Here is another #NameThatWare challenge. This time I am quite sure that no text or marking needs to be blurred.
Do you know what this thing is? Can you name the exact part number or product name?

As always, explain your guess/deduction and hide it behind a CW to not spoil others.

@HalvarFlake @cynicalsecurity has some thoughts about a close relative: https://bsd.network/@cynicalsecurity/113577347302391131

Maybe it is my bad English/ears but I can't ignore hearing the name of Enno Rey instead of the track title :S

https://www.youtube.com/watch?v=0f_TbyIIPnc

#hardstyle

game i would like to play: Factorio but you *only* do compliance paperwork

I am mildly amused that OpenAI telemetry rollout led to a classical Kubernetes control plane DoS.

In my experience DDoSing your own control plane is the #1 way people generate large failures in K8s. What are others?

[RSS] The Full Story of CVE-2024-6386: Remote Code Execution in WPML

https://blog.wpsec.com/the-full-story-of-cve-2024-6386-remote-code-execution-in-wpml/

Hey y'all,

the https://madweb.work/ Program Committee was just announced (featuring yours truly).
Please remember to submit your papers about web security by January 9th 2025. We are interested in research at the junction of web & browser security. More on the website :)

@Viss one of them must have cheated (probably the guy)

[RSS] Having Fun with Flare-on Using Time-Travel Debugging (TTD)

https://binary.ninja/2024/12/16/flareon-ttd.html

[RSS] Authentication Bypass Vulnerability in Philips IntelliSpace Cardiovascular

https://outurnate.com/authentication-bypass-vulnerability-in-philips-intellispace-cardiovascular

[RSS] X41 Audited Backstage

https://x41-dsec.de/security/research/job/news/2024/12/16/backstage-review-2024/

CVE-2024-45815 CVE-2024-45816 CVE-2024-46976

A Struts bug:

https://github.com/TAM-K592/CVE-2024-53677-S2-067

The week before Christmas?

Oh my!

#java, #threatintel

[RSS] Linternals: Exploring The mm Subsystem via mmap [0x01]

https://sam4k.com/linternals-exploring-the-mm-subsystem-part-1/

[RSS] Hacking Kerio Control via CVE-2024-52875: from CRLF Injection to 1-click RCE

https://karmainsecurity.com/hacking-kerio-control-via-cve-2024-52875

@kaoudis Or d14n for short

@lcamtuf "scale of J.K. Rowling to Stormfront" is there an SI equivalent of this?

Feel old yet? The winrar registration nag screen is Electron these days.

EDIT: Whoops, it seems I'm wrong: This is just an embedded webview, which on Win10 is apparently chromium-backed (probably because it's Edge)

#Polish researchers have discovered components of a German #Enigma cipher machine, crucial to the Nazi wartime communications system, on Sobieszewska island near the city of Gdańsk. All in all, 8 rotors and various other parts were recovered. https://tvpworld.com/84053156/fragments-of-rare-german-enigma-machine-unearthed-in-poland

Teammate generated a song with LLM about a local charlatan, and I have to bow before the genius of the Machine:

"[Person] will be the wall
that guides us through the night!"

@malwarejake (Not so) funny story: banks around here test critical systems on prod because testing on test would risk being non-compliant if the regulator doesn't find the test system "similar enough" (whatever that means) to prod. Regulation also mandates that users on prod must be "real" because anti-laundering and whatever. In the end you either test with a real account on prod or you don't work for that client anymore.

As a company owner, I took one for the team and set up a personal bank account for testing. Surely enough, it resulted in me getting fucked *at another bank* (costing me considerable money).