Great research from my colleagues @CyberCX into a China based network attempting social media interference against the West.

As ever these days, the intent - & some of the glaring tradecraft weaknesses - are more interesting than any impact https://t.co/wuXOyelay6

— Ciaran Martin (@ciaranmartinoxf) August 13, 2024

Iran: Look at this aircraft carrier we stealthily took video of

The US Military™: This you? pic.twitter.com/DZXpvurDLM

— ✨️KaiMana!✨️🚑 @ Furrydelphia! (@CertifiedLeggi) August 12, 2024

Trail of Bits is heading to the AIxCC finals! 🏆 Our Cyber Reasoning System, Buttercup, ranked in the top 7 out of 39 teams in the @DARPA AI Cyber Challenge semifinals @defcon 2024. https://t.co/ymP73nXaDW

— Trail of Bits (@trailofbits) August 13, 2024

Lots of good info in this thread from @trailofbits but this particular bit is worth highlighting. Finding bugs is not usually a bottleneck for defenders or attackers. But patching and reliable exploitation are respectively, and these have more in common than you may think!

Both… https://t.co/8EuCtxw8bp

— chrisrohlf (@chrisrohlf) August 13, 2024

Oh come on.😏 Not too many of y'all got the reference to arguably the most consequential credential phishing email attack in history.
And in a week where we're talking about hack-and-leak again too.
SMH.https://t.co/nYodDLykLP https://t.co/Rtp69qA5Or pic.twitter.com/Lq15fwTXGN

— Brian in Pittsburgh (@arekfurt) August 13, 2024

This list is worth keeping in mind when evaluating a LLM, or LLM based product, that can find/exploit vulns. Thought experiment: what proportion of vulns/exploits meets these conditions? It's empirically > 0, but is it > 10? 50? 90? https://t.co/Hv4nbSnTqK

— Sean Heelan (@seanhn) August 13, 2024

New from 404 Media: Michael Pratt was on the run from the FBI. He ran a massive trafficking ring on PornHub. No one knew where he was. So some friends decided to track him down through his love of sneakers. Here is their story told for the first time https://t.co/FKSsby8Rr0

— Joseph Cox (@josephfcox) August 13, 2024

So Microsoft has this really awesome repository with scripts we used to harden privileged workstations with

It hasn't been officially updated in years, and someone made a huge PR to address lots of issues

Nobody has looked at it for over a year... 😭https://t.co/P2Q3Ckwd4D pic.twitter.com/C1cuXcfLCa

— Nathan McNulty (@NathanMcNulty) August 13, 2024

Why exploits prefer memory corruption

Thanks to @halvarflake and @chompie1337!https://t.co/Z9ZtLlsYOw

— sha1lan (@sha1lan) August 12, 2024

If you find these in your child’s room, it’s time to have a serious talk with them about the dangers of hacking pic.twitter.com/B2hWl1HC6f

— Dr. Wesley McGrew (@McGrewSecurity) August 12, 2024

A quick overview of the Research Handbook on Cyberwarfarehttps://t.co/8OTzyhbGJ1@tcstvns @josephdevanny

— Dave Aitel (@daveaitel) August 13, 2024

current tech trends are resistant to satire precisely because they satirize themselves. a car park of empty cars, honking at one another, nudging back and forth to drop off nobody, is a perfect image of tech serving its own prerogatives rather than humanity’s https://t.co/eYyITQfDpm

— James Vincent (@jjvincent) August 13, 2024

back when likes were public I used to use the API to scrape all the accounts that liked anti-math posts, guesstimate their location, and then sell the list to local dealerships so they could try to sell those people dodge challengers at 29% APR https://t.co/ELXfahBpiD

— andi (e/alb) (@Nexuist) August 14, 2024

Fool Kaspersky's Anti-Virus with a perl 1-liner:https://t.co/XW9oYTlK7Y pic.twitter.com/8F1eLPVJaO

— The Hacker's Choice (@thc@infosec.exchange) (@hackerschoice) August 13, 2024

The numbers are certainly open to doubt, but this is just the latest use by MSS to warn of foreign threats on WeChat, and part of a much wider trend of modern day agencies using social media.https://t.co/MB9Bv5YLZ0

— Dr. Dan Lomas (@Sandbagger_01) August 13, 2024

Our slide 'Remote, One-Click, Breaking through Smartphones via a Non Well-Known Remote Attack Surface' is available now https://t.co/f4syV1rADX
A whitepaper with detailed content will be released in the near future.@BlackHatEvents

— kong Thank (@Thankkong) August 14, 2024

NIST publishes standards for next-generation cryptography (cipher, digital signature) understood as resistant to attacks with future quantum computers. Migration will not be a piece of cake, but there’s time. https://t.co/2uebDrTeJT https://t.co/XxWmDhXxM7 https://t.co/XxWmDhXxM7 pic.twitter.com/glJq8SwyCK

— Lukasz Olejnik (@lukOlejnik) August 13, 2024

New: A German intelligence service managed to monitor two servers used by Russian propaganda campaign Doppelganger. After we published our investigation into the campaign's infrastructure in July, the agency's analysts observed something interesting ... https://t.co/DeRfDqYYRv

— Max Bernhard | @mxbernhard.bsky.social (@mxbernhard) August 13, 2024

On the day our investigation published, the intelligence agency's analysts saw how someone frantically tried to log into one of the servers - getting the password and username wrong several times. When they finally got in, they quickly saved all the data from the device. pic.twitter.com/Q3X3wZQrWE

— Max Bernhard | @mxbernhard.bsky.social (@mxbernhard) August 13, 2024

Read the investigation by @alexejhock @_TimetoDiscover and I here: https://t.co/bgYXN7N1Uu

And the Bavarian domestic intelligence services analysis here: https://t.co/y8iguTE7XF

— Max Bernhard | @mxbernhard.bsky.social (@mxbernhard) August 13, 2024

Today, we make public our latest research on Doppelganger. https://t.co/LUKl4U5ItY pic.twitter.com/G6vOvNzv6q

— Qurium Media (@Qur1um) July 11, 2024