEV #knownexploitedvulnerabilitiescatalog #CVE_2012_4792 #CVE_2024_39891 #eitw #activeexploitation #CVE #vulnerability

CVE-2019-8805: Apple EndpointSecurity framework Privilege Escalation https://blog.securelayer7.net/applied-endpointsecurity-framework-previlege-escalation/

New assessment for topic: CVE-2024-29824

Topic description: "An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. ..."

"Ivanti Endpoint Manager (EPM) versions 2022 SU5 and prior are vulnerable to SQL injection and a patch has been released, as described in the official [advisory](https://forums.ivanti.com/s/article/Security-Advisory-May-2024) and the related [KB article](https://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024) ..."

Link: https://attackerkb.com/assessments/721f9e58-f1a2-4da1-9bdc-21a2c2e0a139

[RSS] Summercon 2024 Slides - Modern ColdFusion Exploitation and Attack Surface Reduction

https://www.hoyahaxa.com/2024/07/summercon-2024-slides-modern-coldfusion.html

@sassdawe I think this is more of a use-case for a newsletter like RiskyBiz.

For TI I'd expect something actionable, "phishers gonna phish" isn't that. @mttaggart