SonicWall security advisory: SonicWall SSL-VPN SMA1000 and Connect Tunnel Windows Client Affected By Multiple Vulnerabilities
There is no evidence that these vulnerabilities are being exploited in the wild and SonicWall SSL VPN SMA 100 series products are not affected by these vulnerabilities. Affected products are SMA1000 Connect Tunnel Windows (32 and 64-bit) Client 12.4.3.271 and earlier versions, SMA1000 Appliance firmware 12.4.3-02676 and earlier versions (Note: This vulnerability does not affect Connect Tunnel Linux and Mac client versions.) Vulnerabilities are patched in SMA1000 Connect Tunnel Windows (32 and 64-bit) Client 12.4.3.281 version and higher, along with SMA1000 Platform Hotfix - 12.4.3-02758. SonicWall strongly advises SSLVPN SMA 1000 series product and Connect Tunnel client users to upgrade to the mentioned fixed-release version.
Dark-mode has arrived to Function-Graph-Overview!
Version 0.0.9 now supports dark-mode and custom color schemes.
https://marketplace.visualstudio.com/items?itemName=tamir-bahar.function-graph-overview
And the demo now includes a scheme-making tool.
It’s been twelve years since I cleverly combined #CybersecurityAwarenessMonth with #BreastCancer awareness month by being diagnosed with stage 2B breast cancer. After a year of scorched-earth treatment, I went into remission, where I’ve been ever since.
Breast-having mammals reading this, please check yourself regularly; it’s how I found mine. Be careful out there.
Palo Alto in 2018:
CVE-2018-10143 - Oops. We'd better fix the "path" parameter for convertCSVtoParquet.php
Palo Alto in 2024:
CVE-2024-9463 - Oops. We'd better fix the "ram" parameter for convertCSVtoParquet.php
Can someone get this thing to work? Is there any other option to spot gaps in padded fields on structs in C programs? https://github.com/arvidn/struct_layout
Mozilla is looking for a Staff Software Engineer (remote US/EU/CA ✨) working on sandboxing, hardening, crash-reporting, performance and integration with native widgets **on Linux**. As a staff-level position this will require strong technical and people skills, experience in C++ on Linux or Android. The team is distributed and amazing. Ask me in DM if you have any questions about Mozilla (I am *not* the hiring manager). Please apply at https://grnh.se/2c3dc0111us
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. Update your Firefox ASAP https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ #infosec #security
Wow, Specter bypassed XOM and broke the PS5 hypervisor. Awesome work.
"Byepervisor: How We Broke the PS5 Hypervisor".
#ps5 #xom #hypervisor #byepervisor
https://hardwear.io/netherlands-2024/speakers/specter.php
I remember hackers breaking in to CALEA lawful intercept boxes to spy on each other over 20+ years ago..
IIRC They were default SunOS servers connected direct to internet, no patches or updates applied over the years. Once you mapped them you could wait for a known vulnerability and visit them again.
It’s always been terrible, and always been known. I want it to be taken seriously.
Edit: It may be closer to 30 years than 20, but “a long time ago”
Republicans,
Democrats,
Third party voters
People driven by totally incompatible political and religious ideologies,
Pineapple on pizza people,
People who hate pineapple on pizza and are incorrect,
🤜🏻🤛🏾 hating whomever hacked the Internet Archive
If people loosing access to their books when the vendor goes out of business was already bad, now the same thing is happening to cars: https://arstechnica.com/cars/2024/10/connected-car-failure-puts-kibosh-on-sale-of-3300-fisker-oceans/
I know, it is happening all over the place, merely with pieces of technology not quite as expensive. Maybe, just maybe, having basic functionality depend on external components isn’t such a great idea?
And since I don’t see “the market” ever discovering this, maybe some regulation is in order? Just so the next tech startup going out of business (or merely unwilling to support “outdated” hardware) isn’t an occasion to throw away tons of products in perfect working order.
Mozilla Firefox exploited zero-day: Security Advisory 2024-51 Security Vulnerability fixed in Firefox 131.0.2, Firefox ESR 128.3.1, Firefox ESR 115.16.1
CVE-2024-9680 (critical severity) Use-after-free in Animation timeline
An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild.
See related @BleepingComputer reporting: Mozilla fixes Firefox zero-day actively exploited in attacks
#zeroday #vulnerability #firefox #mozilla #cve #CVE_2024_9680
Hang on to your seats, because this one's a wild ride. Literally.
Lamborghini Carjackers Lured by $243M Cyberheist
The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini. Prosecutors say the couple was beaten and briefly kidnapped by six young men who traveled from Florida as part of a botched plan to hold the parents for ransom.
https://krebsonsecurity.com/2024/10/lamborghini-carjackers-lured-by-243m-cyberheist/