This could just be a really stupid format, put out by a specific application for creating PDFs, because the original authors didn’t want to pay Adobe (never attribute to malice, that which can be sufficiently explained with stupidity).

Does pdfinfo give any indication of the application used to create the document? If it chokes on the Java bit up front, can you extract just the PDF from the file and look at that? You might also dig through the PDF a bit using Dider Stevens 's Tools, looking for JavaScript or other indicators of PDF fuckery.

Does the file contain any other Java bytecode? If so, can you pass that through a decompiler?

would love it if attempts to reach the cloud could be trapped and recorded to a log file in the course of neutering the PDF.

This is possible, but it takes a bit of setup. In my own lab, I have PolarProxy running in one Virtual Machine (VM), using QEMU/KVM. That acts as a gateway between an isolated network and a network with internet access. It runs transparent TLS break and inspect on port 443/tcp and tcpdump capturing port 80/tcp. It also serves DNS using Bind.

There is then the “victim” VM which is running bog standard Windows 10. The PolarProxy root cert has been added to the Trusted Roots certificate store. The Default Gateway and DNS servers are hard coded to the PolarProxy VM. Suspicious stuff is tested on this system and all network traffic is recorded on the PolarProxy system in standard pcap format for analysis.

The diver probably has some food on him, which the stingray is trying to get.
I visited Stingray City in Grand Cayman a lot of years back. Part of the tour package was that they gave you small squid to feed to the stingrays, and they would climb up you, out of the water for that snack. Also, there were a lot of stingrays in the area. We were instructed to shuffle our feet as we walked, to avoid stepping on one. The swimmer in the picture only needed to hang out for a bit before one or more stingrays would have come over, looking for any handouts.

That said, the experience of Stingray City was absolutely worth it. Between that, and snorkeling at the barrier reef, I have a lot of fond memories of my time at Grand Cayman.

Can we follow this up by murdering most of the generic Top Level Domains (gTLD)? I have yet to see anything except spam and malware coming out of the .top domain.

so Recall snapshots will only be decrypted and accessible when the user authenticates.

So basically, they may as well not be encrypted. If the decryption key is always available to users, it’s always available to a script running in the context of the user. Things like Lumma Stealer are going to incorporate pulling this stuff, the minute it becomes mainstream.

Real Druids are kinda an unknown. We have writings about their practices and beliefs from Roman writers and much later Christian writers. The former were known to be exaggerate and just make shit up when it came to “barbarians” and the enemies of Rome. And the later were often working with incomplete knowledge and also making shit up. This was muddled further by 18th Century work which liked to make ancient cultures even more fantastical. And then you get all the Neo-Pagan revival crap which cast their own beliefs onto ancient cultures, such as the druids, which completely muddied the waters. The fact is, we don’t actually know a whole lot about the real Druids.

Ya, absolutely. My point was that, we shouldn’t assume that vendors are doing things right all the time. So, it’s important to have those layered defense, because vendors do stupid stuff like this.

This is a good example of why a zero trust network architecture is important. This attack would require the attacker to be able to SSH to the management interface of the device. Done right, that interface will be on a VLAN which has very limited access (e.g. specific IPs or a jumphost). While that isn’t an impossible hurdle for an attacker to overcome, it’s significantly harder than just popping any box on the network. People make mistakes all the time, and someone on your network is going to fall for a phishing attack or malicious redirect or any number of things. Having that extra layer, before they pop the firewall, gives defenders that much more time to notice, find and evict the attacker.

Also, Whiskey, Tango, Foxtrot Cisco?

Even worse that acquisition links back to the Embracer Group. Hopefully KC:D 2 makes it out the door before Embracer full fucks up Warhorse.

Seen this one in my work environment. Confusing as heck the first time. It looks like explorer.exe in the context of the local user starts PowerShell.exe with a command line involving an Invoke-WebRequest piping the download into an Invoke-Expression (usually the shorter iex alias). No .lnk or .js file involved. Just explorer, PowerShell, infected.

