Posts
2530
Following
647
Followers
1460
"I'm interested in all kinds of astronomy."
buherator

buherator

Reply to @buherator
@dmnk @joxean Done: https://github.com/nccgroup/Cartographer/pull/14
1
0
2
buherator

buherator

[RSS] The case of the string being copied from a mysterious pointer to invalid memory, revisited

https://devblogs.microsoft.com/oldnewthing/20240911-00/?p=110247
0
0
0
buherator

buherator

[RSS] Avred background: Advances in Reversing Defender Signature Format

https://blog.deeb.ch/posts/avred-update/
0
0
0
buherator

buherator

[RSS] WordPress.org to require two-factor authentication for plugin developers

https://cyberscoop.com/wordpress-two-factor-authentication-supply-chain/
0
0
1
buherator

buherator

I just got my hands on @tiraniddo's Windows Security Internals book <3

I ordered it through Blackwell's, that is a UK company but ships @nostarch books to EU too, so you can avoid dealing with customs yourself. Order tracking needs improvement.

https://blackwells.co.uk/bookshop/product/Windows-Security-Internals-by-James-Forshaw/9781718501980
0
0
3
buherator
repeated
sarahjamielewis@mastodon.social

Sarah Jamie Lewis

I really try to like Firefox, but the last 5 minutes really captures the kind of papercut that happens often:

- I open a new tab and firefox informs me it has updated itself and needs to restart and won't allow any further operations until it does so.
- Fine, I close and restart.
- I reopen Firefox to find a brand new sponsored weather widget on my otherwise blank new tab page - from a source I would never otherwise visit.

Thanks for breaking my flow and the privacy breach, I guess.

1
4
0
buherator
repeated
mjg59@nondeterministic.computer

Matthew Garrett

The promised writeup of how I discovered that the Feeld dating app was protecting private data by doing client-side filtering: https://mjg59.dreamwidth.org/70061.html

2
5
0
buherator

buherator

The recent ideas about LLM summarizers reminded me of an old joke by Woody Allen on speed reading:

“I took a course in it, learning to read straight down the middle of the page, and was able to go through ‘War and Peace’ in 20 minutes. It’s about Russia.”

https://quoteinvestigator.com/2015/12/08/speed-reading/
0
3
7
buherator
repeated
screaminggoat@infosec.exchange

screaminggoat

Reply to @screaminggoat@infosec.exchange
Edited 10 months ago

Bleeping Computer: Adobe fixes Acrobat Reader zero-day with public PoC exploit
References:

  • APSB24-70 Security update available for Adobe Acrobat and Reader (10 September 2024)
  • APSB24-57 Security update available for Adobe Acrobat and Reader (13 August 2024)

Okay I already have an EXPMON thread here (see parent toots above) so I'll orphan the original Adobe September 2024 Patch Tuesday toot. It should be noted that CVE-2024-41869 (7.8 high) UAF to arbitrary code execution in Adobe Acrobat and Reader is a Zero Day (Proof of Concept exploit in the wild exists before the vulnerability was patched, unknown if actually exploited). Apparently the August patch wasn't sufficient for the vulnerability CVE-2024-39383 (7.8 high, which should also be considered a zero-day). Haifei Li wrote on the Bad Place: "We tested the (exactly the same) sample on the "patched" Adobe Reader version, it displayed additional dialogs, but if the user clicked/closed those dialogs, the app still crashed! Same UAF bug!"

In yesterday's Adobe Reader security advisory, Adobe didn't call attention to the fact that a Proof of Concept exploit exists in the wild, or however they would normally word it.

0
1
0
buherator

buherator

Archer 4 President!

https://www.youtube.com/watch?v=WpMSbKG2uZw
0
0
0
buherator

buherator

test
0
0
0
buherator

buherator

Getting code execution on Veeam through CVE-2023-27532
https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/
0
0
0
buherator

buherator

Getting code execution on Veeam through CVE-2023-27532
https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/
0
0
0
buherator

buherator

Getting code execution on Veeam through CVE-2023-27532
https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/
0
1
1
buherator

buherator

Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/
0
0
0
buherator

buherator

[RSS] Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/
0
0
0
buherator
repeated
trailofbits@infosec.exchange

Trail of Bits

We've completed a comparative security assessment of authorization policy languages: Cedar, Rego, and the OpenFGA modeling language.
If you are a language designer or a software developer, our AWS-sponsored assessment also provides recommendations for improving policy language design and for securing systems that use policy languages.
https://buff.ly/4cSO63s

0
2
1
buherator

buherator

Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/
1
0
1
buherator
repeated
mcfly@milliways.social

mc.fly

Are we not negative enough towards

8
17
1
buherator

buherator

[RSS] Getting code execution on Veeam through CVE-2023-27532

https://blog.scrt.ch/2024/09/10/getting-code-execution-on-veeam-through-cve-2023-27532/
0
0
0
Show older
About infosec.place

Terms of Service

This is a placeholder, overwrite this by putting a file at 

$STATIC_DIR/static/terms-of-service.html

See the Static Directory docs for more info.