Lee

Sigh. New PAN 0day being exploited.

"Smashing the stack for fun and profit" by @aleph_one anniversary -- 8 Nov 1996! jmp offset-to-call pop ... call offset-to-pop "/bin/sh" phrack.org/issues/49/14.h…

A rather unfortunate parallel with the Brexit vote is seeing the sudden upturn in interest amongst US voters in how tariffs work in practice... after the fact.

You can't get security from an LLM. Secure isn't the average of the input training data. Unfortunately security is an edge condition.

you’re not fooling anyone

Mandatory MFA is coming to Google Cloud. Here’s what you need to know. cloud.google.com/blog/products/…

Anybody fretting about the Okta 52 character username vulnerability, I present the Xbox spacebar attack that minted the youngest hacker ever recognized by a major company for finding a serious security hole. He was 5 & wanted to play forbidden games. cnn.com/2014/04/04/tec…

For 5 years, Sophos has been engaged in defensive and counter-offensive operations against China-based #NationState adversaries targeting perimeter devices like #firewalls for surveillance and sabotage.

Check out @Google's new SAIF Risk Assessment, a questionnaire-based tool that generates an instant and tailored checklist to help secure AI systems. Try it today on our new website SAIF.Google #cybersecurityawarenessmonth blog.google/technology/saf…

SEC fines the companies that minimized the severity of the attacks they were required to disclose.

😬😬😬😬 “Microsoft has notified customers that it’s missing more than two weeks of security logs for some of its cloud products, leaving network defenders without critical data for detecting possible intrusions.” techcrunch.com/2024/10/17/mic…

Software liability comes to the EU. The new EU liability law extends the definition of “defective products” to include software, holding manufacturers accountable for harm caused by software vulnerabilities. If a software flaw leads to damage, manufacturers can now be held liable, emphasizing the importance of security throughout the product lifecycle. This change encourages companies to prioritize cybersecurity measures and regular updates to protect consumers, shifting some risk from users to software providers. The law also allows easier access to evidence in legal claims, balancing the power dynamics between consumers and manufacturers. There is a carve out for open source software. Importers and the EU representatives of foreign software can be held liable too.

Format String Attacks were described in a paper by Tim Newsham 24 years ago. That’s some critical security debt coming home to roost. seclists.org/bugtraq/2000/S…

New: UK ministers have been informed of widespread + likely successful efforts by Chinese state actors to compromise Britain's critical infrastructure networks, underscoring its vulnerabilities to cyberattacks by foreign powers w/@alexwickham @jamietarabay bloomberg.com/news/articles/…

New series of Palo Alto Networks vulnerabilities, chained together for a bad time. “We find that a simple request to that exact endpoint over the web service resets the admin password.” Well, I don’t like the sound of that… 🧵

Superb quotation. Richie Benaud: "Succesful captaincy in cricket is 10% Talent and 90% Luck. But don't try it without the 10%."

This is the 23rd 'exploited-as-0day' issue in Microsoft products this year 🚒

This is one of the reasons encryption must never hold a backdoor.

The team at @NCSC inputted - go forth and defend..

eBPF docs have a nice new URL docs.ebpf.io 🐝 docs.ebpf.io