Apple's New macOS Sequoia Update Breaking Major Security Tools https://it.slashdot.org/story/24/09/19/1851232/apples-new-macos-sequoia-update-breaking-major-security-tools?utm_source=rss1.0mainlinkanon

Couldn't let #talklikeapirateday happen without a little bit of #pc #ansi #art to commemorate.
Here's a little sketch of perhaps my number one fave pirate, Guybrush Threepwood :) arrrr! /piratevoice

In part 3 of his series on exploiting #Exchange #Powershell after ProxyNotShell, ZDI researcher @chudypb chains 3 bugs that lead to RCE, mainly by abusing the single-argument constructor conversions. Read the details at https://www.zerodayinitiative.com/blog/2024/9/18/exploiting-exchange-powershell-after-proxynotshell-part-3-dll-loading-chain-for-rce

Someone asked me to explain the whole supply chain, shell company, pager scenario to them in simple, anyone terms. I said in a nutshell, the coyote and rest of us watching learned that the roadrunner owned the Acme company.

Ruby-SAML pwned by XML signature wrapping attacks - https://ssoready.com/blog/engineering/ruby-saml-pwned-by-xml-signature-wrapping-attacks/ #ruby #rails #sso #saml

A Federal Trade Commission (FTC) staff report has found that social media and video streaming companies have been engaging in widespread user surveillance, particularly of children and teens, with insufficient privacy protections and earning billions of dollars annually by monetizing their data.

https://www.bleepingcomputer.com/news/technology/ftc-exposes-massive-surveillance-of-kids-teens-by-social-media-giants/

WHO Cybersecurity Operations Engineer position available:

https://careers.who.int/careersection/ex/jobdetail.ftl?job=2406981&tz=GMT%2B02%3A00&tzname=Europe%2FZurich

It's in Budapest

#fedijob #fedijobs #position #blueteam

Cat's out of the bag: I am pursuing a native FIPS 140-3 validation for the Go standard library.

Trying to do it right, making it seamless and without compromising on security.

First time a Go module is validated. Wish me well. And consider sponsoring!

https://go.dev/issue/69536

Want to move to Real World Binary Exploitation? Grab this last opportunity of the year and register to my Windows Exploit Engineering Foundation training at #hexacon https://www.hexacon.fr/trainer/halbronn/

https://2024.issta.org/details/issta-2024-papers/89/Better-Not-Together-Staged-Solving-for-Context-Free-Language-Reachability

This is a super interesting approach to figuring out how to nagivate paths through parsers written to accept context free languages, when the grammar of the parser is known: break up the grammar into parts and do different complimentary stages of CFG exploration based on those parts of the original grammar

Our latest blog post 📜 shows application developers effective steps they can take to 🛑prevent attacks in a world of rich media client interactions. 👀 Check it out now to learn how to protect your apps!

https://blog.doyensec.com/2024/09/19/phishing-case-study.html

#doyensec #appsec #security #DevOps #developers

I jokingly said on the #vlang Discord that my IDE setting for tabs is "sin(time)*4-4 spaces", and of course spytheman instantly implemented it in ved
#programming #editor

"The selling point of generative A.I. is that these programs generate vastly more than you put into them, and that is precisely what prevents them from being effective tools for artists."

With Kagi, not only can you see how many ads/trackers a website has before clicking, but you can also personalize your search by ranking domains to tailor the experience to your specific needs👇

#AdFree #Search #Kagi

SAP Hash Cracking Techniques https://redrays.io/blog/sap-hash-cracking-techniques/

good news: I can now publish my work on "RTL debugger", an interactive tool that lets you single-step your hardware design and observe its state, currently integrated into VS Code as an extension but using an open protocol https://github.com/amaranth-lang/rtl-debugger

right now it's in a very early state and not all that useful, but this should change in the coming days

This looks amazing: THE JUNKYARD: An End-Of-Life Pwnathon (February 21-22, 2025) DistrictCon: https://www.districtcon.org/junkyard