>We used a Google Ads pre-registration campaign to get installs for our app. We paid for 16,171 conversions. We only received 1,371 installs.

Not a great outcome:
https://andreaskambanis.com/google-play-store-pre-registration-campaigns/

A neat information leak in browsers that support mDNS-based hostname resolution. The demo brute forces common names + device prefixes/suffixes, but this can be abused for a dozen other things (do you have a specific IoT device on your network? do you use Meraki? etc):
https://fingerprint.com/blog/apple-macos-mdns-brute-force/

A great analysis of resident key challenges with UAF: https://fy.blackhats.net.au/blog/2023-02-02-how-hype-will-turn-your-security-key-into-junk/

PSA: If you are using AWS Aurora PostgreSQL 15.2 on aarch64 (r6g, etc) your servers may randomly abort with `PANIC: queueing for lock while waiting on another one`: https://github.com/postgres/postgres/blob/f4c00d138f6dea4c9d8af8ec280b7edc9b0a29e1/src/backend/storage/lmgr/lwlock.c#L1074

Google Domains is shutting down after selling the business to Squarespace... any great registrar recommendations? https://9to5google.com/2023/06/15/google-domains-squarespace/

Congrats to the Gandi investors on their sale. Thanks for posting such a comprehensive list of price increases too! https://www.gandi.net/static/documents/2023-july-usd-renew-price-increase.pdf

Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away:
https://arstechnica.com/information-technology/2023/06/hackers-can-steal-cryptographic-keys-by-video-recording-connected-power-leds-60-feet-away/

I love these kinds of attacks. Via @dangoodin at @arstechnica

This #reconmtl talk by Ang Cui looks epic: Ice Ice Baby: Coppin' RAM With DIY Cryo-Mechanical Robot https://cfp.recon.cx/2023/talk/HCJHBW/

(coverage at https://www.theregister.com/2023/06/09/cold_boot_ram_theft/ by @thomasclaburn)

A little cheeky of PrinterLogic to warn against PrintNightmare vulnerabilities after this savage thrashing on full-disclosure: https://seclists.org/fulldisclosure/2023/May/16

Shodan is only showing ~15 on the internet at least: https://www.shodan.io/search?query=title%3Aprinterlogic

The @runZeroInc query is similar: https://console.runzero.com/inventory/services?search=_asset.protocol%3Ahttp%20protocol%3Ahttp%20%28html.title%3A%3D%22Printer%20Logic%22%20OR%20favicon.ico.image.md5%3A%3Dab2fc8886bfbf3e986f8015539d29736%29

hat tip to @campuscodi for flagging at https://riskybiznews.substack.com/p/risky-biz-news-iranian-hacktivists (and @riskydotbiz for the mention)

Fun times this week coming up with a @runZeroInc query for the actively-exploited MOVEit SQL injection vulnerability:
https://www.runzero.com/blog/finding-moveit-file-transfer-services/

#MOVEit #CVE_2023_34362