July 30, 2024
July 30, 2024
A few days ago we were alerted to Roblox 'cheaters' (we're using that term loosely) being impacted by malicious code in their 'cheat tool'.
— vx-underground (@vxunderground) July 29, 2024
tl;dr malicious script is malicious
The tool being used by Roblox nerds, Wave Executor, executes scripts. In the event a user… pic.twitter.com/InpGCM8iWP
Microsoft has uncovered a vulnerability in ESXi hypervisors, identified as CVE-2024-37085, being exploited by threat actors to obtain full administrative permissions on domain-joined ESXi hypervisors and encrypt critical servers in ransomware attacks. https://t.co/7NUvHGrzXM
— Microsoft Threat Intelligence (@MsftSecIntel) July 29, 2024
The value of ‘wasting time’ on deep thinking is often overlooked in a scientific ecosystem increasingly tainted by Wall Street’s productivity mindset.https://t.co/hNTA74DNOr pic.twitter.com/XRwlAUHCsn
— Gustavo Monasterio O. (@gamonasterioo) July 29, 2024
This declassified UK Ministry of Defence study (1985) discusses the possibility of taking over command & control of Soviet recon satellites and covertly using Soviet communications satellites pic.twitter.com/qFGzWrAjhd
— Aaron Bateman (@aaronbateman22) July 29, 2024
Stay tuned for our latest research! pic.twitter.com/1TSdmN4elJ
— zhiniang peng (@edwardzpeng) July 29, 2024
Big story we just published on the Biden cyber legacy over the four years to which he was elected, with interviews largely conducted before his decision: Neuberger, Easterly, Coker and others. https://t.co/swCj1Rq6uD
— Tim Starks (@timstarks) July 29, 2024
In today's WTF?!?!? moment
— Sean Metcalf (@PyroTek3) July 29, 2024
When a ESXi server is domain-joined, it assumes any "ESX Admins" group & its members should have full admin rights.
So.... anyone who can create & manage a group in AD, can get full admin rights to the VMware ESX hypervisors!https://t.co/U3DiXHWQMR https://t.co/IuaxIsK3wf pic.twitter.com/8B1JS0VP1o
🧐Unveiling a hidden gem from the depths of our collection: the ECM Mark I! This groundbreaking machine, the Navy's first electric cipher device, paved the way for the legendary SIGABA.
— National Cryptologic Museum (@NatCryptoMuseum) July 29, 2024
This ECM Mark I has the rare adaptor, making it comparable to the ECM Mark II and SIGABA! pic.twitter.com/77rMxrNlfF
Exec at Ferrari gets a call from "CEO" asking about acquisitions. Exec realizes that this could be a voice clone & asks the "CEO" which book they just talked about, catching the attacker!
— Rachel Tobac (@RachelTobac) July 29, 2024
Thanks @FortuneMagazine for talking with me about AI voice clones.https://t.co/oxKnS6ZXvi
I wrote a new ELF virus - "House of Pain: A practical approach for an x86-64 ELF virus". It's based on the Text Segment Padding infection and common patterns found in x86-64 ELF binaries. No entry point or ELF headers are modified: https://t.co/nvn7UYhs5R @tmpout @vxunderground
— isra 🏴☠️ (@israleiva) July 30, 2024
Collaboration yields more vulnerabilities and typically higher severities! Go hang out with (internet) friends and hack together! https://t.co/UMA6qvFmoX
— Jobert Abma (@jobertabma) July 29, 2024
Here's the DEF CON 32 Aerospace Village badge, with ADS-B.https://t.co/Fy0AdPGTWh pic.twitter.com/5kdmkv1Ul4
— John Wiseman (@lemonodor) July 30, 2024
Hackers Exploited a PC Driving Sim to Pull Off Massive Disney Data Breach
A Disney employee downloaded what they thought was a safe add-on for video game BeamNG.drive, but it was anything but.
Seems it's a month of validation bugs, this time DNS and CA'shttps://t.co/PnI00vZzQE
— Daniel Cuthbert (@dcuthbert) July 30, 2024
I mean validate you own the domain right, with an _
_bobby.likes.to.watch.io
DNS CNAME records were created without the underscore. Only 0.4% they say
doh
Our Aussie Cyber Security Act is going to be interesting to watch unfold not just in it's initial form, but as it evolves over the years. IMHO, great steps forward, but let's look at those arguments against it https://t.co/zTs5Mkuw3M
— Troy Hunt (@troyhunt) July 29, 2024
Thread by @troyhunt on Thread Reader App – Thread Reader App
@troyhunt: Our Aussie Cyber Security Act is going to be interesting to watch unfold not just in it's initial form, but as it evolves over the years. IMHO, great steps forward, but let's look at those arguments...…
#infosuck https://t.co/OSYsNYqoxn pic.twitter.com/TQV9AckmdI
— thaddeus e. grugq (@thegrugq) July 30, 2024
Unburdened By What Has Been: Exploiting New Attack Surfaces in Radio Layer 2 for Baseband RCE on Samsung Exynos https://t.co/DcMNY0F1Bu
— Taszk Security Labs (@TaszkSecLabs) July 30, 2024
The Q2 issue of ThinkstScapes has just been released.
— Thinkst Canary (@ThinkstCanary) July 29, 2024
For this issue, we tracked dozens of conferences, over 1000 talks & ~980 blog posts.
Grab your PDF copy free¹ at https://t.co/4noer7v6GE (where you can listen to the audio summary too)
__
¹ No reg-wall. No pay-wall. pic.twitter.com/Bibgmbue2k
“It’s complicated”
On the situation in Mali:
— Zineb Riboua (@zriboua) July 29, 2024
It's important to first of all define the terms. Tuaregs are a large semi-nomad Berber group that adopted Islam in the 7th century. They adhere mostly to Sunni Maliki Madhhab, which explains their visits to Morocco to pay homage to Saints. They are… pic.twitter.com/N59mS6494A
