@mdfranz lol

Very kind for 0-day to hit right at the start of a workday TBH
https://blog.mozilla.org/security/2024/10/11/behind-the-scenes-fixing-an-in-the-wild-firefox-exploit/
Light on details, but there's some.

[RSS] Aw, Sugar. Critical Vulnerabilities in SugarWOD

https://www.n00py.io/2024/10/critical-vulnerabilities-in-sugarwod/

[RSS] Marriott agrees to pay $52 million settlement, improve data security practices

https://cyberscoop.com/marriott-starwood-breach-ftc-settlement-data-security/

Here's a story about a Hungarian guy who hacked Marriott ~15 years ago: https://www.securityweek.com/hungarian-man-pleads-guilty-hacking-marriott-systems-demanding-job-it-dept/ I know this guy learned some hard lessons, Marriott apparently didn't...

[RSS] Russian cyber firm Dr.Web denies data leak by pro-Ukraine hackers

https://therecord.media/russian-antivirus-company-drweb-denies-data-leak

HyperDbg v0.10.2 is released!

This release comes with lots of bugfixes and improved stability, check it out here:
https://github.com/HyperDbg/HyperDbg/releases/tag/v0.10.2

@futurebird if you want to read Vinge's "A Fire Upon The Deep" along with the author's notes, I've converted the 1993 Hugo and Nebula anthology CD-ROM into a website: https://deepness.trmm.net/

(not "A Deepness in the Sky" as I originally wrote. those responsible have been sacked, etc)

Re: traffic lights hacking

We have a childrens book series, where the pets of the protagonist children often do reckless and outright dangerous magic, like changing traffic lights and being fascinated by all the hard breaks and horns. There is no explanation why such thing would be irresponsible and any "punishment" is very mild (and usually also self-imposed).

I think this book should not be read to/by children without a responsible adult explaining why the cute characters are actually dangerous psychopaths.

The writing is also objectively bad.

How can I responsibly get rid of these books (I don't want to destroy them)?

#Book #Bookstodon

If anyone ever needs an example of costs & time saved by "shifting left" (doing the security work & testing earlier, ideally from the the very start):

"Dutch authorities will have to replace tens of thousands of insecure road traffic lights...after a security researcher found a vulnerability that could allow threat actors to change traffic lights on demand"

https://news.risky.biz/risky-biz-news-dutch-government-to-manually-replace-tens-of-thousands-of-hackable-traffic-lights/

Via @campuscodi / @riskybiz

#InfoSec #Security

38C3 Call for Participation
https://events.ccc.de/2024/10/10/38c3-cfp/

(CVE-2024-9680)[1923344][animation]UAF in Animation timelines -> ACE in the content process(exploited ITW), fixed in Firefox 131.0.2, Firefox ESR 128.3.1 & Firefox ESR 115.16.1
https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/#CVE-2024-9680
https://hg.mozilla.org/mozilla-central/rev/0ee07613d0506da465539cfaff1826cdc8bf0384

However, there's also some less good news in relation to this:
@nlnet has been funding open source projects via a program financially supproted by the @EUCommission - but current plans are to stop that funding by 2025. It appears the commission does not consider supporting open source security and internet infrastructure software to be that important any more. See also @fsfe 's info here: https://fsfe.org/news/2024/news-20240719-01.en.html

The Ig Nobel in Physics has been awarded:

Awarded to James Liao at the University of Florida for a comprehensive, multi-publication investigation into the swimming abilities of a dead trout¹.

It feels rather more relevant than handing a real Nobel to people working for a commercial company in "Artificial Intelligence" (the only way to write it is between quotes).
__
¹ https://www.cell.com/current-biology/fulltext/S0960-9822(22)00709-6

Behold government funded weather machines.

The Council of the EU has adopted the #CRA Cyber Resilience Act yesterday. This will have huge consequences for everyone who ships hardware and software as a product. Almost no actual open source developers face direct regulation (for writing software), but the users of our open source software very much do. The CRA notably suggests that commercial users pony up for improved open source security attestation. It is a big act, but it offers real possibilities for making better software! 1/2

Well that was unexpected for today! The Council of the EU has adopted the #CRA Cyber Resilience Act and we are just a few small steps away from it becoming a European law.

https://www.consilium.europa.eu/en/press/press-releases/2024/10/10/cyber-resilience-act-council-adopts-new-law-on-security-requirements-for-digital-products/

The #defcon32 presentations are now live and availablle for your perusal on the #DEFCON media server, free of all commercials, data capture or pesky algorithms. We suggest clearing some disk space and personal time this weekend to snatch up some of the many, many jewels our speakers dropped in Las Vegas. While you’re on media.defcon.org you can also find the slide decks, a ton of pictures and even the DC32 soundtrack. Enjoy, learn a few things and #passiton.

We’ll be posting the videos on YouTube Monday.

#sharingiscaring

@Viss Same!