@darryl_ramm did I mention the part about the supporting attachment being literally a product brochure and the submitter being VP Marketing? These guys crack me up.

@benjojo @brown I don't judge.

Day in the life of a Black Hat reviewer

submission #37/219: Here's 2 years of work in which we pwned several Internet exchanges and ISPs, spent 6 mos coordinating disclosure w/ 16 vendors, and a completed 40 slide deck & full whitepaper.

#38: Cybersecurity is a serious concern to CEOs nowadays…

This week saw a scramble to save the CVE Program after federal funding was set to expire. The program's long-term future remains unclear. @lhn dives in.

https://www.wired.com/story/cve-program-cisa-funding-chaos/

NEW: U.S. Treasury officials say the department was hacked in early December by Chinese government hackers, which gained remote access to workstations and obtained unclassified documents.

More + Treasury's letter to lawmakers, which we've published: https://techcrunch.com/2024/12/30/us-treasury-says-china-stole-documents-in-major-cyberattack/

Grab some coffee, it's ~ this week in security ~

• Cleo software hit by zero-day hacks
• China spying on calls of senior US politicians
• DOJ has a busy week indicting North Korean IT workers
• SEC's cyber disclosure rules are a hot mess
• Yahoo Paranoids loses 25% of staff this year
• Krispy Kreme hacked; Rhode Island, too.
• Plus: brand new cyber cat, the happy corner and more.

Sign up/RSS: https://this.weekinsecurity.com

Read online: https://mailchi.mp/weekinsecurity/this-week-in-security-december-15-2024-edition

Support/donate: https://ko-fi.com/thisweekinsecurity

@sfringer what a good dog

Leopold wishes you a happy Saturday.

@AlexandreSieira appreciate it.

@AlexandreSieira same on BlueSky. I'm not sure how (or even if) mods on Fedi take abuse reports, if you don't mind sharing on DM the account I'll try to report it.

@petrillic well GoDaddy screwed me so this was my least terrible bad option. But make no mistake, stuffing and copious pie is on the menu later.

Why yes, yes I am setting up DKIM & DMARC records on the horrific platform that is Google Workspaces on Thanksgiving morning. As one does.

Popped up on my phone today. Sebastian about 4 years ago.

🚨 Timeline cleanse.

You didn't know you needed a baby goat cliff rescue story, but you do.
https://www.hawaiinewsnow.com/2024/11/08/good-samaritans-rescue-baby-goat-stranded-west-oahu-cliff-4-days/

We affectionately refer to this as her spatchcock repose.

In 2020, as a green carder, I couldn't yet vote. Today, as a new U.S. citizen, I can — and did.

@saskboy are you new to the internet?
https://archive.is/2024.10.20-201207/https://www.wired.com/story/plaintext-you-can-now-see-the-code-that-ended-apartheid/

AI Flame Graphs: Showing what's actually running on the HW and how we got there. Uses Intel EU stall profiling and eBPF. https://www.brendangregg.com/blog/2024-10-29/ai-flame-graphs.html

[Lessie Benningfield Randle, one of the last known living survivors of the 1921 Tulsa Race Massacre, cast her ballot for Kamala Harris in the 2024 presidential race. She turns 110 on Nov. 10.]