[RSS] Beyond good ol' Run key, Part 144

https://www.hexacorn.com/blog/2024/11/15/beyond-good-ol-run-key-part-144/

Hey #infosec folks, if you've bridged your account to #Bluesky using BridgyFed (https://fed.brid.gy/) let me know so I can add that bridged account to a starter pack there. 👍

Would be great to highlight the infosec people who are here, over there.

Boost around so I can nab everyone! 🚀

- Why was ollydbg discontinued?
- Not enough ollyfans

NEW: WhatsApp forced a judge to release previously non-public court documents, which include a ton of details on how NSO's spyware works.

The documents show how NSO targeted WhatsApp, the number of customers the company had to cut off because of abuse, and more.

Here are the biggest revelations.

https://techcrunch.com/2024/11/15/nso-group-admits-cutting-off-10-customers-because-they-abused-its-pegasus-spyware-say-unsealed-court-documents/

After several hours my polite little #bsky xposter is still rate limited... someone plz tell them they need a user base before starting #enshittification!

Slides for my @ekoparty talk "Advanced Fuzzing
With #LibAFL"

• >https://docs.google.com/presentation/d/1ILXdsBx6JJbsf3uq-_hSeYux-a0DRRPxebOY65EDE5o/edit?usp=sharing

Just registered the 38c3 assembly "ITAR Violators". Hope to see your ITAR controlled items!

Google Security: Retrofitting Spatial Safety to hundreds of millions of lines of C++
Google is retrofitting secure-by-design principles to their existing C++ codebase wherever possible, including bringing spatial memory safety into as many codebases. It has already made a noticeable impact, from preventing exploits, reducing crashes and improving code reliability/easier debugging.

#google #security #securebydesign #memorysafety #vulnerability #memory #infosec #cybersecurity

Missed out on the action at #r2con2024 in Barcelona? #NowSecure researcher and #radare2 co-creator @pancake put together a recap of all three days, including all the recordings, slides, and GitHub repositories. Check it out here: https://www.nowsecure.com/blog/2024/11/15/nowsecure-at-r2con2024-top-takeaways-and-mobile-security-highlights/?utm_source=mastodon

A huge thanks to everyone who joined us and made this comeback event a success after a 5-year break! #r2con #radare #frida

Pandoc compiled to Wasm (WebAssembly), which enables live conversions in the browser.

• Live demo: https://tweag.github.io/pandoc-wasm/

• Repository: https://github.com/tweag/pandoc-wasm

Amazing work by @terrorjack and the ghc-meta-wasm folks!

#pandoc #Wasm #ghc

Unpatched 0day in an enterprise firewall management interface? Must be Friday https://www.rapid7.com/blog/post/2024/11/15/etr-zero-day-exploitation-targeting-palo-alto-networks-firewall-management-interfaces/

Reproducing CVE-2024-10979: A Step-by-Step Guide https://redrays.io/blog/reproducing-cve-2024-10979-a-step-by-step-guide/

R.I.P. :(

https://en.wikipedia.org/wiki/Istv%C3%A1n_Nemere

See the latest iOS inactivity reboot in action! 🔒

iOS 18 comes with improved anti-theft measures. Three days w/o unlock, the iPhone will reboot, preventing thieves from getting your data.

Inactivity reboot puts your iPhone into "Before First Unlock" state, effectively locking encryption keys in the Secure Enclave Processor. Even if thieves leave your iPhone powered on for a long time, they won't be able to unlock it with cheaper, outdated forensic tooling. (1/2)

Bluesky is the Microsoft Word of social media, which I mean in the derogatory sense, as the fediverse is the LaTeX of social media, which I also mean in the derogatory sense

I didn't know #EU started to regulate political ads ( #TTPA ) :O I'm not familiar with the details (the devil is usually in there, see cookie banners...), but I think it was long due to attack propaganda from this angle, and it already seems to have some nice effects:

https://blog.google/around-the-globe/google-europe/political-advertising-in-eu/

Nice job, EU!

[RSS] The Definitive Guide to Linux Process Injection

https://www.akamai.com/blog/security-research/the-definitive-guide-to-linux-process-injection