From Convenience to Contagion: The Half-Day Threat and Libarchive Vulnerabilities Lurking in Windows 11 https://devco.re/blog/2025/02/12/from-convenience-to-contagion-the-half-day-threat-and-libarchive-vulnerabilities-lurking-in-windows-11-en/

Here are the results of #ghidriff's VersionTrackingDiff ran on the latest patch of afd.sys (likely as the result of CVE-2025-21418):

https://gist.github.com/v-p-b/458475d0c7f8aaf6496b5168c04ea262

The change seems to affect a single but significant API (AfdAccept()), my initial guess is this was a locking issue.

#ExploitWednesday

As JD Vance delivered his speech about “European overregulation” and criticized “endless compliance costs imposed on the US companies by GDPR” I have seen some voices from Europe who said something to the effect “I don‘t know a single EU company happy about #GDPR either”.

Well, it’s kind of obvious companies aren’t happy because GDPR was not made to make companies happy but to protect the privacy of consumers 😄

This regulation is based on fundamental differences between US and EU legal systems. In EU, you own and control your personal data. In US it’s owned by whoever managed to extort it from you, and then aggregate, personalise and resell to any other entity anywhere.

For example, if you want to pay higher insurance premium because you have genetic tendencies to diabetes or obesity - well, that’s the US way of doing business, but it’s not the only one, nor it’s somehow axiomatically “better”. And yes, high insurance premiums also have the effect of increasing overall country’s GDP, just as a house burnt and rebuilt also does this magic, yet somehow few people celebrate it 😉

Then someone asked me if I really “feel that my data is better protected thanks to GDPR”. And yes, as a matter of fact the most invasive behavioural profiling aren’t being rolled out by companies like Twitter or Facebook to EU specifically because of GDPR, while in US they just roll them out without asking anyone.

Anyone… of course except for the states which have regulations very similar or even more restrictive than GDPR, such as California. Yet, because California is “their”, these companies and their CEOs with high media presence simply shut up and make their apps compliant with CCPA without all this barking about “how GDPR kills out business”.

It’s the same with EU VAT, about which Vance also whined, whereas US sales tax accounting rules are not even harmonized across states. But hey, you know what? An US business that has to emply a tax consulting company to get multi-state accounting right also increases overall GDP! 😄

So effectively what in US is perceived as each state’s fundamental right, sign of their diversity and key part of their autonomy, in the EU is portrayed as something equivalent to Soviet Union style central planning. And when they post all the memes about “bottle caps” in EU, they of course never mention a gazillion of state-level archaic or absurd regulations which are nonetheless binding, especially if someone likes to build a class lawsuit around them.

And now as Tesla opened a new factory in #China, I’ve never seen Musk make a single critical remark about the overregulation in China, even though it’s even more complex than EU and US taken together due to its vast geographic and administrative diversity.

The #MADWeb '25 program is live!

We've got 9 full papers, 3 work-in-progress papers, and 2 exciting keynotes lined up. Huge thanks to all the authors and the program committee!

Check out the details and get ready for a great event! 🔥

🔗 https://madweb.work/#program

See you in San Diego!

#NDSSSymposium2025 #websecurity

This is a friendly reminder that anyone can contribute to the lovebyte.party!

It is a party about tiny intros, that is held online on the weekend of 15. - 16. Feb 2025.

#bytebeat #bytejam #textmode #petscii #sizecoding #ascii #ansi #teletext

Has anyone looked into the "Advanced Installers" (...ai.dll) distributed via Windows Updates? #ExploitWednesday

[RSS] Micropatches Released for Microsoft Outlook Remote Code Execution Vulnerability (CVE-2025-21357)

https://blog.0patch.com/2025/02/micropatches-released-for-microsoft.html

Thanks @bagder for providing the Firefox ca bundle publicly in an accessible way here: https://curl.se/docs/caextract.html

Extra kudos for the appropriate curl command-line to automatically download the latest version!

#curl

Just released #ghidriff v0.8.0 - Ghidra 11.3 Support + PyGhidra 🔥👀

This release uses the latest PyGhidra now officially supported by Ghidra 🤓💪

https://github.com/clearbluejar/ghidriff/releases/tag/v0.8.0

🔋 included!

Free advice for #UX designers:

The answer to the question "Should we show a survey/questionnaire to the user?" is always NO.

Recon 2025 Have been Annonced! 20th year Anniversary https://recon.cx June 23-29.

Picard management tip: It's okay not to know things. Practice saying "I don't know." Go ahead. Say it.

Our blog site is having a moment, and @TheDustinChilds is stuck on a plane in DFW, but nothing stops Patch Tuesday. There's 2 Microsoft bugs being exploited in the wild and some things we've never seen before. Read all the details at https://www.zerodayinitiative.com/blog/2025/2/11/the-february-2025-security-update-review

Cisco Talos is grinding through NVIDIA nvJPEG2000, check out their vulnerability reports page for details:

https://talosintelligence.com/vulnerability_reports#disclosed

CVE-2024-0142, CVE-2024-0143, CVE-2024-0144, CVE-2024-0145

[RSS] Exploring a VPN Appliance: A Researcher's Journey [CVE-2024-46666, CVE-2024-46668]

https://www.akamai.com/blog/security-research/2025-february-fortinet-critical-vulnerabilities

"We%27ll go through the processes of getting the firmware, decrypting, setting up a debugger, and finally looking for vulnerabilities." -> Mad respect!

That's it, I unsubscribed Sonar because of their shitty RSS :P

A demonstration of writing a simple Windows driver in Rust

https://scorpiosoftware.net/2025/02/08/writing-a-simple-driver-in-rust/

Discussions: https://discu.eu/q/https://scorpiosoftware.net/2025/02/08/writing-a-simple-driver-in-rust/

#programming #rustlang

Good tools are made of bugs: How to monitor your Steam Deck with one byte.
Finding and exploiting two vulnerabilities in AMD's UEFI firmware for fun and gaming.
A Christmas gift in February, brought to you by the incredible @pwissenlit 🫶

https://blog.quarkslab.com/being-overlord-on-the-steam-deck-with-1-byte.html

ElecticIQ: Sandworm APT Targets Ukrainian Users with Trojanized Microsoft KMS Activation Tools in Cyber Espionage Campaigns
EclecticIQ analysts assess with high confidence that Sandworm (APT44), a threat actor supporting Russia's Main Intelligence Directorate (GRU), is actively conducting a cyber espionage campaign against Ukrainian Windows users. Likely ongoing since late 2023, following Russia's invasion of Ukraine, Sandworm leverages pirated Microsoft Key Management Service (KMS) activators and fake Windows updates to deliver a new version of BACKORDER, a loader previously associated with the group. BACKORDER ultimately deploys Dark Crystal RAT (DcRAT), enabling attackers to exfiltrate sensitive data and conduct cyber espionage.

Multiple pieces of evidence strongly link this campaign to Sandworm, also tracked by CERT-UA as UAC-0145, based on recurring use of ProtonMail accounts in WHOIS records, overlapping infrastructure, and consistent Tactics, Techniques and Procedures (TTPs). Additionally, the reuse of BACKORDER, DcRAT, and TOR network mechanisms, along with debug symbols referencing a Russian-language build environment, further reinforce confidence in Sandworm's involvement. Yara and Sigma rules, and Indicators of Compromise are listed.

#russia #sandworm #apt44 #gru #threatintel #IOC #yara #sigma #malwareanalysis #infosec #cybersecurity #cti #cyberthreatintelligence