HyperDbg v0.10.2 is released!

This release comes with lots of bugfixes and improved stability, check it out here:
https://github.com/HyperDbg/HyperDbg/releases/tag/v0.10.2

Re: traffic lights hacking

We have a childrens book series, where the pets of the protagonist children often do reckless and outright dangerous magic, like changing traffic lights and being fascinated by all the hard breaks and horns. There is no explanation why such thing would be irresponsible and any "punishment" is very mild (and usually also self-imposed).

I think this book should not be read to/by children without a responsible adult explaining why the cute characters are actually dangerous psychopaths.

The writing is also objectively bad.

How can I responsibly get rid of these books (I don't want to destroy them)?

#Book #Bookstodon

If anyone ever needs an example of costs & time saved by "shifting left" (doing the security work & testing earlier, ideally from the the very start):

"Dutch authorities will have to replace tens of thousands of insecure road traffic lights...after a security researcher found a vulnerability that could allow threat actors to change traffic lights on demand"

https://news.risky.biz/risky-biz-news-dutch-government-to-manually-replace-tens-of-thousands-of-hackable-traffic-lights/

Via @campuscodi / @riskybiz

#InfoSec #Security

38C3 Call for Participation
https://events.ccc.de/2024/10/10/38c3-cfp/

(CVE-2024-9680)[1923344][animation]UAF in Animation timelines -> ACE in the content process(exploited ITW), fixed in Firefox 131.0.2, Firefox ESR 128.3.1 & Firefox ESR 115.16.1
https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/#CVE-2024-9680
https://hg.mozilla.org/mozilla-central/rev/0ee07613d0506da465539cfaff1826cdc8bf0384

The Ig Nobel in Physics has been awarded:

Awarded to James Liao at the University of Florida for a comprehensive, multi-publication investigation into the swimming abilities of a dead trout¹.

It feels rather more relevant than handing a real Nobel to people working for a commercial company in "Artificial Intelligence" (the only way to write it is between quotes).
__
¹ https://www.cell.com/current-biology/fulltext/S0960-9822(22)00709-6

Behold government funded weather machines.

The Council of the EU has adopted the #CRA Cyber Resilience Act yesterday. This will have huge consequences for everyone who ships hardware and software as a product. Almost no actual open source developers face direct regulation (for writing software), but the users of our open source software very much do. The CRA notably suggests that commercial users pony up for improved open source security attestation. It is a big act, but it offers real possibilities for making better software! 1/2

Well that was unexpected for today! The Council of the EU has adopted the #CRA Cyber Resilience Act and we are just a few small steps away from it becoming a European law.

https://www.consilium.europa.eu/en/press/press-releases/2024/10/10/cyber-resilience-act-council-adopts-new-law-on-security-requirements-for-digital-products/

The #defcon32 presentations are now live and availablle for your perusal on the #DEFCON media server, free of all commercials, data capture or pesky algorithms. We suggest clearing some disk space and personal time this weekend to snatch up some of the many, many jewels our speakers dropped in Las Vegas. While you’re on media.defcon.org you can also find the slide decks, a ton of pictures and even the DC32 soundtrack. Enjoy, learn a few things and #passiton.

We’ll be posting the videos on YouTube Monday.

#sharingiscaring

Using Telerik Reporting or Report Server? Patch now to fix 3 RCEs @mwulftange found (CVE-2024-8015, CVE-2024-8014, CVE-2024-8048). Telerik vulns have a history of being exploited by threat actors according to #CISA Details at https://code-white.com/public-vulnerability-list/

Thousands of hackers, technology freaks, artists, and utopians get together in Hamburg to communicate, learn from each other, and party together: #38C3 Call for participation has launched https://www.ccc.de/en/updates/2024/38c3-call-for-participation

Updates from @brewsterkahle about the DDOS attacks on Internet Archive:

Use less javascript

Don't you miss the golden era of SQL Injections?

Here Mathieu Farrell (@coiffeur0x90) explains how to feel the thrill again with the aid of Apache Superset, XML and a bit of parsing tickery:

"Bypass Apache Superset restrictions to perform SQL Injections"

https://blog.quarkslab.com/bypass-apache-superset-restrictions-to-perform-sql-injections.html

New Project Zero issue:

Linux: fuse_notify_store() marks page uptodate while leaving beyond-EOF parts uninitialized

https://project-zero.issues.chromium.org/issues/42451729

CVE-2024-44947

New Project Zero issue:

adsprpc: refcount leak leading to UAF in fastrpc_get_process_gids

https://project-zero.issues.chromium.org/issues/42451711

CVE-2024-38402

A step-by-step guide to writing an #iOS #kernel #exploit -< short and to the point!

// by @alfiecg_dev

https://alfiecg.uk/2024/09/24/Kernel-exploit.html
https://github.com/alfiecg24/Vertex