Former NSA cyberspy's not-so-secret hobby – Xmas light hacks • The Register
https://www.theregister.com/2024/12/25/joyce_christmas_lights/

#frombsky

Elon Musk has ordered everyone to stop donating to Wikipedia.

I never started, until this morning.

https://donate.wikimedia.org is the link, if anyone feels like disobeying a direct order from a billionaire jerkwad.

Happy Holidays to my oncall buddies today. I wish you all a quiet and uneventful shift.

I survived #Whamageddon \o/

@stf @pluralistic @cstross I learned at Bsky that at least author royalties are independent from distributors which is good news!

https://bsky.app/profile/notaname.info/post/3le53oer4hk24

To avoid sudden dangerous drops of frustration during these peaceful Holidays I'm configuring Postfix.

#Christmas #MontyPython

@infosecdj That's a good one, thanks! I'd be also interested in broader topics like contemporary literature, sci-fi, etc.

What are the online #book stores that are neither a) monopolistic giants built on enshittification nor b) copyright bullies?

If I ask for a unicorn, which ones do at least give authors a more fair share for their work?

The slides for the keynote our Cristofaro Mune(@pulsoid) has given at @h2hconference
"False Injections: Tales of Physics, Misconceptions and Weird Machines" are now available here:

https://raelize.com/upload/research/2024/2024_H2HC2024_False-Injections-Tales-of-Physics-Misconceptions-and-Weird-Machines.pdf

Enjoy!

nice one, asus

https://www.windowslatest.com/2024/12/22/asus-bombards-windows-11-with-christmas-exe-malware-like-christmas-wreath-banner/

In light of the Crowdstrike outage over 5 months ago, what specific changes has your organization made to your enterprise security program? What changes to policies, procedures, training, alerting, testing, and your written IRP have you made? Please share!

European Space Agency's official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout.

https://www.bleepingcomputer.com/news/security/european-space-agencys-official-store-hacked-to-steal-payment-cards/

@tmr232 yeah it seems @domenuk was kind enough to include me in his fuzzing list. (I was hoping for a total X meltdown tbh)

@TarkabarkaHolgy Spotify is not playing nice with artists afaik. I've heard Tidal is more fair. Not the same but I find Bandcamp pretty awesome too.

Got like 20 new followers overnight at Bsky, what is happening?

Announcing #CodeQL Community Packs

https://github.blog/security/vulnerability-research/announcing-codeql-community-packs/

Maybe we should stop calling them *Notifications* and instead refer to *Interruptions*.

"Working on some stuff so I've turned off interruptions for a while."

"Right on."

⚡ A new remote code execution flaw in Apache Tomcat (CVE-2024-56337) exposes organizations to serious risk.

An uploaded file could turn into malicious JSP code—resulting in remote code execution.

» Affected Versions: Tomcat 9.0.0-M1 to 11.0.1
» Java users: Incorrect configurations = higher risk.
» Severity? CVE-2024-50379 scored a 9.8 on CVSS!

Details here 👉 https://thehackernews.com/2024/12/apache-tomcat-vulnerability-cve-2024.html

Using @voooooogel control vector library to backdoor a model so that it introduces command injection vulnerabilities rather than using safer subprocess methods