Debian Users - Be aware the maintainer of the KeePassXC package for Debian has unilaterally decided to remove ALL features from it. You will need to switch to `keepassxc-full` to maintain capabilities once this lands outside of testing/sid.
We are glad to announce that our #IBMi research will be presented at multiple prestigious conferences this June:
At @WEareTROOPERS we will show how pentesters can adopt their Windows/*nix experiences to the platform, and discover new vulnerabilities in native IBM i programs:
https://troopers.de/troopers24/talks/7sfsbf/
At @recon will dive deep into the architecture to understand its security features and present foundational tools for low-level research:
National Health Service England (NHS): Possible Exploitation of Arcserve Unified Data Protection (UDP) Vulnerabilities
NHS England reports possible N-day exploitation attempts of Arcserve UDP following the release of proofs of concepts for 3 vulnerabilities:
Tenable released proofs of concept: Arcserve Unified Data Protection 9.2 Multiple Vulnerabilities
Based on the timeline, active exploitation occurred during an unpatched window of 8 days (13-20 March 2024)
cc: @campuscodi
#CVE_2024_0799 #CVE_2024_0800 #CVE_2024_0801 #Arcserve #eitw #activeexploitation
"Writing has been called the process by which you find out you don't know what you are talking about. Actually doing stuff meanwhile is the process by which you find out you also did not know what you were writing about." - from https://berthub.eu/articles/posts/a-2024-plea-for-lean-software/#trifecta
Hi friends,
The http://alt-text.org alt text library project needs a new leader, because I have brain cancer.
I would like to connect with the #accessibility dev community, something I have never figured out, probably in part for neurodivergence reasons. I want to hand the project off to a team or a leader if anyone is willing to take it over.
Github: https://github.com/alt-text-org
WIP MVP: a site designed for writing alt text with a private library: https://my.alt-text.org
Boosts appreciated
went down to the hotel lobby to retrieve my dinner delivery in a yoga outfit + snuggly cardigan + face mask.
some men with #RSAC2024 lanyards exited the elevator as I re-entered; they turned back to look at me and one said (very loudly, very pointedly staring at me) to the other, “I was like, did you hire me a hooker?”
if you are a man attending #rsac, please shut that kind of shit down when your peers do it. let’s not let insecurity rule our #security industry.
This latest writeup by @joern mentions the #documentation of Go’s filepath.Clean is “not really obvious” when dealing with relative paths.
I think this is something all #golang devs should be aware of to avoid similar vulnerabilities.
The language is kind of amazing:
This makes the docs technically correct (“the best kind of correct!”), but even with the solution at hand it took some head scratching to figure out the true meaning.