[RSS] What Are My OPTIONS? CyberPanel v2.3.6 pre-auth RCE

https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce

[RSS] We Patched CVE-2024-38030, Found Another Windows Themes Spoofing Vulnerability (0day)

https://blog.0patch.com/2024/10/we-patched-cve-2024-38030-found-another.html

Microsoft On the Issues: Google’s Shadow Campaigns
In a pot calling the kettle black moment, Microsoft is accusing Google of antitrust practices such as creating an astroturf lobbying organization. Since the author is a Corporate Vice President (CVP), Deputy General Counsel at Microsoft, there's some weight behind such an accusation on Microsoft's public blog. As a consumer with no skin in the game, this is a grab-the-popcorn moment. Let them fight.

#microsoft #google #monopoly #antitrust #lobbying

@http https://infosec.place/notice/AnT3F4ZJnv3E2JfKng

@infosecdj @RGB_Lights @dcoderlt Nobody says it's OK to abuse. I'm saying it's best to prevent abuse and that it's not OK to let the abuse to continue for years.

@schrotthaufen @RGB_Lights That's not a reason for us to make (and reinforce) the same confusion.

@schrotthaufen @RGB_Lights Cookie banners are not paywalls, let's not confuse the two issues...

@dcoderlt @RGB_Lights This has been going on for years even before the UA war (a bit higher prio in all areas), and this is part of the reason why I can't accept the abuse argument: if this is abuse, why has nobody done anything about it?

@RGB_Lights Proponents say that cookie banners are deliberate abuse of the regulation (to condition users to accept whatever, I think?). IMO if the regulation allows abuse of this extent it is not a good regulation.

Serious question. Can anyone tell me how we are safer / better for the cookie warning clicking I have to do on the internet? Advertisers still own your browsing habits and the world expends a collective bazillion hours a week on a needless friction.

[RSS] Privilege escalation through TPM Sniffing when BitLocker PIN is enabled

https://blog.scrt.ch/2024/10/28/privilege-escalation-through-tpm-sniffing-when-bitlocker-pin-is-enabled/

[RSS] Certificate Error Mishandling: Misuse and Abuse of the SslErrorHandler Class

https://bughunters.google.com/blog/4934724060839936/certificate-error-mishandling-misuse-and-abuse-of-the-sslerrorhandler-class

Give Me the Green Light Part 1: Hacking Traffic Control Systems https://www.redthreatsec.com/blog/greenlightspart1

VMWare vCenter Server CVE-2024-38812 DCERPC Vulnerability

https://blog.sonicwall.com/en-us/2024/10/vmware-vcenter-server-cve-2024-38812-dcerpc-vulnerability/

Retrofitting encrypted firmware is a Bad Idea™

https://haxx.in/posts/wtm-wtf/

Thirteen years ago I found "a bad babe" in Windows

https://daniel.haxx.se/blog/2011/10/28/whos-0xabadbabe-and-why/

In our new blogpost we guide you through the process of improving the tools available for #pentesting WCF services over the net.tcp binding:

https://blog.silentsignal.eu/2024/10/28/wcf-net.tcp-pentest/

We created a brand new #kaitaistruct based parser and implemented transformations so messages can be manipulated and replayed with #BurpSuite.

are YOU making a website with INFORMATION?

it needs a date. if its not just a list of links... it needs A DATE.

yes your blog, youre recipe edit etc NEEDS A DATE..

please, can we get this right

I had to deal with a freshly unboxed Android phone, and the flipping *clock* app, that was installed by default, came with a privacy policy.

I discovered this because the clock started crying that it couldn't work properly without Google Play Services.

I don't care what the privacy policy was for. I am tired. A clock app does not need to be in a position to have any privacy policy more involved than "we collect and report no data".

The clock is now disabled.

I am so tired of this.

Don't mention explodey stuff near TSA. Noted ✅