Trump now owns the RNC. The GOP Fascist Party is in full swing.
Via NYT—Donald #Trump will attend a high-dollar fund-raising dinner in Palm Beach, Florida, on Saturday that is expected to raise at least $25 million for a new joint fund-raising account for Trump’s presidential campaign, the #RNC and roughly 40 state parties.
I'll take a stab at it even though I'm a C# programmer and say that the malloc statement raises red flags and that there is no validation or escaping of the input string.
This is a terrifying and sobering write-up by Retool on so many levels. It's about about a recent spear-phishing via SMS attack on employees, followed by voice phishing attack that deepfaked an employee's voice.
Retool said just one of its employees fell for it, which is of course all it takes. Here's the scary part:
"The voice was familiar with the floor plan of the office, coworkers, and internal processes of the company. Throughout the conversation, the employee grew more and more suspicious, but unfortunately did provide the attacker one additional multi-factor authentication (MFA) code.
The additional OTP token shared over the call was critical, because it allowed the attacker to add their own personal device to the employee’s Okta account, which allowed them to produce their own Okta MFA from that point forward. This enabled them to have an active GSuite session on that device. Google recently released the Google Authenticator synchronization feature that syncs MFA codes to the cloud. As Hacker News noted, this is highly insecure, since if your Google account is compromised, so now are your MFA codes.
Unfortunately Google employs dark patterns to convince you to sync your MFA codes to the cloud, and our employee had indeed activated this “feature”. If you install Google Authenticator from the app store directly, and follow the suggested instructions, your MFA codes are by default saved to the cloud. If you want to disable it, there isn’t a clear way to “disable syncing to the cloud”, instead there is just a “unlink Google account” option. In our corporate Google account, there is also no way for an administrator to centrally disable Google Authenticator’s sync “feature”. We will get more into this later."
Justice Elena Kagan must be rolling her eyes so hard right now. She once told her friends not to send her free bagels and lox because she'd have to report the gift.
Meanwhile, Clarence Thomas is a one-man pay-to-play shop for billionaires with private jets and luxury vacas.