April 11, 2023
This sucks. I think I will have to actively seek a solution because this is no fun.
-
Interesting writeup on a logic bug (pathed back in feb. 2022) in readline which could allow lateral movement (credits @trailofbits) https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/
Interesting writeup on a logic bug (pathed back in feb. 2022) in readline which could allow lateral movement
— 0xor0ne (@0xor0ne) April 10, 2023
(credits @trailofbits)https://t.co/oCmh81DS41#cybersecurity pic.twitter.com/Gz3IC1HQpR
-
Listening to @lawfarepodcast with Rob Joyce @RGB_Lights, Director of the Cybersecurity Directorate at @NSACyber (Skip to 2:40)
Rob Joyce, NSA Director of Cybersecurity - The Lawfare Podcast | Acast
Listening to @lawfarepodcast with Rob Joyce @RGB_Lights, Director of the Cybersecurity Directorate at @NSACyber
— SwiftOnSecurity (@SwiftOnSecurity) April 7, 2023
(Skip to 2:40)https://t.co/Tw1BMOpB6I
-
The most important and underexamined thing happening in U.S. Internet law right now is the emergence of various "child safety" laws that effectively regulate content on platforms, but don't say so. 1/
The most important and underexamined thing happening in U.S. Internet law right now is the emergence of various "child safety" laws that effectively regulate content on platforms, but don't say so. 1/
— Daphne Keller (@daphnehk) April 10, 2023
Can lawmakers dodge the First Amendment by saying they are just regulating "design" and "systems" in these child safety laws?
— Daphne Keller (@daphnehk) April 10, 2023
For platforms, the way to comply with the law is to enforce new content-based restrictions on lawful speech. So I'd say the 1st Am is in play. 8/
-
What’s brewing could be worst mass leak since Snowden 10 years ago. “leaked docs appear to go well beyond highly classified material on Ukraine… increasing trove also includes sensitive briefing slides on China, Indo-Pacific, the Middle East & terrorism.”
https://www.nytimes.com/2023/04/07/us/politics/classified-documents-leak.htmlWhat’s brewing could be worst mass leak since Snowden 10 years ago. “leaked docs appear to go well beyond highly classified material on Ukraine… increasing trove also includes sensitive briefing slides on China, Indo-Pacific, the Middle East & terrorism.” https://t.co/Tlb7PsE8g6
— Shashank Joshi (@shashj) April 8, 2023
-
UA hacker group identified Serhiy Morgachev, one of the prominent hackers in Russia. Morgachev is Lt. Colonel of the GRU, wanted by the US for a number of cyber crimes. He is the informal leader of the APT 28 (Fancy Bear, Pawn Storm), which hacked the DNC servers in 2016
UA hacker group identified Serhiy Morgachev, one of the prominent hackers in Russia. Morgachev is Lt. Colonel of the GRU, wanted by the US for a number of cyber crimes. He is the informal leader of the APT 28 (Fancy Bear, Pawn Storm), which hacked the DNC servers in 2016 pic.twitter.com/RnHn1rWj8V
— Giorgi Revishvili (@revishvilig) April 10, 2023
-
Some guy tried a romance scam on me and I went along to counter scam him. He finally asks for money, so I say "all my money is in Switzerland in a trustfund but to get it I need money for a plane ticket" he replies "that sounds like a scam"
https://twitter.com/lexialex/status/1645219448507498496
-
Declassified layout of the global UK Defense communications network (~1970) that consisted of a mix of cable, HF links and radio relay, and satellite communications.
https://twitter.com/aaronbateman22/status/1645410912071761920
-
Debtors give multiple examples of irresponsible key storage. Keys to >$100M stored in unencrypted plaintext, for example, or in tools unsuitable for the job. Keys were often accessible by many employees with no auditing. Keys were poorly labeled, with names like "use this".
Debtors give multiple examples of irresponsible key storage. Keys to >$100M stored in unencrypted plaintext, for example, or in tools unsuitable for the job. Keys were often accessible by many employees with no auditing. Keys were poorly labeled, with names like "use this". pic.twitter.com/FXPSu2ftKu
— Molly White (@molly0xFFF) April 10, 2023
-
Annual P&L for a very large cybercrime org. Customer acquisition is the expensive bit (70% of revenue just for affiliate fees) but EBITDA still ends up at ~28%. It’s hypothetical but indicative & pieced together by
from leaked data & estimates https://trendmicro.com/en_us/research/23/d/unpacking-the-structure-of-modern-cybercrime-organizations--.html
Annual P&L for a very large cybercrime org. Customer acquisition is the expensive bit (70% of revenue just for affiliate fees) but EBITDA still ends up at ~28%.
— Artturi Lehtiö (@lehtior2) April 10, 2023
It’s hypothetical but indicative & pieced together by @TrendMicro from leaked data & estimates https://t.co/PIl8Cil1Y8 pic.twitter.com/HatWGymnzg
-
A short detailing a Kerberos LPE I discovered while working with @tiraniddo on our BlackHat research. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21817… (CVE-2023-21817) This was fixed in Feb, but I think some will find the vulnerability & exploitation interesting.
A short🧵 detailing a Kerberos LPE I discovered while working with @tiraniddo on our BlackHat research.https://t.co/LjM3t1b0DC (CVE-2023-21817)
— Nick Landers (@monoxgas) April 10, 2023
This was fixed in Feb, but I think some will find the vulnerability & exploitation interesting.
1/
-
#SVR dropped a new (second) issue of their official journal "#Razvedchik". With confident Sergey "We haven't had any illusions for a long time" Lavrov on the cover, it promises powerful content. Let's dig in. Long
#SVR dropped a new (second) issue of their official journal "#Razvedchik". With confident Sergey "We haven't had any illusions for a long time" Lavrov on the cover, it promises powerful content. Let's dig in. Long 🧵 1/ pic.twitter.com/tfLWW7Osqm
— Intel Takes (@inteltakes) April 10, 2023
-
Anne Keast-Butler to be first female director at GCHQ
Anne Keast-Butler to be first female director at GCHQ
Anne Keast-Butler, who is currently serving as deputy director general at MI5, starts the role in May.
-