@Techmeme mild shock...

Astalavista.com - Security Community - Relaunch 2024 https://forum.astalavista.com

To understand the reality of today both in tech and society as a whole it is important to realize the *adult people can't fucking read*

https://www.oecd.org/en/publications/survey-of-adults-skills-2023-country-notes_ab4f6b8c-en/hungary_c8c395ed-en.html

(Check below for more countries)

The 7 Coolest Mathematical Discoveries of 2024
https://www.scientificamerican.com/article/the-7-coolest-mathematical-discoveries-of-2024/?utm_source=flipboard&utm_medium=activitypub

Posted into Scientific American @scientific-american-SciAm

Hear ye hear ye

The following instances will be offline briefly on Saturday, December 14 from 9am ET / 2pm UTC for approxmately 10 minutes:
infosec.exchange
infosec.town
infosec.pub
pixel.infosec.exchange
books.infosec.exchange
matrix/element.infosec.exchange
relay.infosec.exchange
meetup.infosec.exchange
video.infosec.exchange
infosec.press
infosec.place
fedia.io
fedia.social
elk,.infosec.exchange
infosec.space
convo.casa

The servers supporting these instances require a reboot. The Dell servers these instances run on take a very long time to boot, so I am estimating 10 minutes of downtime. It could be more, could be less.

We use live patches to minimize reboots needed for patching, however Ubuntu only provides livepatch support for a year, which is how long most of these systems have been running for.

In his latest blog, ZDI researcher Piotr Bazydło covers a pre-auth Arbitrary File Deletion vulnerability he discovered in the SolarWinds Access Rights Manager (ARM). It may not sound exciting, but it can lead to a local privilege escalation on domain-joined Windows machines. Read the details at https://www.zerodayinitiative.com/blog/2024/12/11/solarwinds-access-rights-manager-one-vulnerability-to-lpe-them-all

@mttaggart "Security is a Specialization" <- this 1000x

It's time for everybody's favorite: unsolicited advice!

In which I discuss the reality of the cybersecurity jobs market, and what you really should be doing to improve your chances.

https://taggart-tech.com/20241212-2025-jobs-guide/

@mainframed767 @racingmars "business-y sounding report" -> I'm sorry but I'm triggered by this... "business-y" content is wasting my time, and IMO if someone prefers that instead of an on-point, although stylisticly imperfect report, it's the reader's problem not the writer's.

Citrix Denial of Service: Analysis of CVE-2024-8534 https://www.assetnote.io/resources/research/citrix-denial-of-service-analysis-of-cve-2024-8534

@cR0w Yeah I wonder if anyone tracks the frequency and impact of its bugs when doing supply chain analysis...

Apache incubator projects have always been gold mines, but Solr stands out based on the traffic it generates on Full-Disclosure...

Fixed the OpenGraph image on Shazzer it was bugging me. Then did a normalization vector to test it!

https://shazzer.co.uk/vectors/675add23a8574986b36cc848

Forget PSEXEC: DCOM Upload & Execute Backdoor
https://www.deepinstinct.com/blog/forget-psexec-dcom-upload-execute-backdoor

#frombsky

I can't seem to get WebView2 working in a Visual Studio extension, so I'm dropping that effort for now.

If anyone knows how to do this, or actually wants Function-Graph-Overview in Visual Studio, let me know!

The number one skill required for learning any complex system is patience.

— Kelsey Hightower

#complexity

🚨 We are calling on all EU-based Mozillians to help us monitor Apple’s new browser choice screens.

Let’s hold Big Tech to account!

Anyone in the EU with an Apple device can join in this effort.

Learn more: http://mzl.la/49xJpvP

[RSS] Linux vDSO & VVAR - CVE-2023-23586 analysis

https://u1f383.github.io/linux/2024/12/11/linux-vdso-and-vvar.html

[RSS] X41 Reviewed Mullvad VPN

https://x41-dsec.de/news/2024/12/11/mullvad/

[RSS] Far From Random: Three Mistakes From Dart/Flutter's Weak PRNG

https://www.zellic.io/blog/proton-dart-flutter-csprng-prng