Ooh cool @travisgoodspeed has written a book on Microcontroller Exploits. Will certainly be adding this to my collection!

https://nostarch.com/microcontroller-exploits

Anyone have security contacts at Google? One of their IP addresses is spamming my ssh server, apparently as part of a botnet. Seems someone got compromised.

34.71.138.230 is the guilty party.

I added disabling Recall to my HardeningKitty list:
https://github.com/0x6d69636b/windows_hardening

Disable Recall - User
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\WindowsAI]
"DisableAIDataAnalysis"=dword:00000001

Disable Recall - Machine (not yet official)
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsAI]
"DisableAIDataAnalysis"=dword:00000001

Introducing Honeykrisp: the world's first conformant Vulkan® 1.3 driver for Apple Silicon.

https://rosenzweig.io/blog/vk13-on-the-m1-in-1-month.html

Happy Birthday Whitfield Diffie, 80 years today!
https://alecmuffett.com/article/109902
#WhitfieldDiffie #encryption

It happened again. We accidentally broke another #hotel check-in #terminal. This time Mr O'Yolo triggered a problem, crashed the #Ariane Allegro Scenario Player and escaped the #kiosk mode, which enabled access to the Windows Desktop: https://www.pentagrid.ch/en/blog/ariane-allegro-hotel-check-in-terminal-kios-escape/ #itsecurity #infosec

@recon is hosting BlackHoodie again this year, with a training on Reverse Engineering Ransomware brought to you by the incomparable Suweera DeSouza and Alex Delamotte. Registration is still open https://blackhoodie.re/Recon2024/ please share!

🎉 Go 1.22.4 and 1.21.11 are released!

🔒 Security: Includes security fixes for archive/zip and net/netip

🔈 Announcement: https://groups.google.com/g/golang-announce/c/XbxouI9gY7k

⬇️ Download: https://go.dev/dl/#go1.22.4

#golang

“MediSecure declares insolvency following massive data breach” https://www.cyberdaily.au/security/10665-breaking-medisecure-declares-insolvency-following-massive-data-breach

Adobe introduces the One Click Stalin tool.

Ever wanted to feed the decompiled C code into source code analysis tools?
With rev.ng you can! 💪

We emits syntactically valid C code!

Here's a PoC did with Clang Static Analyzer. 😎

CVE-2023-48788: Revisiting Fortinet FortiClient EMS to Exploit 7.2.X https://www.horizon3.ai/attack-research/cve-2023-48788-revisiting-fortinet-forticlient-ems-to-exploit-7-2-x/

Attacking Android Binder: Analysis and Exploitation of CVE-2023-20938 https://androidoffsec.withgoogle.com/posts/attacking-android-binder-analysis-and-exploitation-of-cve-2023-20938/

How does F5's Secure Vault, its "super-secure SSL-encrypted storage system" work? Response in this article by team member @myst404

https://offsec.almond.consulting/deep-diving-f5-secure-vault.html

🚨 New advisory was just published! 🚨

A vulnerability in the Linux kernel allows local attackers to escalate privileges on affected installations of Linux Kernel:
https://ssd-disclosure.com/ssd-advisory-linux-kernel-nft_validate_register_store-integer-overflow-privilege-escalation/

https://scottarc.blog/2024/06/04/attacking-nist-sp-800-108/

#NIST #crypto #cryptography #kdf #prf #secuity #infosec

Boost Security Audit - Shielder https://www.shielder.com/blog/2024/05/boost-security-audit/

NEW: Fox Spy (3.3 GB)

Eight years of data from the Brazilian surveillance company Fox Spy, also known as Celular 007.

The spyware allows users to monitor phone calls along with SMS, WhatsApp and Facebook messages. The company's surveillance software also allows users to remotely activate the microphone and camera on a phone, as well as to monitor the device's screen

Due to widespread presence of PII, the data is only being made available to journalists and researchers

https://ddosecrets.com/wiki/Fox_Spy

Just because you get access denied accessing a folder, it doesn't mean you can't get access. A quick look at bypassing the security on the WindowsApps folder. https://www.tiraniddo.dev/2024/06/working-your-way-around-acl.html. This was inspired by a specific toot from @detective :)