Mozilla Foundation security advisories:

• Security Vulnerabilities fixed in Firefox 129 14 vulnerabilities
• Security Vulnerabilities fixed in Firefox ESR 115.14 9 vulnerabilities
• Security Vulnerabilities fixed in Firefox ESR 128.1 12 vulnerabilities
• Security Vulnerabilities fixed in Firefox for iOS 129 4 vulnerabilities

No mention of exploitation

#Mozilla #Firefox #PatchTuesday #vulnerabilities #CVE

I have just added support in #Diaphora for #IDA 9.0 (currently in beta). I wrote the changes this weekend, but I had to test multiple things... anyway, enjoy it.

https://github.com/joxeankoret/diaphora/commit/232a2720d56d17acce809b6bf82a6a561c980d82

#ida90 #idapro

New fashion goals 💾

Last week, Public Citizen’s Rick Claypool and I filed a complaint with the Federal Election Commission based on my research into apparent campaign finance violations by the Coinbase cryptocurrency exchange.

Read the full complaint and my updated article.

Complaint: https://www.citizen.org/article/coinbase-fec-complaint/

Updated article: https://www.citationneeded.news/coinbase-campaign-finance-violation/

#crypto #cryptocurrency #Coinbase #Fairshake #USpol #USpolitics

Resorts World Las Vegas announced they're performing periodic room checks for the duration of the blackhat / defcon hacking conference. When asked what they are looking for, one of the employees responded with "people hacking our stuff" ☠️

Reminds me of that old blog post by some dude who got pulled aside by the TSA so they could search his bag for "bitcoins".

https://www.404media.co/hotel-to-search-rooms-during-def-con-hacking-conference/

The original Pentium chip was introduced in 1993. It was the first "superscalar" x86 chip, able to run two instructions per clock cycle. I took this die photo of the chip yesterday. The chip has three metal layers; the thick lines you see are the top metal layer, mostly power and ground. The silicon itself is almost entirely obscured. Around the edges of the chip, tiny bond wires connect to the bond pads, providing the connections to the chip's external pins. 1/N

Currently trending on the bad place (Twitter): Leaked Wallpaper
Proof of concept for CVE-2024-38100 (7.8 high, disclosed 09 July 2024 by Microsoft Windows File Explorer Elevation of Privilege Vulnerability.

This is a privilege escalation tool (fixed with CVE-2024-38100 in KB5040434) that allows us to leak a user's NetNTLM hash from any session on the computer, even if we are working from a low-privileged user.

#CVE_2024_38100 #microsoft #msrc #vulnerability #CVE #proofofconcept #PoC

New from 404 Media: we got a massive leak from inside Nvidia (emails, Slack chats, documents) which show how it created a yet-to-be-released AI model. The leak shows that Nvidia scraped YouTube en masse, had clearance from highest levels of the company https://www.404media.co/nvidia-ai-scraping-foundational-model-cosmos-project/

#ShamelesslyStolenFromTheOtherSite

CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable systems.

https://www.helpnetsecurity.com/2024/08/05/cve-2024-38856/

#Cybersecurity #OFBiz #CVE

We break down the cryptography services offered within Google Cloud Platform —Cloud KMS, Secret Manager, and Confidential Computing—helping you decide which tools are right for your project. https://buff.ly/3WQB69S

Elastic: Dismantling Smart App Control
Elastic claims that Windows Smart App Control and SmartScreen have several design weaknesses that allow attackers to gain initial access with no security warnings or popups. A bug in the handling of LNK files can also bypass these security controls. They research bypasses for reputation-based systems and develop detections to identify indicators of attack. No CVE IDs associated.
See related The Hacker News reporting: Researchers Uncover Flaws in Windows Smart App Control and SmartScreen

#smartapp #smartscreen

“Crowdstrike has made intentional architectural engineering and QA decisions that made this happen. They were negligent in their engineering decisions and their QA decisions.”

@alexstamos starts off strong on his latest @riskybiz episode.

Note to sec company CTOs/CISOs:

If u put in the work to engage with the community on topics that don’t directly affect what u are selling, it buys u some leeway when u have to discuss products that do..

Many would be flamed for taking this stance openly. He pulls it off.

https://pca.st/episode/17c7a25f-faee-479a-b653-53f62679cc02

Fifteen years ago today, a group of hackers and security pros got together and made a little thing happen, the first ever BSides @SecurityBSidesGlobal, @BSidesLV

Things took off from there.

The next BSides on the event calendar is BSides Las Vegas, and it will be event number 1002.

⚠️ Confirmed: Network data show disruptions to multiple internet providers in #France amid reports of a fibre sabotage campaign targeting telecoms infrastructure during the Paris 2024 Olympics 📉

protip: when referring to your favourite programming language’s features, call them spells instead to sound more mysterious and cool.

“memory safety feature”

“memory safety spell”

📬

A really “inspirational” Google ad about a young girl who’s inspired by an Olympic athlete so her dad asks Google’s Gemini AI to write the athlete a letter from his daughter.

It’s actually an effective anti-AI ad which plays to the fear AI drains the creativity and honesty out of human communication. 🤦🏾‍♂️

https://youtu.be/NgtHJKn0Mck?si=tsRJaFDCA5t53foa

I found out quite a lot of stuff by now about the Ghidra stack depth mess up and still have no idea how to fix it... 😩

https://github.com/NationalSecurityAgency/ghidra/issues/6747