A bit more gasoline to pour into Clownstrike's fire... ;-)
Anyone can Access Deleted and Private Repository Data on GitHub ◆ Truffle Security Co.
https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github
Congrats @nachoskrnl for being nominated @pwnieawards for his 3-episode research work on Windows paths - well deserved (yes, I nominated it:)).
https://x.com/PwnieAwards/status/1815894380789592298
Amazon sold a half billion[1] Trojan horses into households, workplaces, and other places around the world, and couldn’t make a profit off them
[1] Who knows how many Alexa devices are actually in use but even 1% of the number sold is still 5 million. Holy shit that’s a lot of microphones
Something I've had on my list for quite some time and finally got around to now: updating the HowFuzzilliWorks document: https://github.com/googleprojectzero/fuzzilli/blob/main/Docs/HowFuzzilliWorks.md
Besides a number of smaller changes (e.g. new mutators), the design of the HybridEngine has changed considerably since the document was initially written.
Happy fuzzing!
#TIL that the #IAEA uses something called a „COBRA seal“ to seal relevant objects against manipulation. One type of these seals works by using a multi-core optical cable. When the seal is locked a random number of cores are cut. This creates a unique optical pattern that can be verified simply by shining a light into the cable and can’t be recreated.
The moral bankruptcy of Marc Andreessen and Ben Horowitz https://www.theverge.com/2024/7/24/24204706/marc-andreessen-ben-horowitz-a16z-trump-donations
Do I know anyone with a mail address on a mail server managed by barracuda networks who would help me with something? I'd like to test a few things (just sending you a few test mails and see if they arrive).
Wild, true story from the security awareness and training company KnowBe4 that details how they inadvertently hired a North Korean hacker who was posing as a Western tech worker.
Kudos to them for publishing this. If it can happen to a security awareness company, it can happen to anyone (full disclosure: they've been an advertiser on my site for ages).
https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
I've published a little blog on binary patching Golang produced assembly to alter the stdlib net/http functionality. #golang and #infosec frens maybe interested! https://pulsesecurity.co.nz/articles/golang-patching
We're proud our testing helps ensure the security of Thinkst's OSS Canary Tokens! As part of their transparency efforts, you can read the results of our latest round of testing here:
https://www.doyensec.com/resources/Doyensec_ThinkstCanaryTokensOSS_Report_Q22024_WithRetesting.pdf
CISA: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Hot off the press! CISA adds two vulnerabilities to the KEV Catalog:
#CISA #KEV #knownexploitedvulnerabilitiescatalog #CVE_2012_4792 #CVE_2024_39891 #eitw #activeexploitation #CVE #vulnerability
CVE-2019-8805: Apple EndpointSecurity framework Privilege Escalation https://blog.securelayer7.net/applied-endpointsecurity-framework-previlege-escalation/