[RSS] Binary Ninja Ultimate

https://binary.ninja/2024/09/13/ultimate.html

[RSS] Ghost in the PPL Part 3: LSASS Memory Dump

https://itm4n.github.io/ghost-in-the-ppl-part-3/

Microsoft Security Response Center (MSRC) corrected CVE-2024-43461 (8.8 high) Windows MSHTML Platform Spoofing Vulnerability, marking it as both exploited and publicly disclosed based on evidence of exploitation from ZDI Hunting Team (see parent toot). This is the fifth zero day of September 2024 Patch Tuesday!
cc: @TheDustinChilds @campuscodi @briankrebs @todb @goatyell @ntkramer @hrbrmstr

#CVE_2024_43461 #eitw #activeexploitation #vulnerability #microsoft #msrc #zeroday #cve

Google Security Blog: A new path for Kyber on the web

• Chrome 131 will switch from supporting Kyber post-quantum algorithm to Module Lattice Key Encapsulation Mechanism (ML-KEM).
• Chrome will not support Kyber and ML-KEM at the same time.
• Chrome will offer a key share prediction for hybrid ML-KEM (codepoint 0x11EC)
• The PostQuantumKeyAgreementEnabled flag and enterprise policy will apply to both Kyber and ML-KEM
• Chrome will no longer support hybrid Kyber (codepoint 0x6399)

#postquantum #chrome #kyber #mlkem #security #infosec #cybersecurity

@fesshole and if your team is incompetent and takes 2x time to produce 2x buggy code, you get 4x the money because in agile invoicing by time is the norm. Brilliant idea for a business actually!

TIL about Nexus STC (love the #wh40k reference!):

https://www.reddit.com/r/scihub/comments/12detqs/standard_template_construct_store_and_search_the/

#ShadowLibrary

My response when people ask me about the state of computer security:
(Modified from https://xkcd.com/2030/)

iFixit (and AliExpress) rocks!

#RightToRepair

@gsuberland @weirdestate It can buy an emergency toilet though

@0xabad1dea Not her first time?

34th First Annual Ig Nobel Prizes Awarded https://slashdot.org/story/24/09/13/226200/34th-first-annual-ig-nobel-prizes-awarded?utm_source=rss1.0mainlinkanon

🔥 The initial schedule for #r2con2024 is now public! The CFP is still open, but we may only accept now if you are fine submitting them for the “Online Sunday” in video format. https://radare.org/con/2024/

🎟️ Conference tickets and other details will be made available soon. Stay tuned, we will meet us all again in less than two months!

CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability

https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/

(You see, I'm very insightful today)

If it's stupid, but it works, it's not stupid.
It's technical debt.

Twitter account of note:

https://x.com/Fortibitch

[RSS] Defend against vampires with 10 gbps network encryption

https://www.synacktiv.com/en/publications/defend-against-vampires-with-10-gbps-network-encryption

SolarWinds: SolarWinds Access Rights Manager (ARM) Deserialization of Untrusted Data Remote Code Execution Vulnerability (CVE-2024-28991)
CVE-2024-28991 (9.0 critical, disclosed 12 September 2024) SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.
Reported by Piotr Bazydlo (@chudypb) of Trend Micro Zero Day Initiative. No mention of exploitation.

EDIT: Piotr states that CVE-2024-28991 can be chained with CVE-2024-28990 (6.3 medium) SolarWinds Access Rights Manager (ARM) Hardcoded Credentials Authentication Bypass Vulnerability for pre-authenticated remote code execution.

#solarwinds #vulnerability #CVE_2024_28991 #cve

I talk to the press largely to *combat* AI hype. It's beyond frustrating to be misquoted in ways that contribute to it instead.

New newsletter post:

https://buttondown.com/maiht3k/archive/correcting-the-record/