📣 EMERGENCY UPDATE 📣

Apple pushed updates for a new zero-day that may have been actively exploited.

🐛 CVE-2025-24200 (Accessibility):
- iOS and iPadOS 18.3.1
- iPadOS 17.7.5

#apple #cybersecurity #infosec #security #ios

Hey, I'm your friendly OS with light pastels and not too many buttons!

You can't install me without an Internet connection, we don't live in the dark medieval ages! Except when you cast this magic incantation I will allow you to install without and Internet connection. Oh, I'll have to reboot to do that - our alchem^Wscientists say they'll get rid of all reboot requirements for displaying hyperlinks in 10-15 years.

In the meantime, here are a couple of questions about how much I should rat about your porn viewing habits to my masters in Redmond the minute you get your life together to afford an Internet subscription.

I'm an enterprise-ready system!

Do you want to play Candy Crush???

Virtualization is great because you can struggle with the bugs, quirks and tantrums of multiple operating systems at the same time.

Ok, this is awesome
https://x.com/sixtyvividtails/status/1888872344032100372

My first C++ paper was published!

Unfortunately it's not adding great things to the language, just trying to encourage people to not add things that I think are a really bad idea.

Zimbra security advisory ~03 February 2025: Zimbra Collaboration Daffodil 10.0.12 Patch Release
This is a reason why change logs and timelines are important for security advisories: Zimbra supposedly released this on 17 December 2024. Yet the CVEs have a publish date of 03 February 2025. Open source reporting are only coming out today.

Only 3 out of 5 vulnerabilities have CVEs. Since they didn't provide a CVSS score, CISA as an ADP scored CVE-2025-25064 SQL injection vulnerability as 9.8 critical.

Why you should care about patching: Zimbra Collaboration Suite has nine CVEs on the KEV Catalog, with four of them allowing for unauthenticated code execution. CVE-2025-25064 is more likely to get exploited than other vulnerabilities.

#zimbra #zcs #cve_2025_25064 #vulnerability #cve #infosec #cybersecurity

Sucuri: Google Tag Manager Skimmer Steals Credit Card Info From Magento Site
Title is straightforward: Sucuri warns of credit card data theft from a customer's Magento-based eCommerce website. The credit card skimmer malware is delivered by leveraging Google Tag Manager (GTM). GTM is a free tool from Google that allows website owners to manage and deploy marketing tags on their website without needing to modify the site’s code directly. A single malicious domain is identified, but the real IOC is the GTM identifier GTM-MLHK2N68. The Hacker News identified at least three sites infected with the skimmer.

#magento #threatintel #ioc #infosec #cybersecurity #cyberthreatintelligence #CTI

A global law enforcement operation targeting the Phobos ransomware gang has led to the arrest of four suspected hackers in Phuket, Thailand, and the seizure of 8Base's dark web sites. The suspects are accused of conducting cyberattacks on over 1,000 victims worldwide.

https://www.bleepingcomputer.com/news/legal/police-arrests-4-phobos-ransomware-suspects-seizes-8base-sites/

Here's a really long shot ...

Back in the dark ages ... 1990 ... I published a joint paper with Ron Read, but I'm unable to locate my paper copy, and I'm not sure it ever made it to a digital copy.

Does anyone here have a copy of:

R.C. Read, C.D. Wright,
Computing with three-colourable graphs: a survey,
Ars Combin. 29 (1990)225–234

All information gratefully received.

Thank you.

(If you're interested I can tell you what it was about)

Anthropic (Claude LLM) AI Company doesn’t want people using AI for their resumes or any part of Interview for software developer or IT jobs at their office. How ironic? LOL. The company says AI tools are flooding their system with bogus résumés and too many applicants. They can't find real talent even using their own AI system where candidates lie about their skills.

Just released AFL++ v4.31c: SAND mode, LLVM 20 support, Python 3.13 support, bug fixes, better performance ... https://github.com/AFLplusplus/AFLplusplus/releases/tag/v4.31c

lemme show you 140,000 (!) places in code where certificate verification is switched off when using libcurl: https://github.com/search?q=CURLOPT_SSL_VERIFYPEER%2C+FALSE&type=code

@wdormann An 'e' is missing from the URL in the second image, with it I get a redirect to homes[.]com

NVIDIA/Mellanox ConnectX-5: iRISC reverse engineering, finding SHA256 https://irisc-research-syndicate.github.io/2025/02/10/finding-sha256/

In 1959, police were called to a segregated library in S. Carolina when 9 year old Ronald McNair refused to leave.
He later got a PhD in Physics, and died in 1986, one of the astronauts on the Challenger space shuttle.
That same library is now named after him.

@csepp have a bmx at your workplace?

"I did not think; I investigated."

German physicist Wilhelm Conrad Röntgen died #OTD in 1923.

On 8 November 1895, he produced and detected electromagnetic radiation in a wavelength range known as X-rays or Röntgen rays, an achievement that earned him the inaugural Nobel Prize in Physics in 1901. The non-SI unit of radiation exposure, the roentgen (R), is also named after him.

https://en.wikipedia.org/wiki/Wilhelm_R%C3%B6ntgen

Books about Röntgen at PG:
https://www.gutenberg.org/ebooks/search/?query=R%C3%B6ntgen&submit_search=Search

#books #physics

Oh, joy, my Mikrotik switch is leaking VLAN broadcast traffic to edge ports.

do you think the people who work at google have old google hidden away somewhere or are they also slogging through a mire of dog shit every time they try to search the internet

Getting the Sysinternals Suite with one click from the Store is nice, but have you tried installing WinDbg like that?