We've all been laughing at the obvious fails from Google's AI Overviews feature, but there's a serious lesson in there too about how it disrupts the relational nature of information. More in the latest Mystery AI Hype Theater 3000 newsletter:

https://buttondown.email/maiht3k/archive/information-is-relational/

Hacked? Ticketmaster's terrible, horrible, no good, very bad week just got worse:

https://databreaches.net/2024/05/28/hacked-ticketmasters-terrible-horrible-no-good-very-bad-week-just-got-worse/

#databreach #infosec #Ticketmaster

@campuscodi

idk why people say funding OSS is difficult

[RSS] CVE-2024-23108: Back Again! Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive, IOCs, and Exploit

https://www.horizon3.ai/attack-research/disclosures/cve-2024-23108-fortinet-fortisiem-2nd-order-command-injection-deep-dive/

[RSS] Foxit Reader Updater improper certificate validation privilege escalation vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989

This is CVE-2024-29072

@kaoudis

[RSS] Introducing LLM-based harness synthesis for unfuzzed projects (2024.05.27, Blog)

https://blog.oss-fuzz.com/posts/introducing-llm-based-harness-synthesis-for-unfuzzed-projects/

[RSS] Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)

https://www.ambionics.io/blog/iconv-cve-2024-2961-p1

do you think this is an appropriate amount of spite to put into a reverse engineering project?

Sorry to say, archive.org is under a ddos attack. The data is not affected, but most services are unavailable.

We are working on it & will post updates in comments.

Microsoft published a report last month acknowledging the existence of a long running honeypot operation running on code.microsoft[.]com.

https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/examining-the-deception-infrastructure-in-place-behind-code/ba-p/4124464

#microsoft #infosec #threatintel

"Microsoft has always taken the stance with vulnerabilities and attacks that once a device is compromised, all bets are off, and security boundaries are thrown out the window."

This is all well and good, except with #Recall attacker will get access to data that occurred (even temporarily) on your machine *before* the compromise happened.

https://www.bleepingcomputer.com/news/microsoft/microsofts-new-windows-11-recall-is-a-privacy-nightmare/

Modern attacks on Google Chrome

https://www.youtube.com/watch?v=WouAptHlyC4

A heartbreaking moment that was saved by an SS photographer at Auschwitz II-Birkenau during the deportations of Hungarian Jews. It was taken 80 years ago, most likely in late May 1944. A little child finds a dandelion in the grass and is handing it or showing it to an older boy.
1/2

Heads up to anyone using facebook or insta: you'll receive a notification about your data being used to train AIs. The opt out process is deliberately convoluted and you have to fill out a form to object. This is what I wrote in mine, and the objection was immediately registered as successful, so feel free to copy.

Masto reply bores, this is not a post on which to fart out your opinions about Meta or AI or whatever. So don't. I'm sharing helpful info for people who need it, not for you.

idk i feel like it probably says something about our education system that people frequently have nightmares about being in it 20 years after the fact

#LangSec Bugs of the Year Awards results are in (still from X :P)!

“The Most Impactful Parser Bug Of The Year Award is given to the WebP 0day” - awarded to @benhawkes

“The hardest to fix parser bug goes to the http://Binarly.io team for the LogoFAIL bugs.”

“The Best Parser Differential Awards goes to the inconsistent interpretation of YAML foods between Go and Rust.” - There is a link on the captured slide, and I’m pretty sure it’s @joern ‘s bug, but I can’t find a proper CVE anywhere…seriously people, references!

“The Weirdest Machine Award goes to Ian Beer @i41nbeer @benhawkes and @saelo “

Full thread with runner ups:

https://x.com/jvanegue/status/1793801911650676915

Glider plug?? o.O

[RSS] Fuzzing the FreeBSD Kernel with Syzkaller and Nested Virtualization on a Linux Host

#fuzzing

https://secfault-security.com/blog/fuzzing_freebsd.html