April 8, 2024
April 8, 2024
Ever want to test systems & see if your password is ever stored/sent in plaintext?
β Greg Linares (Laughing Mantis) (@Laughing_Mantis) September 22, 2020
Make it: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
I am on the phone with a vendor right now because my test account is in an inoperable state.
π§
Crisis on cybersecurity exploits market? Prices of security breach tools are rising. As much as $50k for WinZip, $7 million for zero-day for iPhone, $5m for Android up to $5m for "hardware" running on WhatsApp and iMessage. Higher cost = better security https://t.co/g7jTamZubP pic.twitter.com/WG2bbxD10a
β Lukasz Olejnik, βοΈπ₯ (@lukOlejnik) April 7, 2024
Interesting perspective, but I think many of the details are wrong or misguided. The majority of the group interactions with Lasse Collin (maintainer of xz) was over email. Jia Tan was much more active and the two of them had regular pair programming sessions for over a year.
The cost for a state agency to create a sock puppet account is negligible because they can afford to do anything that could reasonably be expected from a regular user. Require a phone number? Not a problem. Government ID? Not a problem.
Thoughts on xz backdoor. 1) Lack of a robust identity system on github (except when there is a tie-in to an organization which is slightly better). Anyone can create as many sock puppets accounts to do code reviews, nudge maintainers to add someone malicious as co-maintainers,β¦
β Abhishek Arya (@infernosec) April 6, 2024
Thread by @infernosec on Thread Reader App β Thread Reader App
@infernosec: Thoughts on xz backdoor. 1) Lack of a robust identity system on github (except when there is a tie-in to an organization which is slightly better). Anyone can create as many sock puppets accounts to...β¦
New video! This time we do something slightly different, we go through a cyber operation that recently targeted the Colombian national police.https://t.co/Pec6FmHRSJ
β Spy Collection (@SpyCollection1) April 8, 2024
GitHub - netsecfish/dlink
Contribute to netsecfish/dlink development by creating an account on GitHub.
Wait⦠is this an option? pic.twitter.com/iBdNpzkwCk
β Jeremy Morgan (@JeremyCMorgan) April 7, 2024
Useful blog post for beginners approaching ghidra for the first time by @byte_howhttps://t.co/8QXBmwMkNe#ghidra #cybersecurity pic.twitter.com/WYhQftlteR
β 0xor0ne (@0xor0ne) April 8, 2024
β Sherry Tongshuang Wu (@tongshuangwu) April 7, 2024
CVE-2024-2887 WebAssembly type confusion PoC https://t.co/7RtvCL6tl3
β 1377 High-yield Nukes (@buptdsb) April 8, 2024
Missed out on the v8ctf bounty again because I have absolutely no idea how to achieve v8 sbx escape...π₯Ή
#XZUtils pic.twitter.com/8CITDaPJS4
β Vlad (@VladDBA) April 7, 2024
Phobos over Mars
β Andrea Luck (@andrluck) April 6, 2024
Full size: https://t.co/D8svEX8OSY
Credit: ESA/DLR/FUBerlin/AndreaLuck CC BY
ESA Mars Express HRSC
Orbit 7982
Time: 2022-02-07
Filter ND - H7982_0000_ND3.IMG
Colourised image created using data processed from: https://t.co/ZrRB1ae7un pic.twitter.com/46QqwQHFcL
(CVE-2024-0039)[295887535][Android][BLE][ATT]OOB write in attp_build_value_cmd -> 0-click RCEhttps://t.co/PEEBJMfhcphttps://t.co/8ZiA68BoF9 https://t.co/OR85j5UCjx
β xvonfers (@xvonfers) March 4, 2024
(CVE-2024-0031)[Android][BLE][ATT]OOB Write in attp_build_read_by_type_value_cmd function->0-click RCE.https://t.co/TNHf8vpBiJhttps://t.co/lR56SpvtxQhttps://t.co/NngnKNGRuo
β xvonfers (@xvonfers) February 5, 2024
$84,999 for a simple desktop computer in Joe Biden's America. pic.twitter.com/WzxbGFybYy
β Daniel Feldman (@d_feldman) April 8, 2024