NEW, from DomainTools Investigations, today: Inside the Great Firewall Part 1: The Dump

I cannot tell you how excited I am to see this piece go live. Our researchers knocked it out of the park - and this is just part one.

#infosec #cybersecurity

https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/

Automating COM/DCOM vulnerability research https://www.incendium.rocks/posts/Automating-COM-Vulnerability-Research/

🎃🎃 if you've got spooky business this weekend, don't forget to put on the Gameboy Halloween chiptune playlist! 🎃🎃

https://www.youtube.com/watch?v=henyMRqMBws

#chiptune #music #gameboy #8bit #halloween

Someone Snuck Into a Cellebrite Microsoft Teams Call and Leaked Phone Unlocking Details
https://www.404media.co/someone-snuck-into-a-cellebrite-microsoft-teams-call-and-leaked-phone-unlocking-details/?utm_source=flipboard&utm_medium=activitypub

Posted into 404 Media @404-media-404media

Microsoft:

As much as 30% of the company's code is written by AI.

Also Microsoft:
Somehow we managed to make it so that clicking the x in Task Manager doesn't close the app. Whoopsie daisy!

We're spilling the TEE: We're disclosing vulnerabilities (CVE-2025-59054, CVE-2025-58356) in LUKS2 disk encryption affecting 8 confidential computing systems.

https://blog.trailofbits.com/2025/10/30/vulnerabilities-in-luks2-disk-encryption-for-confidential-vms/

AMD, Intel and Nvidia have poured untold resources into building on-chip trusted execution environments. These enclaves use encryption to protect data and execution from being viewed or modified. The companies proudly declare that these TEEs will protect data and code even when the OS kernel has been thoroughly compromised. The chipmakers are considerably less vocal about an exclusion that physical attacks, which are becoming increasingly cheap and easy, aren't covered by the threat model These physical attacks use off the shelf equipment and only intermediate admin skills to completely break all TEEs made from these three chipmakers.

This shifting Security landscape leaves me asking a bunch of questions. What's the true value of a TEE going forward?. Can governments ever get subpoena rulings ordering a host provider to run this attack on their own infrastructure? Why do the companies market their TEEs so heavily for edge servers when one of the top edge-server threats is
physical attacks?

People say, "well yes. just run the server in Amazon or another top tier cloud provider and you'll be reasonably safe." The thing is, TEEs can only guarantee to a relying party that the server on the other end isn't infected and couldn't give up data even even if it was. There's no way for the relying party to know if the service is in Amazon or in an attackers's basement. So once again aren't we back to just trusting the cloud, which is precisely the problem TEEs were supposed to solve?

https://arstechnica.com/security/2025/10/new-physical-attacks-are-quickly-diluting-secure-enclave-defenses-from-nvidia-amd-and-intel/

the most important question I have about this HackingTeam revival that was exposed by @oct0xor and co is if #YourBoySerge is still saving the day when the live demos fail during a sales pitch. or did they find a new Serge?

(anyone remember #YourBoySerge? or am I just really old?)

🚨🚨🚨 Absolutely insane stuff here. @lorenzofb spent months working on this story.

Peter Williams, former L3Harris Trenchant boss — the division that makes cyber exploits, zero-days and spyware for Western governments — has pleaded guilty to selling Trenchant's exploits to Russia.

https://techcrunch.com/2025/10/29/former-l3harris-trenchant-boss-pleads-guilty-to-selling-zero-day-exploits-to-russian-broker/

There's an Azure outage, so in the Netherlands, rail services aren't working.

(Originally read "trains", but it's not the actual trains, it's ticket sales and planning)

https://nltimes.nl/2025/10/29/ns-hit-microsoft-cloud-outage-travel-planner-ticket-machines-affected

If Azure isn't back up in 15 minutes, everyone can go home.