***Kundeninfo*** Achtung ❗ Aktuell sind zahlreiche gefälschte SMS mit Links, die zu einer Schadsoftware führen, im Umlauf. Bei Erhalt solcher Nachrichten bitte diese sofort löschen und keinesfalls auf die Links klicken. Mehr dazu im Artikel! 👇🏼

medium.com/@frycos/pwning… Here it is: my blog post for a Pre-Auth RCE on the famous 3CX Phone Management System.

I need help with #virtualization. Are there any good writeups on how to customize recovery isos with dedicated drive and system configurations, so that they can be run smoothly as a virtual machine? Got the point that recovery has worked but execution is veeery slow! #vm #win10

Researchers at TU Graz publish #Æpic Leak and #SQUIP, two new attacks that exploit vulnerabilities in computer hardware. tugraz.at/en/tu-graz/ser…

Cracking 2.3M Attackers-Supplied Credentials: What Can We Learn from RDP Attacks gosecure.net/blog/2022/11/0…

Here's a link to the blog trufflesecurity.com/blog/email-gra…

It’s outdated software over and over again recordedfuture.com/continued-targ…

The First Amendment, freedom of the press, and the life of Julian Assange are at stake. On 20 January, join the @progintl for the fourth sitting of the #BelmarshTribunal. act.progressive.international/belmarsh-tribu…

New: we proved it could be done. I used an AI replica of my voice to break into my bank account. The AI tricked the bank into thinking it was talking to me. Could access my balances, transactions, etc. Shatters the idea that voice biometrics are foolproof vice.com/en/article/dy7…

.Jorgo Ananiadis 🪠 posted an assessment of the lacking HTTP security headers on xplain.sh - using it as tellsign for the poor security posture of #Xplain as a whole. x.com/JorgoA/status/… Let's look at this in detail - a 🧵.

N1aY y.

New #TunnelCrack flaw can break a large majority of VPNs: we can trick a VPN into leaking traffic outside the protected VPN tunnel. Our tests indicate that this is a widespread design issue. For a demo, more details, and the USENIX Security paper, see tunnelcrack.mathyvanhoef.com

Dropping #Downfall, exploiting speculative forwarding of 'Gather' instruction to steal data from hardware registers. #MeltdownSequel - Practical to exploit (POC/Demo) - Defeat all isolation boundaries (OS, VM, SGX) - Bypass all Meltdown/MDS mitigations. downfall.page

We've just published 'Smashing the state machine: the true potential of web race conditions' by James Kettle! Dive in to arm yourself with novel techniques & tooling, and help reshape this attack class: portswigger.net/research/smash…

Game-changing upgrade to AI today.

🚨NEW: Urging all organizations to review this guidance & take steps to reduce your risk to this widespread vulnerability.🙏Huge Thanks to The Boeing Company for providing key info for this advisory--a terrific example of operational collaboration in action: go.dhs.gov/oHd.

🧐 Recently, we found a GitHub vulnerability exposing private data. 😱 Now, a similar issue in Microsoft Azure DevOps (ADO) might be even worse. 🔓 Commits in Private Forks are actually Public! More details 👉 trufflesecurity.com/blog/you-can-a…

It is so overdue

Turn off all the mentioned services and block traffic to UDP 631, seems the avalanche is just in the beginning

Our talk at #BHEU is done! Hope you all enjoyed it. 😉 A detailed blog is on the way, but in the meantime, check out the pre-alpha website worst.fit for early access and the slides! Huge thanks to Black Hat and my awesome co-presenter splitline 👁️🐈‍⬛! 🐈‍