Good tools are made of bugs: How to monitor your Steam Deck with one byte.
Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming.
A Christmas gift in February, brought to you by the incredible @pwissenlit 🫶

https://blog.quarkslab.com/being-overlord-on-the-steam-deck-with-1-byte.html

Happy #PatchTuesday from SolarWinds:

• Sensitive data disclosure vulnerability (CVE-2024-45718) 4.6 medium
• SolarWinds Platform Information Disclosure Vulnerability (CVE-2024-52611) 3.5 low
• SolarWinds Platform Server-Side Request Forgery Vulnerability (CVE-2024-52606) 3.5 low

No mention of exploitation.

#solarwinds #cve #vulnerability

ElecticIQ: Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns
EclecticIQ analysts assess with high confidence that Sandworm (APT44), a threat actor supporting Russia's Main Intelligence Directorate (GRU), is actively conducting a cyber espionage campaign against Ukrainian Windows users. Likely ongoing since late 2023, following Russia's invasion of Ukraine, Sandworm leverages pirated Microsoft Key Management Service (KMS) activators and fake Windows updates to deliver a new version of BACKORDER, a loader previously associated with the group. BACKORDER ultimately deploys Dark Crystal RAT (DcRAT), enabling attackers to exfiltrate sensitive data and conduct cyber espionage.

Multiple pieces of evidence strongly link this campaign to Sandworm, also tracked by CERT-UA as UAC-0145, based on recurring use of ProtonMail accounts in WHOIS records, overlapping infrastructure, and consistent Tactics, Techniques and Procedures (TTPs). Additionally, the reuse of BACKORDER, DcRAT, and TOR network mechanisms, along with debug symbols referencing a Russian-language build environment, further reinforce confidence in Sandworm's involvement. Yara and Sigma rules, and Indicators of Compromise are listed.

#russia #sandworm #apt44 #gru #threatintel #IOC #yara #sigma #malwareanalysis #infosec #cybersecurity #cti #cyberthreatintelligence

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75a785720

getBasicDataType

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a785720.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a785720.json&colors=light

@krypt3ia The broccoli head generation is finally taking over

Apparently Google is just shitty.

No duress signal or anything here. Just trying to fit in by being shitty. 🤦‍♂️

@freddy Note that this is typical to intranets where the risk of CSRF is negligible IMO

@freddy You typically see this when IIS handles NTLM/Kerberos auth. Authentication is transparently handled on the (Windows) client so even if the session cookie is not sent (e.g. due to SameSite) with the original request, the request gets reauthenticated and (in most cases) the requested action will be performed at server-side.

‘We must...fiercely protect the progress women in science have made!’ 🔬On #womeninscienceday don't miss this insightful interview w/ Suropriya Saha, Max Planck Research Group Leader, on the legacy of #Physics Nobel laureate Maria Goeppert Mayer!🌟 ▶️ https://www.mpg.de/23712159/suropriya-saha-about-maria-goeppert-mayer #GirlsinStem

CertCentral.org is live!
We track and report abused code-signing certs.

By submitting to the website, you contribute to the DB of >800 certs—a DB you can access and view.

Want to get more involved? Check out the Training and Research pages to learn more.

We can handle submitting your reports too. See the website for more details. :)

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 0060aec0

CRYPTO_ocb128_decrypt

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0060aec0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0060aec0.json&colors=light

@freddy WWW-Authenticate: Negotiate :)

I was today’s year old when I learned what spool file means!
#IBMi #rpgpgm #IBMChampion
https://www.rpgpgm.com/2025/02/i-was-todays-years-old-when-i-learned.html

Anydesk LPE Vulnerability https://github.com/CICADA8-Research/Penetration/tree/main/POCs/CVE-2024-12754

@joxean "Strange women lying in ponds, distributing swords is no basis for a system of government" https://www.youtube.com/watch?v=YAA-G947ofg

@TarkabarkaHolgy @riffraff maybe heritage of the socialist era?

https://www.youtube.com/watch?v=SUUUZKYApoc (taxidermia #nsfw #gross)

I risked a bike trip this morning and my brain water froze

Wondering: are #storytelling contests for children a thing in other countries too?

In Hungary they are a staple in elementary school. Unfortunately, kids are made to learn folktales word for word and then recite them. Emphasis is on clear speech and mimicked regional "folksy" dialects. Also, tales are often chosen by teachers or parents rather than the kid. Not to mention the "contest" aspect. Now there's a cultural discussion developing around this.

Anything similar in other countries?

Van egy elado 2021-es 16" MacBook Pro-m, M1 proci, 32GB memoria, 1TB SSD, alig hasznalt allapotban. Kb negyszer volt bekapcsolva, ossz uzemido nagyjabol 6 ora lehet, ebbol 1 ora volt kb az upgrade macOS Sequoia-ra. Eredeti tolto, doboz megvan. Opcionalisan van meg egy Satechi USB hub is melle.

A gep frissen gyalult macOS-sel jon, igeny eseten meg lehet nezni (Patyon, vagy Budapest III keruletben). Kep csatolva, bar tul sok nem latszik rajta szerintem.

Ha valakit erdekelt, DMjeim nyitva. Szivesebben adnam el itt, mint jofogason vagy hasonlo helyeken. Arat tekintve: passz. Nem neztem utana mennyiert megy egy ilyen mostansag. Szeretnek mihamarabb tuladni rajta, de azert fillerekert nem adom.

Ujratulkolest megkoszonom!

I remember when people would tell me, you have to buy software from the large software companies or it will probably break and be terrible.

Today, it’s like, Google property? Microsoft invested? V.v.sus. The software lives in a self-hosted machine named for a pun on some obscure kink, the developer is a furry, the logo is two furries, it’s gpl’ed and if you do five minutes of due diligence you’re going to see all of their politics and most of their butt? I will trust this software with my life.