An interesting story from Jason Koehler (journalist at 404 media) on the bird site: “A Google contractor used admin privileges to access Nintendo's YouTube page and leaked the existence of Yoshi's Crafted World before Nintendo could announce it” - Jason. www.404media.co/google-contr...

Google Contractor Used Admin Access to Leak Info From Private Nintendo YouTube Video

The leak made its way to Reddit, which teased the release of a new Yoshi game in 2017.

In this video and open letter, Ivanti, a company that makes devices intended to be directly internet facing, says they’re finally adopting secure by design. 🤦🏻‍♂️🤦🏻‍♂️🤦🏻‍♂️🤦🏻‍♂️🤦🏻‍♂️🤦🏻‍♂️🤦🏻‍♂️🤦🏻‍♂️🤦🏻‍♂️🤦🏻‍♂️🤦🏻‍♂️ therecord.media/ivanti-secur...

Ivanti pledges security overhaul after multiple government breaches

“Events in recent months have been humbling, and I want you to hear directly from me about the actions we are taking to ensure we emerge stronger, and our customers are more secure,” said CEO Jeff Abb...

Xzbot: exploit demo for the xz backdoor (CVE-2024-3094)

I'm watching some folks reverse engineer the xz backdoor, sharing some *preliminary* analysis with permission. The hooked RSA_public_decrypt verifies a signature on the server's host key by a fixed Ed448 key, and then passes a payload to system(). It's RCE, not auth bypass, and gated/unreplayable.

AlphV, the hackers behind the ransomware attack on Change Healthcare that's snarled medical prescriptions nationwide, received a $22 million payment on March 1, visible on Bitcoin's blockchain. Change Healthcare won't tell me if it paid the ransom. www.wired.com/story/alphv-...

Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment

The transaction, visible on Bitcoin's blockchain, suggests the victim of one of the worst ransomware attacks in years may have paid a very large ransom.

It sucks that the fines for this type of stuff are so low.

If you run into bots or issues, I’m constantly going through and filtering the auto posting bot accounts. If there is something that’s annoying you in the fed - don’t hesitate to reach out!

“India: Damning new forensic investigation reveals repeated use of Pegasus spyware to target high-profile journalists.” securitylab.amnesty.org/latest/2023/... .

Interesting, thanks for sharing!

Curious what prompted this post?