✍️ When Samsung Meets Mediatek - The story of a small bug chain by @max_r_b @pwissenlit Raphaël Neveu

https://www.sstic.org/media/SSTIC2024/SSTIC-actes/when_vendor1_meets_vendor2_the_story_of_a_small_bu/SSTIC2024-Slides-when_vendor1_meets_vendor2_the_story_of_a_small_bug_chain-rossi-bellom_neveu.pdf

so with the recent news i’ll ask again

does anybody have a uefi firmware image that includes kaspersky antivirus for uefi?

“For this you keep a lab notebook. Everything gets written down, formally, so that you know at all times where you are, where you've been, where you're going and where you want to get. In scientific work and electronics technology this is necessary because otherwise the problems get so complex you get lost in them and confused and forget what you know and what you don't know and have to give up.”

- Robert Pirsig, Zen and the Art of Motorcycle Maintenance

#engineering #space

NEW: The U.S. government has sanctioned 12 executives and senior leaders of Russian cybersecurity giant Kaspersky.

Notably, Eugene Kaspersky and company itself are not on the sanctions list.

These sanctions come a day after the U.S. government banned the sale of Kaspersky software in the United States.

https://techcrunch.com/2024/06/21/u-s-government-sanctions-kaspersky-executives/

+++ COMMERCIAL BREAK +++

🎶 "Sometimes you wanna go
Where everybody knows your name
And they're always glad you came
You wanna be where you can see (ah-ah)
Our troubles are all the same (ah-ah)
You wanna be where everybody knows your name ..." 🎶

RC-BOX BBS #rc2014bbs - the world's first and (currently) only #rc2014 based bulletin board system #bbs on this planet. Open 24/7!

Running CP/M 2.2 #cpm and #rcbbs (forked and highly customized #RBBS 4.1), connected to the modern world via a #WiFiModem and a 9600 #baud serial line.

RC-BOX BBS - we are looking forward to your visit!

Has reliance on SSO left orgs with a single point of exploitation? Our latest research by Francesco Lacerenza explores various IdP compromise scenarios as well as how to harden and detect attacks in Teleport installations.
#doyensec #teleport #security

https://blog.doyensec.com/2024/06/20/compromised-idp.html

"Low-Level Software Security for Compiler Developers"

https://llsoftsec.github.io/llsoftsecbook/

#infosec #compilers

I feel like the Internet Archive debate hits differently in countries like the US and UK, and countries like Hungary.

I do tons of academic research. The volumes needed to keep up with academia often run $100+ each. And unless I order them from overseas (delivery $30-50 each) there is no access to them. Several don't have a copy *on the entire continent* (few Hungarian libraries do international loan but it takes large amounts of money and months.)

I imagine many countries are even worse off.

Popular opinion seems to be that #GNOME and #KDE are "fighting/competing."

Sure we have our differences in philosophies and design, but it's way more akin to siblings having small spats. But in the end we are siblings in #FOSS family and I like GNOME folks a lot. And if anyone attacks my siblings, I'm there to defend them.

We can and we should work together as much as possible, not just GNOME or KDE but all other DE's too like #Budgie and #XFCE to be the best computing experience possible.

It's not perfect and it's never gonna be because perfection is unattainable, but perfect is also enemy of good.

Let's keep doing our best. Together.

#linux

Edit: happy pride! And trans rights are human rights.

NEW: U.S. government bans sale of Kaspersky software in the country — both consumers and businesses — due to security and privacy risks from Russian government.

“First of its kind” sales ban starts on July 20. After Sept. 29 Kaspersky can't send updates to U.S. customers.

“Russia has shown it has the capacity, and even more than that, the intent to exploit Russian companies like Kaspersky to collect and weaponize the personal information of Americans. And that’s why we are compelled to take the action that we’re taking today,” U.S. Commerce Secretary Gina Raimondo said in a call with reporters.

https://techcrunch.com/2024/06/20/us-bans-kaspersky-software-security-risk-russia/

Can LLMs find vulns? Here’s what Project Zero found

https://googleprojectzero.blogspot.com/2024/06/project-naptime.html

Interested in decompiler design? You'll love our latest blog post! https://binary.ninja/2024/06/19/restructuring-the-decompiler.html

Not interested? You'll still love the massive improvements the latest update brings to control flow recovery! Simpler conditionals, flatter code depth, more accurate transformations, easier to read and understand. Everything is better.

CVE-2022-24834: exploiting an integer overflow in Lua cjson module in Redis servers

https://research.nccgroup.com/2024/06/11/pumping-iron-on-the-musl-heap-real-world-cve-2022-24834-exploitation-on-an-alpine-mallocng-heap/

#infosec