PEAKS Newsletter No. 7
Hi there!
Welcome to this week's tech and security peaks! It's been quite an eventful period, with several critical security vulnerabilities coming to light. But don't worry, I've got you covered.
I've also discovered a collection of useful tools that I think you'll find interesting. To make it easier for you to navigate, I've organized them into subcategories based on their areas of application. This way, you can quickly focus on what matters most to you. In the Tech section, we're covering a diverse range of topics. From the latest in eBPF developments to exciting news in robotics and space exploration, there's something for everyone.
I hope you will enjoy it!
🛡️ Security & Privacy
- The Internet Archive's "Wayback Machine" experienced a data breach, compromising 31 million user records. Read more here.
- Mozilla disclosed a critical security vulnerability (CVE-2024-9680) in Firefox and Firefox ESR, which is being actively exploited. Users are urged to update immediately. More here and here.
- A security flaw (CVE-2024-43047) in Qualcomm's Digital Signal Processor affects numerous chipsets and is being exploited in the wild. More here and here.
- Lego's website was compromised to promote a fraudulent cryptocurrency token, targeting Lego enthusiasts. Read more here.
- Casio suffered a network breach, disrupting its systems and services. The Underground ransomware group claimed responsibility and leaked confidential documents. More here and here.
- Palo Alto Networks patched multiple vulnerabilities in their Expedition solution that could potentially lead to firewall hijacking. Read more here.
- GitLab addressed a critical vulnerability (CVE-2024-9164) that allowed running pipelines on arbitrary branches. More here.
- The GoldenJackal hacking group breached air-gapped government systems in Europe using custom malware to steal sensitive data. Worth reading here.
- A new iPhone mirroring feature in iOS 18 and macOS Sequoia poses potential privacy and security risks when used on work computers. Find out more here.
- Chinese hackers exploited backdoors in systems run by major U.S. internet service providers, originally created for law enforcement wiretaps. More here.
- An automated scanner is now available to detect devices vulnerable to the Linux CUPS RCE (CVE-2024-47176) vulnerability. More here.
- Mamba 2FA, a new phishing-as-a-service platform, targets Microsoft 365 accounts by bypassing multi-factor authentication. Cybercriminals can acquire the service for $250/month. Read more here.
- Microsoft's October 2024 Patch Tuesday addressed 118 security flaws, including five zero-days, with two being actively exploited. More here.
- MoneyGram reported a data breach where hackers stole customers' personal information and transaction data. More here.
- A 15-year-old discovered a critical bug in Zendesk that affected approximately half of all Fortune 500 companies. Read the full report here.
- Snapekit, a sophisticated rootkit targeting Arch Linux, has been identified.
🛠️ Tools
Cybersec
- Ax Framework - an open-source tool for cybersecurity professionals to work across multiple cloud environments, facilitating the creation of infrastructure for offensive security purposes.
- have i been pwned - a service to check if your email address has been compromised in a data breach.
- BigSearch - a browser extension enabling web searches through various engines, featuring Vimium-like interactions and additional useful functionalities.
- uBlock Origin (uBO) - an efficient content blocker for Chromium and Firefox, filtering ads, trackers, malware sites, and more.
- ebpfangel - a Linux ransomware detection tool using machine learning and eBPF.
- LisghtBeam.ai - a zero-trust solution for data protection.
Dev
- DeskPad - a Mac application that creates a virtual monitor for improved screen sharing, ensuring consistent display sizes for all participants.
- ActivityPub - a W3C-recommended decentralized social networking protocol based on ActivityStreams 2.0 data format.
- Dito - a Layer 7 reverse proxy server developed in Go.
- uLisp - a Lisp compiler for RISC-V, written in uLisp.
- Replicate - an AI platform for running, fine-tuning, and deploying open-source models via API.
- x.md - a CLI tool that executes shell scripts, JavaScript, and Python code from markdown files.
- boring - a command-line SSH tunnel manager written in Go.
- Swarm - an OpenAI framework for efficient, controllable, and testable agent coordination and execution.
- difftext - a simple tool for comparing text differences.
- PTXdist - a build system for creating firmware images.
- AOO - a lightweight peer-to-peer library for audio streaming and messaging.
- jazz - an open-source framework for developing local-first applications, simplifying backend and infrastructure complexity.
Startups
- Boringlaunch - a platform designed to enhance SEO and sales for AI startups.
- deformity - an AI-powered tool for creating interactive forms to increase response rates.
- mida - a lightweight A/B testing platform for websites.
- Senja - a free tool for collecting testimonials and case studies.
- bubble - a no-code platform for building full-stack applications.
- GummySearch - a tool for discovering business opportunities, validating solutions, and finding potential customers on Reddit.
- FLUX.1 - an open-source model for generating images.
🛸 Tech
- ASML maintains a monopoly on extreme ultraviolet lithography machines for advanced chip production. Foxconn is constructing a large facility in Mexico to manufacture Nvidia's GB200 superchips. More here.
- Kaspersky is closing its UK office and laying off staff. More here.
- SpaceX successfully caught a returning Starship booster using large "chopsticks" at the launch site, advancing rocket reusability. Read more here and watch here.
- If you like game design and Prolog this article is for you.
- And speaking of games, Asahi Linux, the Linux for Apple M1 chips, now has gaming support. Check it out here.
- Some negative views on Rust here.
- A great list of handful command line tools here.
- Meta has developed Movie Gen, a generative AI for creating movies, which shows promise but also raises concerns. Read more here.
- Read this article to find how do HTTP servers figure out Content-Length.
- Puppy Linux, a distribution that can run from RAM, review here.
- An update on gccrs, the Rust frontend to GCC, here.
- Some nice thoughts on practices of reliable software design here.
- Ziggy, a data serialization language in its incipient phase. Check it out here.
- Volvo is using Rust to implement firmware for low-power processor ECUs. More here.
- A new machine learning study introduces the Differential Transformer, aiming to improve large language models. More here.
- Engineering masterpiece - NASA made the Hubble telescope to be remade. More here.
- A 22-meter, 4.6-ton robotic arm will be used to grab fuel from a Fukushima Reactor. More here.
- China has the most powerful laser, emitting particles of sound instead of light. More here.
- An MIT research claims that AI is now able to recognize faces in inanimate objects. More here.
- A U-2 spy plane discovered that most tropical thunderstorms produce various forms of gamma radiation. More here.
- BPF Iterators. They are pretty useful. Read the documentation here.
- eBPF KFuncs documentation here. They are unstable, but may be the right tool for the right job.
- Also, a great summary of loops in BPF here.
- Get root with only a cigarette lighter here.
- Rust GPU - write and run GPU software in Rust.
- Bugs and quirks of the Windows resource compiler here.
- An analysis reveals cryptographic vulnerabilities in major end-to-end encrypted cloud storage providers. More here.
🏆 Misc
- Scientists who laid the groundwork for artificial intelligence have been honored with the Nobel Prize in Physics. More here.
- Conway's Game of Life is a cellular automaton zero-player game. More here and here.
- The Book of Kells, a stunning medieval manuscript, has been digitized and made available online. More here.
📩 Please feel free to share this article with colleagues and friends who will find it valuable.
Thanks for reading!
Have a great day!
Bogdan