It's hard to believe that this story is true, but then again - I wouldn't be surprised.

https://twitter.com/SchizoDuckie/status/1474087696247279626

Twitter

🦆 SchizoDuckie 🦆

Thread: (1/8) @Belastingdienst gave me the go-ahead to share the story of how the Lamest Hacker You Know***®*** received this epic #ResponsibleDisclosure award from them. Looking back on it I don't think I can tell it any better than this chat log interaction,…

What hackers don’t want you to know

? Still using voice assistants? Ever wonder what data they collect and persist? Here's a hint: everything. This data privacy blogger requested their data from Amazon and it had among others: precise location, a list of all contacts and audio recordings of all her requests to Alexa.

? https://www.tiktok.com/@my.data.not.yours/video/7002745932064230662

? https://www.mirror.co.uk/news/weird-news/woman-finds-amazon-thousands-recordings-25240984

?⚠️ Apple's new iOS v14.8 contains security fixes for vulnerabilities found by Citizen Lab in CoreGraphics and WebKit. Since exploits were found in the wild, it is highly recommended to update ASAP.

https://9to5mac.com/2021/09/13/apple-says-ios-14-8-patches-iphone-attack-that-defeated-blastdoor-protections/

9to5Mac

Apple says iOS 14.8 patches iPhone attack that defeated Blastdoor protections

Apple has published a full support document detailing what’s new in iOS 14.8, watchOS 7.6.2, iPadOS 14.8, and macOS Big Sur 11.6. Apple says that the updates address security vulnerabilities that “may have been actively exploited in the wild.” Update: Citizen…

#FridaySecurity

? I love these stories when a regular due diligence on a device security turns into a complete train wreck. A simple device that counts the passing by people to measure building occupancy turned into a wide-open welcoming gateway for everybody.

Just take a look, it gets worse and worse: https://threadreaderapp.com/thread/1357296455615197184.html

#FridaySecurity

Threadreaderapp

Thread by @OverSoftNL on Thread Reader App

@OverSoftNL: Infosec fail thread: So, in the last couple of weeks I've been looking into a product we were thinking of offering to our customers. This time, we were looking into the FootfallCam 3D plus. A...…

⚠️ Wow, that's a big one (CVE-2021-3156): escalation of privilege in sudo (‼️) through a buffer overflow. Almost everyone's affected, any local user can elevate to root.

Affected versions:? All legacy versions from 1.8.2 to 1.8.31p2
? All stable versions from 1.9.0 to 1.9.5p1

To test if your system is vulnerable or not, login to the system as a non-root user.
Run command sudoedit \-s /If the system is vulnerable, it will respond with an error that starts with sudoedit:If the system is patched, it will respond with an error that starts with usage:More details: https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

Qualys Security Blog

CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit) | Qualys Security Blog

Update Feb 3, 2021: It has been reported that macOS, AIX, and Solaris are also vulnerable to CVE-2021-3156, and that others may also still be vulnerable. Qualys has not independently verified the…

#FridaySecurity

So the recent leak of Windows source code is confirmed, in fact the sources were for Windows XP SP1 and Windows Server 2003. This is huge for the community and I believe will in the end be beneficial to Microsoft's OS business itself.

A twitter user https://twitter.com/ntdev_ published a youtube tutorial on how to compile it, which was shortly taken down by copyright claims from Microsoft.

The video however is available and could be downloaded via torrent using this magnet link: magnet:?xt=urn:btih:7c370b5e00b91b12fc02e97bacdca24306dc12b5