April 14, 2024
April 14, 2024
Note: I will be traveling to Helsinki for T2.fi con this week. The newsletter will be sporadic while I’m away. If you’re in Helsinki, feel free to say hello.
🔎Researchers are working hard but still need to conclude the XZ backdoor analysis and determine whether it has alternative communication channels or triggers.
— Juliano Rizzo (@julianor) April 13, 2024
🎁The xz-min project by @felipec is a way to easily reproduce the XZ backdoor to study it:https://t.co/sfANoX6hci pic.twitter.com/pKTwNxhfHw
you could try the trick we introduced here: https://t.co/6whdgWhg9I
— Florian Tramèr (@florian_tramer) April 12, 2024
Ask the model to repeat a chunk of code you think might be from the leak, and then do the same thing with the memorization filter enabled to see if it gets filtered out.
Wow this guy @nachoskrnl RCEed Outlook the third time (if I remember correctly) in the same attack vector, give him a praise! https://t.co/VEOw6Ltpmx
— Haifei Li (@HaifeiLi) April 12, 2024
It's nice to have a positive Outlook.
— Akamai Security Intelligence Group (@akamai_research) April 12, 2024
Akamai researchers have discovered another critical vulnerability that bypasses the patch for the custom sound vuln from March 2023.
Psst: this one can also be triggered in Explorer 👀
Full write-up:https://t.co/Xw5d8MZLNx pic.twitter.com/uxitT667ID
The UK honey trap is weirder than it sounds
The Westminster honeytrap mystery is even stranger than we thought
The BBC unearths crucial new details about the WhatsApp phishing scandal rocking Westminster.
Remarkable statistics on the Battle of Midway here -
— Eric L. Robinson (@UticaEric) April 12, 2024
The greatest naval victory in American history, probably among the top 3 in world history, happened because *8%* of bombs / torpedos hit their targets. pic.twitter.com/ypUd6nqu9I
Threat Brief: Operation MidnightEclipse, Post-Exploitation Activity Related to CVE-2024-3400
We detail Operation MidnightEclipse, a campaign exploiting command injection vulnerability CVE-2024-3400, and include protections and mitigations.
It’s so beautiful 🥹
— Ian Coldwater 📦💥 (@IanColdwater) April 13, 2024
https://t.co/Mcbp0h0COH pic.twitter.com/bCt8EJNqnl
https://t.co/IEBSsbjv4J Telegram Desktop RCE . "pywz" VS "pyzw" , A classic case of developer “shaky hands” pic.twitter.com/AvPFOBu0UX
— heige (@80vul) April 12, 2024
If you cherry-picked the individual commits, you would have missed the "evil merge" change which forced SPECTRE_BHI_ON: https://t.co/QSUfjbFYUn
— Brad Spengler (@spendergrsec) April 12, 2024
Twitter Ads Update:
— Tom (@Lawmadillo) April 13, 2024
Either this is incredibly meta or I am legitimately going insane pic.twitter.com/1LvBZmHfat
#SpyNews - week 15 (April 7-13):
— Spy Collection (@SpyCollection1) April 14, 2024
A summary of 88 espionage-related stories from week 15 coming from 🇮🇷🇰🇷🇺🇸🇨🇴🇪🇬🇧🇬🇷🇺🇺🇦🇨🇦🇨🇳🇹🇷🇮🇱🇩🇪🇷🇸🇬🇧🇦🇪🇮🇳🇵🇰🇦🇹🇹🇼🇬🇺🇮🇹🇷🇴🇱🇻🇧🇷🇺🇬🇳🇱🇫🇷🇱🇹🇲🇦🇦🇺🇪🇸🇧🇪🇨🇿🇵🇱🇳🇿🇰🇵🇬🇷🇲🇾🇦🇲🇦🇿🇾🇪🇰🇭🇻🇳🇸🇪🇳🇦🇨🇺🇸🇾🇱🇧 https://t.co/TlUwMVquNh#Espionage #OSINT #HUMINT #SIGINT #Spy
The Papa Johns closest to the Pentagon is far busier than usual pic.twitter.com/Fe7t2HRqAj
— lyndon b johnson fancam workers cooperative 🌹 (@lbjfancamcoop) April 13, 2024
i’m what we call an OINK. one income, no kids. living on slop in my little pen
— trash jones (@jzux) April 13, 2024
Counter Strike hacking is one of my guilty pleasures.
— envy 🐾 (@ehnveee) April 13, 2024
This is a video of an AI tool built into one of the most popular HvH cheats on the market.
HvH (Hack vs. Hack) is a game mode where everyone in the lobby is cheating.
“If everyone is cheating, then how is it fun?”
The… pic.twitter.com/uJGoLt36Zz