Our #rapid7 blog about an 0-day being actively exploited in Forta GoAnywhere:
https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/
Just did a bug fix release of ssldump (version 1.6) which fixes an annoying bug with ports not being recorded in the pcap output. Thanks to all the contributors.
#Ransomware attacks on schools can have some unexpected consequences. For example, here's a snippet of an email I received after an incident involving a small, rural district.
The #malvertising campaigns via Google Ads are not just about software downloads and scams. They also include phishing for popular password managers such as 1Password.
The differences are so subtle, most people will fall for it.
Real URL:
https://my[.]1password.com/signin
Phishing URL:
https://my1pasword[.]com/signin
#Botconf2023 The tickets are now officially on sale ! https://www.billetweb.fr/botconf-2023
This is a summary of the most important highlights in r2-5.8.2, compared to 5.8.0:
* Add support for micromips (m4k)
* Add sourceline support from DWARF5 and Plan9
* Run any command to replace N bytes inside the disasm with the Cr command
* All the bugs reported by linux and bsd distros are now fixed, rpm packages are now tested and built in the CI, debian packages are now built with fakeroot
* Better error messages when missing basic tools, specially on Termux
* Added support for scripting in Pascal, assembly
* Fixed regressions in the GDB register mapping
* Huge optimization that mainly affects r2dec (80s -> 20s)
* Improved ESIL for arm64, v850
* Support multiple core plugins in pure quickjs, updated r2papi with integrated esil decompilation
* Updated support for Typescript
* Implemented TIRE algorithm in the search api, with much faster scans
* Added support for GNU/Poke
* Support two column and colors in r2slides
* Bug fixes and performance improvements in many places.
There are two CVEs for 5.8.0 related to ansi escape injection and a null deref, nothing really critical. but @pancake found and fixed a couple of UAFs so we encourage and recommend everyone to update!
Encore plus de bots sur Twitter qu'auparavant. More bots on #Twitter than ever before. Elon, how many results for « Запрос с неба, хорошего урожая и продолжал работать в пахотном
» ? Combien d'occurrences pour cette phrase ? 🤔
Proof-of-concept code for both macOS and iOS has been released for MacDirtyCow, a Mac-version of the DirtyCow Linux exploit.
The vulnerability can be used to get root on macOS and jailbreak iOS devices.
Apple patched MacDirtyCow, also known as CVE-2022-46689, in mid-December 2022.
MacDirtyCow: https://worthdoingbadly.com/macdirtycow/
iOS PoC: https://github.com/mineek/dirtycowapp
macOS PoC: https://github.com/zhuowei/MacDirtyCowDemo
@harris Yes! Reflections off of a lot of things, including coffee pots, mugs, spoons, plastic coke bottles, and things like that.
Check out:
A few fun examples from those papers:
VERY cool: “DrawBridge” Lets You Read and Write to Amiga Floppy Disks From a Modern Computer
Hey #OSINT, Carrot2 (http://search.carrot2.org) organizes your search results into topics. With an instant overview of what's available, you will quickly find what you're looking for. No more rummaging search results to find what you need
My GitHub sponsor page is up:
If you want to sponsor me for making more file formats drawings - among other things.
https://github.com/sponsors/corkami
Yipee-ki-yay!
🌐🏹🦁🐍🦉🚩☣️