Can you find an ITW 0-day from crash logs? Project Zero finds out

https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html

Yearlong supply-chain attack targeting security pros steals 390K credentials https://arstechnica.com/security/2024/12/yearlong-supply-chain-attack-targeting-security-pros-steals-390k-credentials/

Looking at legacy NeXT source:

https://github.com/johnsonjh/NeXTSrc/blob/ff846608a76ab2fbbb86e8a14c52ac85332f9786/libc-34.1/libc/gen/execvp.c#L34

Quoting from the OS X man page for execvp():

"Historically, the default path for the execlp() and execvp() functions was ``:/bin:/usr/bin''. This was changed to place the current directory last to enhance system security."

#noshitsherlock, #codereview, #appsec, #sdlc

- There are lots of things worse than movies: politicians, wars, forest fires, famine, plague, sickness, pain, warts, politicians...
- You already mentioned them.
- I know I did. They are twice as bad as anything else.

https://m.imdb.com/title/tt0107362/?ref_=ttqu_ov

JOURNALISM 101 RULE: If someone says it’s raining, and another person says it’s dry, it’s not your job to quote them both. Your job is to look out of the fucking window and find out which is true. — Now more than ever.

Important reminder, if you own a domain name and don't use it for sending email.

There is nothing to stop scammers from sending email claiming to be coming from your domain. And the older it gets, the more valuable it is for spoofing. It could eventually damage your domain's reputation and maybe get it blacklisted, unless you take the steps to notify email servers that any email received claiming to come from your domain should be trashed.

Just add these two TXT records to the DNS for your domain:
TXT v=spf1 -all
TXT v=DMARC1; p=reject;

The first says there is not a single SMTP server on earth authorized to send email on behalf of your domain. The second says that any email that says otherwise should be trashed.

If you do use your domain for sending email, be sure to add 3 records:
SPF record to indicate which SMTP server(s) are allowed to send your email.
DKIM record so the receiving email server can confirm the FROM addresses are valid.
DMARC record that tells the receiving email server how to handle email that fails either check.

You cannot stop scammers from sending email claiming to be from your domain, any more than you can prevent people from using your home address as a return address on a mailed letter. But, you can protect both your domain and intended scam victims by adding appropriate DNS records.

#cybersecurity #email #DomainSpoofing #EmailSecurity #phishing

It costs around $50 million every year to ensure Signal is robust and available all over the world for anyone whenever they need it.

And as a nonprofit, that money comes from all of you; the people who believe that we all deserve a place to speak freely.

https://signal.org/donate/

[RSS] Killing Windows Kernel Mitigations

https://wetw0rk.github.io/posts/0x01-killing-windows-kernel-mitigations/

[RSS] Ghidra Ctrl+P - quick search and command palette plugin.

https://github.com/msm-code/GhidraCtrlP

#Ghidra

How do transistors work, anyway?

https://lcamtuf.substack.com/p/how-do-transistors-work-anyway

CISA just took CVE-2024-11053 from 9.1 all the way down to 3.4!

https://github.com/cisagov/vulnrichment/blob/develop/2024/11xxx/CVE-2024-11053.json

Apparently #NVD has rated #curl #vulnerability #CVE_2024_11053 as #CVSS v3 Base Score 9.1 "critical". This is wrong, and will lead to automation triggering unnecessary warnings and blocking use of perfectly fine systems until an update is installed (which can take months). https://nvd.nist.gov/vuln/detail/CVE-2024-11053

[RSS] Attacking Entra Metaverse: Part 1

https://posts.specterops.io/attacking-entra-metaverse-part-1-c9cf8c4fb4ee?source=rss----f05f8696e3cc---4

[RSS] dns.exe and its quirks

https://www.hexacorn.com/blog/2024/12/15/dns-exe-and-its-quirks/

#Music #Electronics

Holy shit.

The Russian gov send in an abuse request for the @Bellingcat to be removed from mstdn.social

I am not gonna comply, and have replied to Hetzner

No way I'm gonna let the evils of the gremlin dictate stuff on anything I host

UPDATE: Hetzner ignores their requests and we're in the clear: https://mstdn.social/@stux/113662573364116275

A few weeks ago I bought my first iPod. It's a Classic 5 / 5.5 that has seen better days over it's 19 year life
Features include a battery that will last up to 30 mins. A damaged screen with an interesting black blob in the middle and a 30GB spinning hard disc.
But it does work. And can be repairs and bought up to date.

A thread...

Attacking an EDR - Part 1
https://her0ness.github.io/2023-08-03-c2-Attacking-an-EDR-Part-1/

#frombsky