https://security.googleblog.com/2024/11/new-real-time-protections-on-Android.html

cool, all you need to do is LET GOOGLE FUCKING EAVESDROP ON YOUR PHONECALLS TO TRAIN ITS AI

Love Kagi Search? The best way to help is simply sharing it! Tell friends why you love it, show them how it works, help them explore the difference and benefits.

Word of mouth is how meaningful products become movements 💪

#AdFree #deGoogle

Security researcher Cristian Cornea authored a fake ransomware builder dubbed Jinn ransomware builder.

It was a fake Builder — it was actually a payload.

It infected over 100 people on Breached.

https://corneacristian.medium.com/how-i-hacked-100-hackers-5c3c313e8a1a

#Bitdefender's website is tracking me with 27 cookies – including TikTok. How can anyone trust a company that willingly hands over my privacy to multiple entities? #antivirus

Analyzing Firefox Animation CVE-2024-9680 https://dimitrifourny.github.io/2024/11/14/firefox-animation-cve-2024-9680.html

Wow Intel SGX and Sub-Page Protection exploded at the same time yesterday. The latter is so broken Intel removes it from all future processors. 👀

We've released #LibAFL 0.14 with an afl-fuzz rewrite in #LibAFL, better QEMU, FRIDA scripting, intel_pt tracing support and more!
Check it out:

https://github.com/AFLplusplus/LibAFL/releases/tag/0.14.0

Remove /dev/null from a host and a surprising number of programs crash and burn. Experienced sysadmins understand that most software requires an uninterruptible supply of nothing.

Full Rapid7 analysis and #exploit PoC (with root shell!) for #FortiManager #CVE202447575 via @stephenfewer 🐚 Not a simple project, as it turned out :) https://attackerkb.com/topics/OFBGprmpIE/cve-2024-47575/rapid7-analysis

The Pentium processor had a minor error in the division algorithm. This error cost Intel $475 million to replace the faulty chips. I've tracked down the FDIV error to this circuit on the die:

Me to Matomo:
Your installation instructions guarantee that Windows will be vulnerable to LPE. You should probably fix that.

Matomo:
"Unfortunately we do not consider this as a security issue, because it's actually fully unrelated to Matomo itself."

Great job, folks!

gell-man amnesia.
this is nuts.
these stories are one hour apart

Clownstrike @ 358...
Cyber incidents appear to have no long term impact ;-)

We have observed D-Link NAS CVE-2024-10914 /cgi-bin/account_mgr.cgi command injection exploitation attempts starting Nov 12th. This vuln affects EOL/EOS devices, which should be removed from the Internet: https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10413

We see ~1100 exposed.

https://dashboard.shadowserver.org/statistics/iot-devices/tree/?day=2024-11-12&vendor=d-link&type=nas&geo=all&data_set=count&scale=log

We share IP data on exposed D-Link NAS instances for your network/constituency in our Device ID reports (vendor D-Link, type: nas): https://shadowserver.org/what-we-do/network-reporting/device-identification-report/

D-Link NAS exposure tracker https://dashboard.shadowserver.org/statistics/iot-devices/time-series/?date_range=7&vendor=d-link&type=nas&model=sharecenter&dataset=count&limit=1000&group_by=geo&style=stacked

NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2024-10914