A few days ago we were alerted to Roblox 'cheaters' (we're using that term loosely) being impacted by malicious code in their 'cheat tool'.

tl;dr malicious script is malicious

The tool being used by Roblox nerds, Wave Executor, executes scripts. In the event a user… pic.twitter.com/InpGCM8iWP

— vx-underground (@vxunderground) July 29, 2024

Microsoft has uncovered a vulnerability in ESXi hypervisors, identified as CVE-2024-37085, being exploited by threat actors to obtain full administrative permissions on domain-joined ESXi hypervisors and encrypt critical servers in ransomware attacks. https://t.co/7NUvHGrzXM

— Microsoft Threat Intelligence (@MsftSecIntel) July 29, 2024

The value of ‘wasting time’ on deep thinking is often overlooked in a scientific ecosystem increasingly tainted by Wall Street’s productivity mindset.https://t.co/hNTA74DNOr pic.twitter.com/XRwlAUHCsn

— Gustavo Monasterio O. (@gamonasterioo) July 29, 2024

This declassified UK Ministry of Defence study (1985) discusses the possibility of taking over command & control of Soviet recon satellites and covertly using Soviet communications satellites pic.twitter.com/qFGzWrAjhd

— Aaron Bateman (@aaronbateman22) July 29, 2024

Stay tuned for our latest research! pic.twitter.com/1TSdmN4elJ

— zhiniang peng (@edwardzpeng) July 29, 2024

Big story we just published on the Biden cyber legacy over the four years to which he was elected, with interviews largely conducted before his decision: Neuberger, Easterly, Coker and others. https://t.co/swCj1Rq6uD

— Tim Starks (@timstarks) July 29, 2024

In today's WTF?!?!? moment

When a ESXi server is domain-joined, it assumes any "ESX Admins" group & its members should have full admin rights.

So.... anyone who can create & manage a group in AD, can get full admin rights to the VMware ESX hypervisors!https://t.co/U3DiXHWQMR https://t.co/IuaxIsK3wf pic.twitter.com/8B1JS0VP1o

— Sean Metcalf (@PyroTek3) July 29, 2024

🧐Unveiling a hidden gem from the depths of our collection: the ECM Mark I! This groundbreaking machine, the Navy's first electric cipher device, paved the way for the legendary SIGABA.

This ECM Mark I has the rare adaptor, making it comparable to the ECM Mark II and SIGABA! pic.twitter.com/77rMxrNlfF

— National Cryptologic Museum (@NatCryptoMuseum) July 29, 2024

Exec at Ferrari gets a call from "CEO" asking about acquisitions. Exec realizes that this could be a voice clone & asks the "CEO" which book they just talked about, catching the attacker!
Thanks @FortuneMagazine for talking with me about AI voice clones.https://t.co/oxKnS6ZXvi

— Rachel Tobac (@RachelTobac) July 29, 2024

I wrote a new ELF virus - "House of Pain: A practical approach for an x86-64 ELF virus". It's based on the Text Segment Padding infection and common patterns found in x86-64 ELF binaries. No entry point or ELF headers are modified: https://t.co/nvn7UYhs5R @tmpout @vxunderground

— isra 🏴‍☠️ (@israleiva) July 30, 2024

Collaboration yields more vulnerabilities and typically higher severities! Go hang out with (internet) friends and hack together! https://t.co/UMA6qvFmoX

— Jobert Abma (@jobertabma) July 29, 2024

Here's the DEF CON 32 Aerospace Village badge, with ADS-B.https://t.co/Fy0AdPGTWh pic.twitter.com/5kdmkv1Ul4

— John Wiseman (@lemonodor) July 30, 2024

Seems it's a month of validation bugs, this time DNS and CA'shttps://t.co/PnI00vZzQE

I mean validate you *own* the domain right, with an _

_bobby.likes.to.watch.io

DNS CNAME records were created without the underscore. Only 0.4% they say

doh

— Daniel Cuthbert (@dcuthbert) July 30, 2024

Our Aussie Cyber Security Act is going to be interesting to watch unfold not just in it's initial form, but as it evolves over the years. IMHO, great steps forward, but let's look at those arguments *against* it https://t.co/zTs5Mkuw3M

— Troy Hunt (@troyhunt) July 29, 2024

#infosuck https://t.co/OSYsNYqoxn pic.twitter.com/TQV9AckmdI

— thaddeus e. grugq (@thegrugq) July 30, 2024

Unburdened By What Has Been: Exploiting New Attack Surfaces in Radio Layer 2 for Baseband RCE on Samsung Exynos https://t.co/DcMNY0F1Bu

— Taszk Security Labs (@TaszkSecLabs) July 30, 2024

The Q2 issue of ThinkstScapes has just been released.

For this issue, we tracked dozens of conferences, over 1000 talks & ~980 blog posts.

Grab your PDF copy free¹ at https://t.co/4noer7v6GE (where you can listen to the audio summary too)

__
¹ No reg-wall. No pay-wall. pic.twitter.com/Bibgmbue2k

— Thinkst Canary (@ThinkstCanary) July 29, 2024

On the situation in Mali:

It's important to first of all define the terms. Tuaregs are a large semi-nomad Berber group that adopted Islam in the 7th century. They adhere mostly to Sunni Maliki Madhhab, which explains their visits to Morocco to pay homage to Saints. They are… pic.twitter.com/N59mS6494A

— Zineb Riboua (@zriboua) July 29, 2024