Chinese Backdoor Alert! Security enhancements on Mifare Classic cards used in hotels/business contain a supply chain backdoor making reading & exploitation trivial. Great paper by Philippe Teuwen Quarkslab https://t.co/lTVOVoULFF Watch your Chinese supply chains carefully folks!

— Rob Joyce (@RGB_Lights) August 16, 2024

For those that don’t know, these are the RF keycards that are used in the electronic locks for hotels and other businesses. This backdoor allows trivial reading and duplication of the keycard for those that had the backdoor key. 🔑

— Rob Joyce (@RGB_Lights) August 16, 2024

As it turns out, the secure monitor, Android's most trusted component is full of bugs. @chli and @0ddc0de discovered lots of serious issues @USENIXSecurity though fuzzing. Paper: https://t.co/LBiJF2FXno pic.twitter.com/nsrUjdwRKT

— Mathias Payer (@gannimo) August 16, 2024

Interesting! I didn't know @morphisec found a bypass of our #MonikerLink bug (CVE-2024-21413) on Outlook (https://t.co/vkO4yA5sYX), resulting in CVE-2024-38021 patched in July.https://t.co/JkQJ9WIjeR pic.twitter.com/DUQwxvUwjT

— Haifei Li (@HaifeiLi) August 16, 2024

My favorite base64 trick: https://t.co/LsNetbC9IM

— Gynvael Coldwind (@gynvael) August 16, 2024

A library that provides methods to inline hook binary codes in x86 and x86_64 architecture [rust]https://t.co/nU3PDH47eg

— gmh5225 (@gmhzxy) August 15, 2024

Do you want 0days in Android Trusted Applications using the Global Platform API? Use @0ddc0de's binary static analysis @USENIXSecurity to find type confusions resulting in arbitrary writes. Paper: https://t.co/lvH4aB8szX pic.twitter.com/783jKU3mYU

— Mathias Payer (@gannimo) August 16, 2024