Google has introduced Kernel Address Sanitizer (KASan) to enhance the security of Android firmware. KASan is designed to detect memory corruption vulnerabilities and stability issues before they affect user devices. It works by monitoring memory access operations to ensure they only target valid regions, identified in a shadow memory area. This tool has already helped identify and fix over 40 memory safety bugs in Android firmware. KASan is particularly useful for bare-metal targets, requiring specific compiler options and strategies to implement effectively. It's part of Google's efforts to address the security challenges posed by the vast number of Android devices and the fragmented ecosystem that makes vulnerability patching difficult.
Ormai gli amministratori che hanno a che fare con questa storia stanno iniziando a pensare che gli sviluppatori li stiano prendendo per il culo… e non posso fare altro che empatizzare: questa è proprio la cosa che io, da developer, farei per trollare eventuali sysadmin, che dovrebbero poi correre appresso al mio eventuale codice mal scritto, in un programma che dal nulla gli fa uscire a sorpresa in home in color rosso sangue “Aggiornamento critico di sicurezza disponibile!“, ma non offre purtroppo nessuna funzione di aggiornamento con 1 click (al contrario di robe come WordPress). 🦧
Purtroppo, scherzi e #lagne a parte, è una cosa specialmente #brutta perché, se in Mastodon si stanno trovando così tante #falle, chissà in piattaforme #fedi meno popolari e quindi meno controllate e testate… a meno che non sia un caso di impigrimento dei dev, ma su questo non posso fare grandi #ipotesi. 😩
A popular file transfer software from Fortra called GoAnywhere Managed File Transfer (MFT) has been found to have a serious security flaw. This flaw, known as a path traversal weakness, could give anyone free administrator rights over the system. The flaw was discovered in December 2023 by cybersecurity researchers Mohammed Eldeeb and Islam Elrfai from Spark Engineering Consultants and disclosed to GoAnywhere’s developer, Fortra. The flaw has a severity score of 9.8 out of 10, making it extremely critical. Users are urged to patch the software immediately to prevent potential misuse and avoid further issues.
NVDA double release day! NVDA 2023.3.2 fixes the fix that wasn’t fully fixed in the first fix. Please do read the full announcement and download at: https://www.nvaccess.org/post/nvda-2023-3-2/
And to go with it, NVDA 2024.1 Beta 5 includes the fix from 2023.3.2, as well as documentation, logging and translation updates! Read more and download from: https://www.nvaccess.org/post/nvda-2024-1beta5/
Not content to only improve various shortcomings of the Saturn version of Castlevania: Symphony of the Night, Meduza Team updated their patch to include English text and voices! Read about it in my story:
There is a new remote code execution vulnerability in Splunk that has been recently disclosed. It has a CVSS score of 8.8/10 and is currently tracked as CVE-2023-46214.
My #InfoSec friends, for years I have given these three recommendations to end users as my top tips for security. Do you have any others that you use as your top three instead?
#Patch all your devices when patches are available.
Use #MFA - any kind, even SMS, is better than nothing, but an authenticator app or hardware token (like a yubikey) is even better.
Use a #PasswordManager to generate and store unique passwords for every account. I personally use 1Password, but there are other good ones out there.
A vaccine delivered with a patch device is shown in a clinical trial to generate neutralizing antibodies against measles and rubella similar to conventional injections.
We would have liked to have gotten it perfect with regards to recovering data. The remaining issue is that it won't mark the file as dirty if it fixes it, so you'll have to save as or modify the document and save as normal.
Hey everyone, Back into the ruthless darkness of war! We’re so excited to see you on the frontlines in Patch 14.5! Battle on the dusk time variant of El Alamein which requires you to adapt to new dynamics — dusk lighting conditions sees the map permeated with fog — paving the way for different approaches to becoming the...
Here's a look at the newest track from Metaphysical Shitposting! This one was entirely modular/semi modular gear. #MiniBrute2s on one voice, 0-Coast (thru Strega) on one, #Strega doing an intermittent drone and a final voice that was made with noise thru a bandpass filter (WMDevices #C4RBN filter) that then goes thru a flanger (Happy Nerding FX Aid XL).
Delay via Mimeophon; reverb via Desmodus Versio. Both routed via mixer's aux sends.
Hell Let Loose - Patch 14.5 Releases Today at 2pm GMT! - Steam News (store.steampowered.com)
Hey everyone, Back into the ruthless darkness of war! We’re so excited to see you on the frontlines in Patch 14.5! Battle on the dusk time variant of El Alamein which requires you to adapt to new dynamics — dusk lighting conditions sees the map permeated with fog — paving the way for different approaches to becoming the...