H/T to exploits.club for the previous BH posts, their newsletter is pretty cool!

Bugs of Yore: A Bug Hunting Journey on VMware's Hypervisor

https://i.blackhat.com/BH-US-24/Presentations/US24-Sialveras-Bugs-Of-Yore-Wednesday.pdf

#BHUSA2024 #BHUSA24

PageJack: A Powerful Exploit Technique With Page-Level UAF

https://i.blackhat.com/BH-US-24/Presentations/US24-Qian-PageJack-A-Powerful-Exploit-Technique-With-Page-Level-UAF-Thursday.pdf

#BHUSA2024 #BHUSA24

Super Hat Trick: Exploit Chrome and Firefox Four Times

Slides: https://i.blackhat.com/BH-US-24/Presentations/US24-Xiao-Super-Hat-Trick-Exploit-Chrome-and-Firefox.pdf
Whitepaper: https://i.blackhat.com/BH-US-24/Presentations/US24-Xiao-Super-Hat-Trick-Exploit-Chrome-and-Firefox-Four-Times-wp.pdf

#BHUSA2024 #BHUSA24

Two days ago, NIST finalized three post-quantum cryptography standards. Today, we are announcing an open-source Rust implementation of one of these standards, SLH-DSA, now available in RustCrypto! https://blog.trailofbits.com/2024/08/15/we-wrote-the-code-and-the-code-won/

CISA: CISA Adds One Known Exploited Vulnerability to Catalog
Hot off the press! CISA adds CVE-2024-28986 (9.8 critical, disclosed 13 August 2024 by SolarWinds) SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability to the Known Exploited Vulnerabilities Catalog.

Note: There was no indication that CVE-2024-28986 was being exploited in the wild in the security advisory.

cc: @campuscodi h/t: @hrbrmstr

#CVE_2024_28986 #SolarWinds #vulnerability #eitw #activeexploitation #cisa #kev #KnownExploitedVulnerabilitiesCatalog

@joxean We have a saying around here: "you are so dumb you bend space" (no offense @rabbit :))

NEW: Every Pixel phone released since 2017 has a hidden Verizon app, "Showcase.apk," with deep system access that has an unpatched flaw. Google's response to the vulnerability caused Palantir to ditch Android altogether. @lhn has the scoop: https://www.wired.com/story/google-android-pixel-showcase-vulnerability/

@gsuberland @rabbit

@briankrebs
From the days when we were all burning optical media: DVDisaster

The idea: When you burn a disc that isn't completely full, any unused sectors are truly wasted. This app uses them for extra ECC data. Here are screenshots from when I gouged a CD with a key, and then subsequently read the data from the scratched disc, without a single bit lost.

It's a nice example of a simple app that solves a real-world problem.

@briankrebs tmux!

the most recent hackerone issue was filed because the user googled "[another project] bug bounty program", clicked the first link (to #curl's bug-bounty) and entered an issue about a completely different project...

Long thread ahead about training a classifier of "good/batch matches" for #Diaphora.

So, the whole idea that I have been working on for quite some time already to try to, somehow, improve matching in Diaphora is the following: Train a model to better determine if a pair of functions in two binaries (ie, a match between a function A in binary X, and function B in binary Y) is correct or not.

Did someone already create a tarpit that targets the AI scraping bots?

Who volunteer to dress up as standing lamps for AlligatorCon?

#JeSuisLampshade

Just learned that in French cybersecurity threats are called "cybermenace" and I will only be using this term from now on

@Kensan @cynicalsecurity The outcome is obviously that, what I can't wrap my head around is what this outfit was supposed to represent? I mean there must have been an idea similar to "dress up girls in latex because geeks like Matrix" or similar, but I just can't imagine what led to *this*.

Mixing watering hole attacks with history leak via CSS https://adepts.of0x.cc/css-history-leaks/

@cynicalsecurity It was probably this: https://infosec.exchange/@screaminggoat/112958220558346758

My tolerance level is pretty high, but IMO this is just straight up offensive without *any* substance.

I’m in shock