syncop @colt@nanao.cybtex.fr

Our #rapid7 blog about an 0-day being actively exploited in Forta GoAnywhere:

https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/

Just did a bug fix release of ssldump (version 1.6) which fixes an annoying bug with ports not being recorded in the pcap output. Thanks to all the contributors.

#opensource #tls #ssl #ssldump

:link: https://github.com/adulau/ssldump/

#Ransomware attacks on schools can have some unexpected consequences. For example, here's a snippet of an email I received after an incident involving a small, rural district.

The #malvertising campaigns via Google Ads are not just about software downloads and scams. They also include phishing for popular password managers such as 1Password.

The differences are so subtle, most people will fall for it.

Real URL:
https://my[.]1password.com/signin
Phishing URL:
https://my1pasword[.]com/signin

#Botconf2023 The tickets are now officially on sale ! https://www.billetweb.fr/botconf-2023

This is a summary of the most important highlights in r2-5.8.2, compared to 5.8.0:

* Add support for micromips (m4k)
* Add sourceline support from DWARF5 and Plan9
* Run any command to replace N bytes inside the disasm with the Cr command
* All the bugs reported by linux and bsd distros are now fixed, rpm packages are now tested and built in the CI, debian packages are now built with fakeroot
* Better error messages when missing basic tools, specially on Termux
* Added support for scripting in Pascal, assembly
* Fixed regressions in the GDB register mapping
* Huge optimization that mainly affects r2dec (80s -> 20s)
* Improved ESIL for arm64, v850
* Support multiple core plugins in pure quickjs, updated r2papi with integrated esil decompilation
* Updated support for Typescript
* Implemented TIRE algorithm in the search api, with much faster scans
* Added support for GNU/Poke
* Support two column and colors in r2slides
* Bug fixes and performance improvements in many places.

There are two CVEs for 5.8.0 related to ansi escape injection and a null deref, nothing really critical. but @pancake found and fixed a couple of UAFs so we encourage and recommend everyone to update!

IVRE v0.9.19 has just been released! See below for the main changes

Proof-of-concept code for both macOS and iOS has been released for MacDirtyCow, a Mac-version of the DirtyCow Linux exploit.

The vulnerability can be used to get root on macOS and jailbreak iOS devices.

Apple patched MacDirtyCow, also known as CVE-2022-46689, in mid-December 2022.

MacDirtyCow: https://worthdoingbadly.com/macdirtycow/

iOS PoC: https://github.com/mineek/dirtycowapp

macOS PoC: https://github.com/zhuowei/MacDirtyCowDemo

@harris Yes! Reflections off of a lot of things, including coffee pots, mugs, spoons, plastic coke bottles, and things like that.

Check out:

• "Computer Monitors around a Corner" (Backes, Duermuth, and Unruh, S&P 2008)
• "Tempest in a Teapot: Compromising ReflectionsRevisited" (S&P 2009)

A few fun examples from those papers:

VERY cool: “DrawBridge” Lets You Read and Write to Amiga Floppy Disks From a Modern Computer

https://www.hackster.io/news/this-drawbridge-lets-you-read-and-write-to-amiga-floppy-disks-from-a-modern-computer-c3baef6de2e9

#arduino #floppydisk #amiga #retrocomputing #commodore

Hey #OSINT, Carrot2 (http://search.carrot2.org) organizes your search results into topics. With an instant overview of what's available, you will quickly find what you're looking for. No more rummaging search results to find what you need

#infosec #tools

Twitter has permanently suspended Cryptome_org today. No specific violation provided.

My GitHub sponsor page is up:
If you want to sponsor me for making more file formats drawings - among other things.
https://github.com/sponsors/corkami

this is a relaxing post

anyone seen something like this? is my intel cpu broken? i can't use vivado to run p&r anymore, computer freezes and reboots to stuff like this