😡 @EDPS is giving up on its @Mastodon and @peertube experiment because it couldn’t find an EU agency to continue operating it.

I hope @EU_Commission can find a new home for it before May 18th as the executive body.

https://www.edps.europa.eu/press-publications/press-news/press-releases/2024/edps-decentralised-social-media-pilot-end-successful-story_en

As a user,
I want your application to randomly steal focus
So that,
I enter my password managers main password into a chat box

MS-DOS is now open source, so in a time honored tradition. Lets look for curse words!

https://github.com/microsoft/MS-DOS

Today I realized our national postal service uses a *lot* of printers at customer desks. Maintaining those and the software that use them must be The IT Hell.

[RSS] CVE-2024-21111 – Local Privilege Escalation in Oracle VirtualBox

https://www.mdsec.co.uk/2024/04/cve-2024-21111-local-privilege-escalation-in-oracle-virtualbox/

It seems the www. subdomain of AttackerKB is gone, changed the script to generate links accordingly.

Sorry for the inconvenience!

[RSS] Micropatches Released for Windows Workstation and Server Service Elevation of Privilege Vulnerability (CVE-2022-38034, CVE-2022-38045, No CVE)

https://blog.0patch.com/2024/04/micropatches-released-for-windows.html

[RSS] An Analysis of the DHEat DoS Against SSH in Cloud Environments

https://www.positronsecurity.com/blog/2024-04-23-an-analysis-of-dheat-dos-against-ssh-in-cloud-environments/

remember how Naomi fucking told us this a YEAR AGO and no one wanted to believe it until the government knocked on her door and she can't post anymore?

https://www.technologyreview.com/2024/04/24/1091740/chinese-keyboard-app-security-encryption/

Memory disclosure bugs rock :)

Cisco @TalosSecurity analysis about the apparent ASA 0-days:

https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/

Note that while the vendor identified two vulnerabilities (CVE-2024-20353, CVE-2024-20359) these are related to post-exploitation, the initial access vector is still unknown.

Cisco warns that a group of state-sponsored hackers has exploited two zero days in its ASA security appliances to spy on government networks over the last several months. Sources close to the investigation tell us they suspect China. https://www.wired.com/story/arcanedoor-cyberspies-hacked-cisco-firewalls-to-access-government-networks/

No, LLM Agents can not Autonomously Exploit One-day Vulnerabilities

https://struct.github.io/auto_agents_1_day.html

I search for "techno" on YT (I have this much creativity left for today, sorry), and the first result is a video about fucking Pokemon World.

#AdTech must die. (Pokemons are cool.)

Who does updates over HTTP and without signature enforcement in 2024? Of course it's an AV: https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/

[RSS] Hacking Exchange from the Outside In

https://www.atredis.com/blog/2024/4/22/hacking-exchange-from-the-outside-in

Around 1985, ISI (Information Storage Inc.) introduced their 525 WC Optical Storage System. This was one of a number of magneto-optical disc storage formats introduced in the mid-1980s, and allowed users to record data to an optical disc in the days before CD-R and CD-RW.

Single-sided and double-sided discs were available, with a capacity of 115 or 230 MB respectively. The discs were pre-formatted, and were WORM (write-one, read many) capable.

Find out more at https://obsoletemedia.org/isi-525-wc/

[RSS] RESTler: Stateful REST API Fuzzing - Microsoft Research

https://www.microsoft.com/en-us/research/publication/restler-stateful-rest-api-fuzzing/

The Linux CNA – Red Flags Since 2022

https://jericho.blog/2024/02/26/the-linux-cna-red-flags-since-2022/

I just noticed the latest message on https://grsecurity.net , well played! :)

"Are Your Products Drowning in Linux Kernel CVE Noise?

We know your products can't be updated every week based off unverified CVE information. Address true risk by protecting against entire classes of vulnerabilites and exploitation techniques."