‘We must...fiercely protect the progress women in science have made!’ 🔬On #womeninscienceday don't miss this insightful interview w/ Suropriya Saha, Max Planck Research Group Leader, on the legacy of #Physics Nobel laureate Maria Goeppert Mayer!🌟 ▶️ https://www.mpg.de/23712159/suropriya-saha-about-maria-goeppert-mayer #GirlsinStem
CertCentral.org is live!
We track and report abused code-signing certs.
By submitting to the website, you contribute to the DB of >800 certs—a DB you can access and view.
Want to get more involved? Check out the Training and Research pages to learn more.
We can handle submitting your reports too. See the website for more details. :)
Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 0060aec0
CRYPTO_ocb128_decrypt
SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0060aec0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F0060aec0.json&colors=light
I was today’s year old when I learned what spool file means!
#IBMi #rpgpgm #IBMChampion
https://www.rpgpgm.com/2025/02/i-was-todays-years-old-when-i-learned.html
Anydesk LPE Vulnerability https://github.com/CICADA8-Research/Penetration/tree/main/POCs/CVE-2024-12754
🚨 New cool audit alert!
Our audit at @cure53 of @nymproject is now public! We uncovered some fascinating findings in Nym's cryptography and infrastructure.
Joint work with Alex Pirker, Daniel Bleichenbacher, Luan Herrera & Marta Conde!
Some highlights: 🧵👇
Wondering: are #storytelling contests for children a thing in other countries too?
In Hungary they are a staple in elementary school. Unfortunately, kids are made to learn folktales word for word and then recite them. Emphasis is on clear speech and mimicked regional "folksy" dialects. Also, tales are often chosen by teachers or parents rather than the kid. Not to mention the "contest" aspect. Now there's a cultural discussion developing around this.
Anything similar in other countries?
Van egy elado 2021-es 16" MacBook Pro-m, M1 proci, 32GB memoria, 1TB SSD, alig hasznalt allapotban. Kb negyszer volt bekapcsolva, ossz uzemido nagyjabol 6 ora lehet, ebbol 1 ora volt kb az upgrade macOS Sequoia-ra. Eredeti tolto, doboz megvan. Opcionalisan van meg egy Satechi USB hub is melle.
A gep frissen gyalult macOS-sel jon, igeny eseten meg lehet nezni (Patyon, vagy Budapest III keruletben). Kep csatolva, bar tul sok nem latszik rajta szerintem.
Ha valakit erdekelt, DMjeim nyitva. Szivesebben adnam el itt, mint jofogason vagy hasonlo helyeken. Arat tekintve: passz. Nem neztem utana mennyiert megy egy ilyen mostansag. Szeretnek mihamarabb tuladni rajta, de azert fillerekert nem adom.
Ujratulkolest megkoszonom!
I remember when people would tell me, you have to buy software from the large software companies or it will probably break and be terrible.
Today, it’s like, Google property? Microsoft invested? V.v.sus. The software lives in a self-hosted machine named for a pun on some obscure kink, the developer is a furry, the logo is two furries, it’s gpl’ed and if you do five minutes of due diligence you’re going to see all of their politics and most of their butt? I will trust this software with my life.
The new Amish of the late 21st century: isolated, rural communities of software engineers writing their own code and crafting emails by hand, getting around in non-self-driving carriages
High level diff of iOS 18.3 vs. iOS 18.3.1 🎉
https://github.com/blacktop/ipsw-diffs/blob/main/18_3_22D63__vs_18_3_1_22D72/README.md
📣 EMERGENCY UPDATE 📣
Apple pushed updates for a new zero-day that may have been actively exploited.
🐛 CVE-2025-24200 (Accessibility):
- iOS and iPadOS 18.3.1
- iPadOS 17.7.5
Ok, this is awesome
https://x.com/sixtyvividtails/status/1888872344032100372
My first C++ paper was published!
Unfortunately it's not adding great things to the language, just trying to encourage people to not add things that I think are a really bad idea.
Zimbra security advisory ~03 February 2025: Zimbra Collaboration Daffodil 10.0.12 Patch Release
This is a reason why change logs and timelines are important for security advisories: Zimbra supposedly released this on 17 December 2024. Yet the CVEs have a publish date of 03 February 2025. Open source reporting are only coming out today.
Only 3 out of 5 vulnerabilities have CVEs. Since they didn't provide a CVSS score, CISA as an ADP scored CVE-2025-25064 SQL injection vulnerability as 9.8 critical.
Why you should care about patching: Zimbra Collaboration Suite has nine CVEs on the KEV Catalog, with four of them allowing for unauthenticated code execution. CVE-2025-25064 is more likely to get exploited than other vulnerabilities.
#zimbra #zcs #cve_2025_25064 #vulnerability #cve #infosec #cybersecurity
Sucuri: Google Tag Manager Skimmer Steals Credit Card Info From Magento Site
Title is straightforward: Sucuri warns of credit card data theft from a customer's Magento-based eCommerce website. The credit card skimmer malware is delivered by leveraging Google Tag Manager (GTM). GTM is a free tool from Google that allows website owners to manage and deploy marketing tags on their website without needing to modify the site’s code directly. A single malicious domain is identified, but the real IOC is the GTM identifier GTM-MLHK2N68. The Hacker News identified at least three sites infected with the skimmer.
#magento #threatintel #ioc #infosec #cybersecurity #cyberthreatintelligence #CTI