This must be the ultimate #C64

Dual SID chips, tube amp, full mechanical keyboard.

Cisco security advisories includes a zero-day:

• Cisco Meraki Systems Manager Agent for Windows Privilege Escalation Vulnerability
  CVE-2024-20430 (7.3 medium) incorrect handling of directory search paths (CWE-427: Uncontrolled Search Path Element) to EoP
• Cisco Smart Licensing Utility Vulnerabilities
  • CVE-2024-20439 (9.8 critical) Cisco Smart Licensing Utility Static Credential Vulnerability
  • CVE-2024-20440 (9.8 critical) Cisco Smart Licensing Utility Information Disclosure Vulnerability
• Cisco Identity Services Engine Command Injection Vulnerability
  CVE-2024-20469 (6.0 medium) insufficient validation of user-supplied input to authenticated command injection (the attacker must have valid Administrator privileges)
  • The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability that is described in this advisory.
• Cisco Expressway Edge Improper Authorization Vulnerability
  CVE-2024-20497 (4.3 medium) inadequate authorization checks for Mobile and Remote Access (MRA) users could allow an attacker to intercept calls or make phone calls spoofing another phone number
• Cisco Duo Epic for Hyperdrive Information Disclosure Vulnerability
  CVE-2024-20503 (5.5 medium) improper storage of an unencrypted registry key could allow an authenticated, local attacker to view sensitive information in cleartext

EDIT: What @BleepingComputer took away out of this is that CVE-2024-20439 is a backdoor admin account: Cisco warns of backdoor admin account in Smart Licensing Utility

#zeroday #cisco #patchtuesday #vulnerability #CVE_2024_20469 #cve #CVE_2024_20439

Towards Optimal Use of Exception Handling Information for Function Detection

https://arxiv.org/pdf/2104.03168

(indistinctly yelling at the computer)

this is a series expansion of a natural logarithm

@sassdawe doing crimes is illegal!

Vulnerability in Tencent WeChat custom browser could lead to remote code execution

https://blog.talosintelligence.com/vulnerability-in-tencent-wechat-custom-browser-could-lead-to-remote-code-execution/?s=09

URB Excalibur: The New VMware All-Platform VM Escapes [pdf]

https://static1.squarespace.com/static/5f3c7479f4b3c702571a047d/t/66254fd51f55767c1f60612a/1713721307086/CSW24--URB-Excalibur-The-New-VMware-All-Platform-VM-Escapes.pdf?s=09

Hexacon agenda is up!

https://www.hexacon.fr/conference/agenda/?s=09

Windows DWM Core Library Elevation of Privilege Vulnerability (CVE-2024-30051)

https://www.coresecurity.com/core-labs/articles/windows-dwm-core-library-elevation-privilege-vulnerability-cve-2024-30051?s=09

Deploying Rust in Existing Firmware Codebases by @dmnk et al.

https://security.googleblog.com/2024/09/deploying-rust-in-existing-firmware.html

@wirepair yeah it's tricky, you have to gain some circular momentum below and bend over the bar a bit

‘Everything happens for a reason’ sounds less comforting when the reason is very fucking poor planning

We want your old GPUs that were destined to become e-waste.
We're repurposing outdated GPUs to tackle challenging computer security and program analysis problems. https://buff.ly/3XsbdgJ

In light of the Internet Archive losing its appeal to hachette, I just wanted to point out some websites you should avoid:

* https://annas-archive.li/
* https://downmagaz.net/
* https://ebook-hunter.org/
* https://forcoder.net/
* https://freemagazines.top/
* https://liber3.eth.limo/

If you were to download books from these websites, you might cut into hachette's more than three billion dollars of annual revenue. So make sure to avoid those websites and the following:

* https://libgen.is/
* https://oceanofpdf.com/
* https://pdfroom.com/
* https://pdfstop.com/
* https://pdfdrive.to/
* https://pdfmagazines.club/
* https://sci-hub.se/
* https://singlelogin.re/
* ... or any of the other sites listed at https://rentry.co/megathread-books

#internetarchive

Fucking @buherator trying to kill me with this home made Palinka

#JeSuisLampshade #AlligatorCon

Security mitigation for the Common Log Filesystem (CLFS)

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/security-mitigation-for-the-common-log-filesystem-clfs/ba-p/4224041?s=09

#windows

"Today, the White House Office of the National Cyber Director (ONCD) released a Roadmap to Enhancing Internet Routing Security, which aims to address a key security vulnerability associated with the Border Gateway Protocol (#BGP) "

https://www.whitehouse.gov/oncd/briefing-room/2024/09/03/press-release-white-house-office-of-the-national-cyber-director-releases-roadmap-to-enhance-internet-routing-security/?s=09

@bagder To put in perspective:
- JPEG: libjpeg 6b encoder+decoder: 24,200 lines of C
- JPEG: libjpeg-turbo encoder+decoder: 127,000 of C and ASM (multi architectures)
- JPEG2000: openjpeg encoder+decoder: 50,000 lines of .C
- JPEG2000: Kakadu commercial encoder+decoder: 214,000 lines of C++ (only coresys component)
- libjxl: 150,000 lines for the core library, encoder+decoder (deps excluded)
(All above includes blank lines + inline doc)
So this is pretty much standard for a modern codec

⚡ Operator Fabric is an open source platform built by the LF Energy Foundation (https://lfenergy.org/) for use in electricity, water and other utility operations.

Last May we did a security audit sponsored by the Open Source Technology Improvement Fund (https://ostif.org) 🙏

Read a summary of our findings and find the full report here:

https://blog.quarkslab.com/audit-of-operator-fabric.html