-
Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability
What is the Vulnerability?Microsoft Windows contains an NTLMv2 hash spoofing vulnerability (CVE-2024-43451) that could result in disclosing a user’s NTLMv2 hash to an attacker via a file open operation. The attacker can leverage this hash to impersonate that user with minimal interaction from the victim. This vulnerability (CVE-2024-43451) has been added to CISA’s Known Exploited…
-
Friday Squid Blogging: Female Gonatus Onyx Squid Carrying Her Eggs
Fantastic video of a female Gonatus onyx squid swimming while carrying her egg sack. An earlier related post. Blog moderation policy. Read More
-
Palo Alto Networks Confirms New Zero-Day Being Exploited by Threat Actors
The security provider has elevated its warning about a vulnerability affecting firewall management interfaces after observing active exploitation Read More
-
dotnet9.0-9.0.100-1.fc40
FEDORA-2024-70cf80279f Packages in this update: dotnet9.0-9.0.100-1.fc40 Update description: This is the .NET 9.0 GA release. It contains security fixes for CVE-2024-43498 and CVE-2024-43499 Announcement: https://devblogs.microsoft.com/dotnet/announcing-dotnet-9/ Release Notes: https://github.com/dotnet/core/blob/main/release-notes/9.0/9.0.0/9.0.0.md Read More
-
Bitfinex Hacker Jailed for Five Years Over Billion Dollar Crypto Heist
Ilya Lichtenstein hacked into the cryptocurrency exchange in 2016 and stole around 120,000 bitcoins Read More
-
watchTowr Finds New Zero-Day Vulnerability in Fortinet Products
The new vulnerability was named “FortiJump Higher” due to its similarity with the “FortiJump” vulnerability discovered in October Read More
-
Good Essay on the History of Bad Password Policies
Stuart Schechter makes some good points on the history of bad password policies: Morris and Thompson’s work brought much-needed data to highlight a problem that lots of people suspected was bad, but that had not been studied scientifically. Their work was a big step forward, if not for two mistakes that would impede future progress…
-
USN-7089-6: Linux kernel vulnerabilities
Chenyuan Yang discovered that the USB Gadget subsystem in the Linux kernel did not properly check for the device to be enabled before writing. A local attacker could possibly use this to cause a denial of service. (CVE-2024-25741) Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise…
-
Ransomware Groups Use Cloud Services For Data Exfiltration
SentinelOne described some of ransomware groups’ favorite techniques for targeting cloud services Read More
-
O2’s AI Granny Outsmarts Scam Callers with Knitting Tales
Post Content Read More