-
-
The team has just published a video that shows them breaking into a device manufactured by OneKey, a Hong-Kong based firm that has raised $20 million in venture capital and that describes its product as an “open source wallet trusted by millions.”
https://infosec.exchange/@Weld/109836401678032983
-
Almost all of the public exploits for ManageEngine's CVE-2022-47966 rely on getRuntime().exec(). This behavior will get an attacker caught by any half-decent security solution. So I put together a blog that demonstrates how an attacker can exploit this vulnerability without getRuntime(), stay in memory, and evade current detections.
https://vulncheck.com/blog/cve-2022-47966-payload
https://infosec.exchange/@albinolobster/
-
A curated list of falsehoods programmers believe in
You won’t believe number 7!
https://github.com/kdeldycke/awesome-falsehood
-
-
If you missed the between two nerds yesterday, you should really check it out.
Link here:
-
This is an amazing story, about which I have some thoughts…
-
-
-
Fans banned from Europa Conference League match amid Moldovan fears of Russian coup
Clever idea actually. Use saboteurs disguised as football hooligans who then attack buildings and seize control under cover of a football game.
-
-
-
Apple splats zero-day bug, other gremlins in macOS, iOS
Not much info on this, but (1) WebKit type confusion gives RCE, (2) actively exploited in the wild, (3) credit appears to be given to Citizen Labs. Strongly suggests that some spyware vendor had to spend time and money integrating a replacement iOS 0day into their system.
https://www.theregister.com/2023/02/15/apple_patches_zeroday_vulnerability/
-