Big news: a recent copyleft lawsuit we funded and supported has concluded with a very positive result for user rights! The suit, brought by a device owner in Germany, resolved with the purchaser receiving the right to repair, modify, and reinstall LGPLed software on their devices. Check out the details at https://sfconservancy.org/news/2025/jan/09/avm-copyleft-lawsuit-resolved-with-install/

Congratulations all crowd strike users on macOS who now get warnings about the libcurl version shipped by Apple. May you all enjoy your choices of software vendors.

It alerts about CVE-2024-9681. We said it is severity low. NVD says 6.5 medium.

Never a dull moment.

OK, I fleshed this out a little more. You can find the (In)Security Appliance Bingo 2025 in proper, two-dimensional form here:

https://cku.gt/appbingo25

Suggestions and submissions very welcome.

CrowdStrike: Recruitment Phishing Scam Imitates CrowdStrike Hiring Process
Following CrowdStrike's successful Denial of Service attack on customers' Windows systems worldwide in July 2024, recruitment has gone up (this is a joke). CrowdStrike reports that a newly discovered phishing campaign uses CrowdStrike recruitment branding to convince victims to download a fake application, which serves as a downloader for the XMRig cryptominer. They describe the infection chain and provide Indicators of Compromise.

#crowdstrike #IOC #xmrig #cryptomining #infosec #cybersecurity #cyberthreatintelligence #CTI

[RSS] WorstFit: Unveiling Hidden Transformers in Windows ANSI!

https://devco.re/blog/2025/01/09/worstfit-unveiling-hidden-transformers-in-windows-ansi/

Nominations are now open for the Top 10 Web (new) Hacking Techniques of 2024! Browse the contestants and submit your own here:
https://portswigger.net/research/top-10-web-hacking-techniques-of-2024-nominations-open

Mozilla Foundation security advisories 09 January 2025:

• MFSA2025-04 Security Vulnerabilities fixed in Thunderbird 134 (9 CVEs: 2 high, 7 "moderate")
• MFSA2025-05 Security Vulnerabilities fixed in Thunderbird ESR 128.6 (7 CVEs: 1 high, 6 moderate)

No mention of exploitation.

#mozilla #thunderbird #vulnerability #cve #infosec #cybersecurity

I really hope I'm missing something, but I can't find a VSCode API that allows me, in an extension, to get an event when a breakpoint is hit.
Seems like a massive blocker for developing debugging tools.

#vscode #debugging

Taking his previous research to the next level, our Maxence Schmitt explores how to bypass various upload restrictions to exploit client-side path traversal. Read about it in our latest blog post today!

https://blog.doyensec.com/2025/01/09/cspt-file-upload.html

#doyensec #appsec #cspt #cspt2csrf

2025

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75a7fb8c4

RenameFile

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a7fb8c4.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75a7fb8c4.json&colors=light

Hearing about a young hacker whose being extorted by the University of Washington, not cool UW.

The student claims they built an app to help kids get the course schedules they want, a hack as old as time, and the university decided to expel him until he ports his app to the university's internal systems.

This would be unpaid labor.

Until then his class registration is on hold and he can't register or attend his last few classes. 🥴

https://www.linkedin.com/posts/jdkaim_github-jdkaimhuskyswap-huskyswap-project-activity-7282891503142641664-nA8Y

#UW #Seattle #HuskySwap #CS

🎂🗻 Looking for simh/DEC J-11 experts to volunteer for our project of developing a libre emulator of the Slovenian Iskra Delta Triglav computer which is celebrating 40 years! We have ROM and disk images (RSX11-M/DELTA-M OS) and lots of documentation. Interested? 👉 marko@muzej.si

Project: golang/go https://github.com/golang/go
File: src/runtime/map.go:1255 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/runtime/map.go#L1255

func evacuate(t *maptype, h *hmap, oldbucket uintptr)

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fruntime%2Fmap.go%23L1255&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fruntime%2Fmap.go%23L1255&colors=light

Project: golang/go https://github.com/golang/go
File: src/cmd/trace/gen.go:41 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/trace/gen.go#L41

func runGenerator(ctx *traceContext, g generator, parsed *parsedTrace, opts *genOpts)

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Ftrace%2Fgen.go%23L41&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Ftrace%2Fgen.go%23L41&colors=light

New #Ivanti Connect Secure #0day — I'm sure we'll see Mandiant and MSTIC write-ups shortly on whichever threat campaign/actor was hitting CVE-2025-0282. https://www.rapid7.com/blog/post/2025/01/08/etr-cve-2025-0282-ivanti-connect-secure-zero-day-exploited-in-the-wild/

I'm very happy to see @kagihq joining Peertube with their inaugural video below about what makes Kagi independent search special!

https://tilvids.com/w/twGQeYV9c1TGwMmbdXtY2q

Remember to follow their Peertube account at @kagi and boost to encourage and show them the effort is appreciated! Also do check out their excellent lenses feature, shown in the video.

#Kagi #Peertube #Fediverse #Fedi #Privacy

[RSS] Two Network-related vunlnerabilities Analysis

https://u1f383.github.io/linux/2025/01/08/two-network-related-vulnerabilities-analysis.html

#Linux kernel - CVE-2023-6932 CVE-2023-0461

[RSS] Hijacking Azure Machine Learning Notebooks (via Storage Accounts)

https://www.netspi.com/blog/technical-blog/cloud-pentesting/hijacking-azure-machine-learning-notebooks/