The interesting thing about OpenAI pleading that they cannot build their systems if they have exclude or license copyrighted materials isn't the fact that "if you can't afford to run your business while complying with the laws you have no business". It's the fact that they believe that creating their stochastic systems is such a good and human goal per se that they can throw it in against all the externalities and still come out winning.

Sam Altman is a cynic who only cares about getting richer and says whatever leads there. But many other people in that space are actual believers in the religion of #AI.

https://futurism.com/the-byte/openai-copyrighted-material-parliament

'Don’t say “Europe should invest in secure communications”, write out that the European Commission should procure a secure email solution that does not fall under US spying legislation' - https://berthub.eu/articles/posts/europe-must-invest-in-xyz/?redo=1

NEW: Apple has removed several VPN apps from the App Store in Russia after the government censorship agency flagged the apps, according to app makers.

VPN makers shared a letter they received from Apple with us.

"We are writing to notify you that your application, per demand from Roskomnadzor will be removed from the Russia App Store because it includes content that is illegal in Russia," the letter read.

Apple, for now, doesn't comment.

https://techcrunch.com/2024/07/08/apple-removes-vpn-apps-at-request-of-russian-authorities-say-app-makers/

Exploiting An Enterprise Backup Driver For Privilege Escalation - CVE-2023-43896 https://northwave-cybersecurity.com/exploiting-enterprise-backup-software-for-privilege-escalation-part-two

Flickr album for the Classical Computing Laboratory at IBM Poughkeepsie launch: https://www.flickr.com/gp/200991657@N06/1o1e4FYuvX

Rust, but it's on Plan9. #rust #plan9

In this blog, we dive deep into how the automation employed by the recently-formed Linux CNA managed to take a detailed, unrestricted vulnerability report for their 5.10 LTS kernel, and produce an error-filled CVE unhelpful for downstream consumers: https://grsecurity.net/cve-2021-4440_linux_cna_case_study

My friend Thalia has published a regexp museum! 🥳 have a visit!

https://github.com/thaliaarchi/regexp-museum

#regex #museum

VMware security advisory: VMSA-2024-0016
VMware Cloud Director Availability addresses an HTML injection vulnerability: CVE-2024-22277 (6.4 medium, disclosed 04 July 2024) A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks. Fixed in 4.7.2, no mention of exploitation.

#CVE_2024_22277 #VMware #vulnerability #CVE

It appears that tomorrow July 9th 18:00–22:00 UTC there might be the first launch attempt of Europe's new non-reusable Ariane 6 rocket. Details including link to webcast are available through: https://www.esa.int/Enabling_Support/Space_Transportation/Ariane/Ariane_6_launch_how_to_watch_and_what_to_look_out_for

Wow. Solar Designer found another, related vulnerability in #OpenSSH.

CVE-2024-6409: Possible remote code execution in privsep child
due to a race condition in signal handling

https://marc.info/?l=oss-security&m=172045570013195&w=2

#infosec #openbsd #linux #netbsd #freebsd

WhatsUp Gold Pre-Auth RCE GetFileWithoutZip Primitive
CVE-2024-4885 https://summoning.team/blog/progress-whatsup-gold-rce-cve-2024-4885/

WhatsUp Gold SetAdminPassword Privilege Escalation CVE-2024-5009 https://summoning.team/blog/progress-whatsup-gold-privesc-setadminpassword-cve-2024-5009/

Dear Fellowlship,

Our owl @XC3LL showed during the EuskalHack VII conclave a technique to achieve stability when overwriting the R/W/X memory in VBA. Read this addendum in our homily: https://adepts.of0x.cc/vba-rwx-addendum/

🔥 Summer's heating up, and so is the learning!

VMware Workstation is now free, making it the perfect time to dive into hypervisor-based reverse engineering.

Check out the free HyperDbg tutorial at @OpenSecurityTraining2 :

https://ost2.fyi/dbg3301 (preferred)

https://www.youtube.com/playlist?list=PLUFkSN0XLZ-kF1f143wlw8ujlH2A45nZY

Poland-Ukraine cooperation agreement signed. Poland gives security guarantees to Ukraine in the event of future Russian aggression.
What's inside?

"The Participants recognise blockchain technology as increasing citizens trust in public administration services and limiting the scope for abuse in the digital world."?

Why is this even in a bilateral security agreement?
Do you have more trust "in public administration services" with blockchain?

https://www.gov.pl/attachment/d77d96e0-3488-4567-9a42-1ef1fd2e0ce2

Check Point Research (CPR): Exploring Compiled V8 JavaScript Usage in Malware
CPR showcases a custom tool named ”View8" for decompiling V8 bytecode to a high-level readable language. Compiled V8 JavaScript is used by malware authors to evade static detections and hiding their original source code. CPR explains compiled V8 JavaScript, how attackers can leverage it in their malware and how it appears in the wild. No IOC but a single SHA256 hash highlighted in pink.

#javascript #malwareanalysis #threatintel

40 vulnerabilities in Toshiba Multi-Function Printers https://pierrekim.github.io/blog/2024-06-27-toshiba-mfp-40-vulnerabilities.html

🇬🇧 Von der Leyen‘s EU Commission sues the European Data Protection Supervisor to keep using Microsoft Office and Cloud Suite which violate EU privacy rules.

Did anyone hope this Commission would crack down on Microsoft for the violations?

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C_202403925
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:C_202403926

I saw this meme going around so I fixed it