We have extended the Call for Participation (CFP) and Call for Villages (CFV) deadline to Tuesday, January 7!
Call for Participation: https://t.co/4le12oHytO
Call for Villages: https://t.co/pFAYb9gXCE
#bsidessf2025#bsidessf#infosec#cybersecurity
Today, we pause to remember the lives lost, the bravery shown, and the strength found on September 11th. Let us reflect on the resilience of our communities and continue to strive for a safer, united future.
We will never forget. #September11#PatriotDay#Unity
Ever wonder why people in 2024 still use on-prem services? It's simple: someone who generated a rogue <token> can't access your confidential files, emails, contacts, internal services, or machines from anywhere in the world
#DuckingTokens
🚨POC RELEASED🚨CVE-2024-0044: a "run-as any app" high-severity vulnerability affecting Android versions 12 and 13👇
"CVE-2024-0044, identified in the createSessionInternal function of the PackageInstallerService[.]java file, is a high-severity vulnerability affecting Android versions 12 and 13.
This vulnerability allows an attacker to perform a "run-as any app" attack, leading to local escalation of privilege without requiring user interaction. The issue arises due to improper input validation within the createSessionInternal function.
An attacker can exploit this by manipulating the session creation process, potentially gaining unauthorized access to sensitive data and performing unauthorized actions on the affected device"
I created a @TheDFIRReport Assistant GPT that answers questions related to our reports. It will also tailor the responses based on the user’s expertise level!
Let me know if any issues or if you want to see anything specific and I’ll train it further 🙂
https://t.co/9zRnpibZVm
The SEC litigation against Solarwinds is going to do more to advance security than another decade of breaches would.
CISOs are often beaten into submission under threat of losing their jobs. The SEC gave them the holy hand grenade to fight back against any pressure to mislead.
The CVSS Special Interest Group is proud to announce the official release of CVSS v4.0 - https://t.co/xxaoQ2iMjF. This latest version of CVSS seeks to provide all users with the highest fidelity vulnerability assessment.
#FIRSTdotOrg#CVSS#BuildingTrust#PSIRT#CSIRT
#OSINT Tip:
Did you know you can recover scrubbed metadata from a PDF that wasn't scrubbed properly?
The changes are incremental, and the history is stored in the PDF.
This command removes the "updates" to the PDF metadata:
exiftool -PDF-update:all= file.pdf
SERVICE UPDATE | Today, Twitter has revoked our access to their authentication API. The impact is submissions to the https://t.co/x0TWKNn9PP platforms cannot be made. We are urgently working to find a different authentication method. Please bear with us - we'll update again once we're up and running.
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible
#suplychain#malware#northkorea#3cx
https://t.co/aw2uJjNBFQ