Happy Holidays to my oncall buddies today. I wish you all a quiet and uneventful shift.

I survived #Whamageddon \o/

To avoid sudden dangerous drops of frustration during these peaceful Holidays I'm configuring Postfix.

#Christmas #MontyPython

What are the online #book stores that are neither a) monopolistic giants built on enshittification nor b) copyright bullies?

If I ask for a unicorn, which ones do at least give authors a more fair share for their work?

The slides for the keynote our Cristofaro Mune(@pulsoid) has given at @h2hconference
"False Injections: Tales of Physics, Misconceptions and Weird Machines" are now available here:

https://raelize.com/upload/research/2024/2024_H2HC2024_False-Injections-Tales-of-Physics-Misconceptions-and-Weird-Machines.pdf

Enjoy!

nice one, asus

https://www.windowslatest.com/2024/12/22/asus-bombards-windows-11-with-christmas-exe-malware-like-christmas-wreath-banner/

In light of the Crowdstrike outage over 5 months ago, what specific changes has your organization made to your enterprise security program? What changes to policies, procedures, training, alerting, testing, and your written IRP have you made? Please share!

European Space Agency's official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout.

https://www.bleepingcomputer.com/news/security/european-space-agencys-official-store-hacked-to-steal-payment-cards/

Got like 20 new followers overnight at Bsky, what is happening?

Announcing #CodeQL Community Packs

https://github.blog/security/vulnerability-research/announcing-codeql-community-packs/

Maybe we should stop calling them *Notifications* and instead refer to *Interruptions*.

"Working on some stuff so I've turned off interruptions for a while."

"Right on."

⚡ A new remote code execution flaw in Apache Tomcat (CVE-2024-56337) exposes organizations to serious risk.

An uploaded file could turn into malicious JSP code—resulting in remote code execution.

» Affected Versions: Tomcat 9.0.0-M1 to 11.0.1
» Java users: Incorrect configurations = higher risk.
» Severity? CVE-2024-50379 scored a 9.8 on CVSS!

Details here 👉 https://thehackernews.com/2024/12/apache-tomcat-vulnerability-cve-2024.html

Near as I can tell, the activity around the #Struts2 bug,
CVE-2024-53677, is just ham-handed runs of some generalized PoC, and nobody's actually exploiting this yet (since exploitation would be very application/path specific).

Most of the news last week was all "exploitation happening, patch and rewrite everything now!" but not seeing any reports of successful (or even possibly successful) this morning.

Tell me I'm wrong!

(The PoC identified by SANS at https://isc.sans.edu/diary/31520 isn't specific to some particular application -- it's on the user to define upload_endpoint and assumes no auth or session or anything.)

Using @voooooogel control vector library to backdoor a model so that it introduces command injection vulnerabilities rather than using safer subprocess methods

Hi all. In order to make the Defensive Security Podcast content a bit more approachable and easier to navigate, I've created a playlist of individual stories/segments we cover here: https://www.youtube.com/playlist?list=PLzHXsgtVDQEq9JiCbwJojE4nd9dRVAT5l

Note: I've only gone back 4 episodes, but will be doing this for all episodes going forward.

Happy holidays!

Kagi's new video search controls let you replace clickbait thumbnails with real screenshots, customize title formatting, and focus on actual content.

You may find these controls in your search settings.

#Kagi #Search #AdFree #Videos

I started keeping a log of the serious attempts I've made to use generative AI for things (mostly coding-related). I've been bucketing them as successes or failures, along with the date and models used.

From the past several months, I'm up to 9 failures and 3 successes. I'll share this list some day.

When these systems have been successful, it's pretty neat. However, the successes I've seen have been for easy things, and the failures have mostly been time-sucks for me.

I feel like a heretic saying this (I'm a Principal Machine Learning Engineer), but I am not seeing a net benefit from using generative AI in my own work!

Windows Server 2022 and MsMpEng.exe:

https://www.hexacorn.com/blog/2024/12/20/windows-server-2022-and-msmpeng-exe/

Windows Server 2025 and MsMpEng.exe:

https://www.hexacorn.com/blog/2024/12/22/windows-server-2025-and-msmpeng-exe/

/by @hexacorn

Windows Cloud Files Mini Filter Driver LPE

CVE-2024-30085

https://ssd-disclosure.com/ssd-advisory-cldflt-heap-based-overflow-pe/