👋 Looking for some cool research opportunities in 2025?
We still have an open position in our 2024-2025 internships season.
Take a look and hurry up to submit, those satellites won't hack themselves

https://blog.quarkslab.com/internship-offers-for-the-2024-2025-season.html

Ed Zitron went to Amazon and bought its best-selling laptop — a $238 machine running Microsoft S, a hobbled version designed to limit what a user can do

The laptop is janky, slow, awful — and the internet it opens onto is a shitshow of upselling, slop, and con schemes, where the walled gardens are preferable mostly because they offer an illusion of order

His point: for *most* people, computing is psychologically abusive

He’s right

Read the whole thing!

https://www.wheresyoured.at/never-forgive-them/

Juniper: 2024-12 Reference Advisory: Session Smart Router: Mirai malware found on systems when the default password remains unchanged
Juniper warns that customers with Juniper Session Smart Routers (SSR) are getting infected with Mirai DDoS botnet malware because they didn't change from the default password. 🤦‍♂️

#juniper #threatintel #cybersecurity #infosec #mirai #botnet #securitybestpractice

What do you think, AI slop or not? It's not always easy to tell...

https://hackerone.com/reports/2905552

Petition to flood GitHub with AI-generated code to trigger model collapse.

Hi Mastodon hivemind, a friend has a Gemmacert device and the company behind it has gone bankrupt. He's wondering whether someone has already reverse engineered it, so he can continue to use his expensive machine to measure how potent his weed is

#weed #gemmacert #reverseengineering #dtv #helpneeded

New attack on x86 secure enclaves, specifically AMD SEV this time. SEV is AMD's answer to Intel TDXs.

Basically tricking the CPU into thinking the DRAM is a different size, causing physical address aliasing, which can then be exploited

"Your GitHub account now includes free use of GitHub Copilot"
LOL get fucked

Why do iOS apps update so much. “Bug fixes and improvements.” You’ve said that every week for eight years. I’m impressed by the commitment honestly but what are you DOING in there

Biden has just pardoned the entire executive team behind the Windows 11 out of box experience.

Almost exactly a year ago, Rapid7 put out a technical analysis of Apache #Struts 2 CVE-2023-50164 that said:

* Exploit payloads were going to need to be customized to the target

* It wasn't clear that there was any critical mass of remotely exploitable applications out of the box

* The reports of exploitation in the wild all appeared to be unsuccessful attempts rather than IRL compromises of production systems.

https://attackerkb.com/topics/pe3CCtOE81/cve-2023-50164/rapid7-analysis

Fast-forward to CVE-2024-53677 and we can repeat the above verbatim, with one pretty notable exception — the "fixed" version that ostensibly remediates the vulnerability actually doesn't, and code-level changes are required (to migrate away from the vulnerable file upload interceptor) to actually remediate it. Also the "fixed" release (6.4.0) appears to have gone out a year ago? No idea. Big ups to @fuzz for the analysis!

https://attackerkb.com/assessments/28f08c0a-702c-4ab0-99cb-eea00202fa2c

HIV breakthrough: drug trial shows injection twice a year is 100% effective against infection
http://theconversation.com/hiv-breakthrough-drug-trial-shows-injection-twice-a-year-is-100-effective-against-infection-233295

If you are wondering about the unpublished CVE-2024-49848... there is a PoC.

#vulnerability

🔗 https://vulnerability.circl.lu/comment/23fd524b-475e-4b9f-8dc2-7b67f4cec409

UK: “It’s still illegal to rip a CD you legally own to MP3!”

Also UK: “Hey, let’s exempt those AI guys from copyright law!”

FFS.

https://www.gov.uk/government/consultations/copyright-and-artificial-intelligence