MSI motherboards susceptible to code execution & firmware implant - analysis of CVE-2024-36877 https://jjensn.com/at-home-in-your-firmware
Enjoy the old sch00l lulz:
Fuck You Ilfak - A IDA Pro 9.0 Beta 2 macOS x86 Fix Loader
Microsoft fixed CVE-2024-38213 last Tuesday. It was discovered in the wild by ZDI threat hunter @gothburz. Today, he makes the details of the vulnerability and how it's being used by threat actors. https://www.zerodayinitiative.com/blog/2024/8/14/cve-2024-38213-copy2pwn-exploit-evades-windows-web-protections
Two days ago, NIST finalized three post-quantum cryptography standards. Today, we are announcing an open-source Rust implementation of one of these standards, SLH-DSA, now available in RustCrypto! https://blog.trailofbits.com/2024/08/15/we-wrote-the-code-and-the-code-won/
NEW: Every Pixel phone released since 2017 has a hidden Verizon app, "Showcase.apk," with deep system access that has an unpatched flaw. Google's response to the vulnerability caused Palantir to ditch Android altogether. @lhn has the scoop: https://www.wired.com/story/google-android-pixel-showcase-vulnerability/
the most recent hackerone issue was filed because the user googled "[another project] bug bounty program", clicked the first link (to #curl's bug-bounty) and entered an issue about a completely different project...
Long thread ahead about training a classifier of "good/batch matches" for #Diaphora.
So, the whole idea that I have been working on for quite some time already to try to, somehow, improve matching in Diaphora is the following: Train a model to better determine if a pair of functions in two binaries (ie, a match between a function A in binary X, and function B in binary Y) is correct or not.
Did someone already create a tarpit that targets the AI scraping bots?
Just learned that in French cybersecurity threats are called "cybermenace" and I will only be using this term from now on
Mixing watering hole attacks with history leak via CSS https://adepts.of0x.cc/css-history-leaks/
So the Department of Energy emailed me
https://daniel.haxx.se/blog/2024/08/14/so-the-department-of-energy-emailed-me/
The folks from Xiaomi didn't pick up their Pwnie for Lamest Vendor Response, so we're keeping it safe for them until they decide to come accept it.