Ya, in fairness to MS, Windows XP was a good release (post SP1, like most “good” MS releases). But, the fact is that MS is going to push the latest version, regardless of how ready it is for use. MS was hot for folks to switch to Windows ME. And holy fuck was that a terrible OS. MS also did everything short of bribery to get folks to switch to Vista (anyone remember Windows Mojave?). The “upgrade, or else” mantra has always been their way. Not that I blame them too much, it does need to happen. It just sucks when the reason for the new OS is more intrusive ads and user tracking.

Many years ago, I attended a Windows XP launch event. The Microsoft presenter had the perfect line to describe how MS views this:
“Why should you upgrade to Windows XP? Because we’re going to stop supporting Windows 98!”

This was said completely unironically and with the expectation that people would just do what MS wanted them to do. That attitude hasn’t changed in the years since. Win 10 is going to be left behind. You will either upgrade or be vulnerable. Also, MS doesn’t care about the home users, they care about the businesses and the money to be had. And businesses will upgrade. They will invariably wait to the last minute and then scramble to get it done. But, whether because they actually give a shit about security or they have to comply with security frameworks (SOX, HIPAA, etc.), they will upgrade. Sure, they will insist on GPOs to disable 90% of the Ads and tracking shit, but they will upgrade.

WeChat’s software has security issues? Color me shocked. Shocked, I tell you.
Well, not that shocked.

Also:

WeChat’s custom encryption protocol

Don’t do that

It’s a mobile game, with Tencent involved. Was there ever any question it was going to be a soulless cash-grab?

Even beyond the idea of CEOs acting in the financial interest of shareholders, the whole premise of “trickle down” is faulty. Businesses do not hire or raise wages just because they have money. The only reason for a business to hire is because they have work which needs to get done and they cannot get it five with their current workforce. No matter how flush with cash they are, they aren’t going to hire unless they have extra work or they anticipate having extra work. The same with raising wages. Unless they cannot hire the people they need or they need to retain certain workers, wages are not going up.

Money “trickles up”. When consumers have money, they spend it and it goes into businesses and the pockets of shareholders. In order to keep the velocity of money up, those shareholders need to be taxed to get that money moving again. And the tax cuts for the rich break that cycle.

I’ve always been highly introverted. And I struggled with talking to strangers. So, I set myself a goal of getting better at it and started forcing myself to talk with people more. I sucked at it and probably left a lot of people thinking I was some creepy weirdo. But, I got better the more I practiced. I’m still not fantastic at it, but I can generally initiate and maintain a conversation with a random stranger, without coming off too terribly. Like most skills in life, it takes practice and a lot of failure before you can rise to the level of not sucking at it.

What is your tolerance for tinkering? One option, which would give you a lot of control and flexibility over the printer would be to build a Voron. It’s tough to get more “open source” than a fully open source design. The 2.4 is also a CoreXY design and should cover just about everything you want.

Pretty sure that BambuLabs is misses on the requirement:

I want something as open source as possible that doesn’t phone home, and ideally not made in China.

If MDE is a “leader”, the metric must not have any sort of “actually gets the job done” measurement.

Defender seems to do a lot of alerting well after the attack was already successful. And the interface for analysts seems designed to hide information and make investigations far harder than they should be.

I’ll give them that Advanced Hunting is actually good. But, that gets gimped a bit by the UI being less about presenting data and more about a consistent look and feel. Said “look and feel” being, “look at all this screen real estate we’re wasting. Doesn’t this make you feel rage at the designer?”

And then settings and configuration is a nightmare of “which MS portal is this hiding in?” Between Azure, Intune and whatever the fuck “XDR” is supposed to cover, you’re lucky if you can find your ass with both hands.

So ya, not sure if Gartner is measuring anything other than, “gave us a bunch of money”. 'Cause, holy shit, I would choose Defender for any Endpoint.

Unless and until companies are held truly accountable for releasing stuff with this bad of security baked in, we’re going to keep seeing this sort of story.

Someone is trying to re-create the virus from Snow Crash