HAPPY INDEPENDENCE DAY TO YE ALL! Yaaaaaaaarrrrrrr!

CaptainBlackbeard Radio invites ye, to an audio psychedelic four dimensional three hour tour. For the most dramatic, exciting and captivating political story ever told! With some of the greatest performances in CaptainBlackbeard Radio history.

In this broadcast, we explore America on it’s finest day, American elections and just how far can they bend?

*This article was initially a note but I decided to move it here.

Hertzbleed definitely looks like the latest entry in the security racket, it always goes the same way:

• Find some unremarkable side channel. Bonus points if it’s something that’s always been known but nobody cared about (Spectre, BadUSB).
• Try your luck with the USENIX reviewers. After enough attempts, you’ll probably get lucky enough when you get a dumb enough panel to accept your quite unremarkable paper.
• As soon as you get the acceptance notice, buy a custom domain and hire a graphic designer (or five, preferably Jony Ive being one of them) for a “cool” logo.

I had some more-than-usual free time lately so I’ve been watching a lot of movies. Below are just the ones that got on the list of my favorite movies, the names of the others will be forgotten.

By the way, if you were impressed (just like I was) by Maxim Munzuk, the actor that plays Dersu Uzala, you should really read this 4-part article by his daughter, Svetlana Munzuk, (part 1, part 2, part 3, part 4).

Life can’t be stopped, that means that time can’t be stopped either. The saying - a time for everything - is not in vain. It really is like that: everybody is born in his own time and lives in his own times. Maxim Munzuk

MERRY 4/20 TO YE ALL! Yaaaaaaaarrrrrrr!

The Unclean Serene Unseen Offscreen Obscene Is In Episode Fourteen!

THE FINEST SOUNDS AROUND FROM THE UNDERGROUND

IT BE THE END OF THE WORLD!

CaptainBlackbeard Radio invites ye, to an audio psychedelic four dimensional three hour tour. The entire world shutters and braces itself, facing the most horrifying species extinction level crisis imaginable. Missiles are currently in the air, in Episode 14!

In this broadcast, we explore Modern War in the 21st Century.

1. You will need Android Studio, make sure you download the ARM version. Yes, we all hate Google.

2. Open Android Studio and create a device using an API level that is supported by modern applications (for example Pixel 2, API 32, arm64-v8a architecture), or leave the default device (Pixel_3a_API_32_arm64-v8a).

3. Launch the emulator using your device name (that you specified in the step above, remember to replace YOUR_USER with your actual macOS username; in my case, the username is the name of my pet horse, Twinkles; just kidding, that’s the name of my pet fish, my pet horse is named Fondue):

$ cd /Users/YOUR_USER/Library/Android/sdk/emulator
$ ./emulator -avd Pixel_3a_API_32_arm64-v8a -writable-system

This article might look like an ad but trust me, it’s not. I suggest you stick around until the end of the article, there will be a small-ish surprise.

In case you’re not familiar with Cellebrite, they are an Israeli digital intelligence company that provides tools for federal, state, and local law enforcement as well as enterprise companies and service providers to collect, review, analyze and manage digital data.

Cellebrite UFED 4PC is a universal hardware and software package for forensic research that makes it possible to extract, decode and analyze digital data obtained from mobile devices on an existing PC or laptop. The complex is delivered with a set of UFED applications, peripherals and accessories necessary for successful research. UFED 4PC can work both independently and with third-party software.

Earlier today we got a hint that a new Spring Core RCE might be available, well, now it’s confirmed. Additional info (PDF file, in Chinese by original author).

Vulnerability impact

• JDK version 9 and above.
• uses Spring Framework or derivative framework.

Bug fixes

At present, the Spring maintainers have not released a patch and it is recommended to use a lower JDK version as a temporary solution.

PoC (download)

Lapsus$ is back and on fire, today we got a new leak today with Globant.com admin credentials and a 70GB torrent from Globant customers. Keep in mind that no torrent files are hosted on this website.

Globant is an IT and Software Development company operating in Argentina, Colombia, Uruguay, the United Kingdom, Brazil, the United States, Canada, Peru, India, Mexico, Chile, Costa Rica, Ecuador, Spain, France, Germany, Romania and Belarus. It was formed in 2003 by Martín Migoya, Guibert Englebienne, Martín Umaran and Néstor Nocetti. It was founded in Buenos Aires, but currently is headquartered in Luxembourg and principally serves clients in the United States and United Kingdom.

Original messages from Lapsus$ Group are below.