August 29, 2024
August 29, 2024
As MSRC finally confirmed the two bugs, I have a "protip" to share w/ my fellow researchers.. 😅https://t.co/xy4MqzJ3Gd
— Haifei Li (@HaifeiLi) August 28, 2024
Thread by @HaifeiLi on Thread Reader App – Thread Reader App
@HaifeiLi: As MSRC finally confirmed the two bugs, I have a "protip" to share w/ my fellow researchers.. 😅 Instead the vendor (you believe it's recklessly) asking you to provide more info, you ask them to provide...…
I had the opportunity to share my recent personal experiences on the "coordinated vulnerability disclosure" topic, w/ other folks in the front line. https://t.co/AwMtBY9feq
— Haifei Li (@HaifeiLi) August 26, 2024
Race conditions primitives on speculatively executed code paths
— 0xor0ne (@0xor0ne) August 28, 2024
Paper: https://t.co/XRdOqwOWte
Website: https://t.co/XRdOqwOWte
PoC: https://t.co/cNt3mTQyCT#ghostrace #infosec pic.twitter.com/6YEUQvnC4C
BREAKING: #Telegram CEO Pavel Durov charged.
— John Scott-Railton (@jsrailton) August 28, 2024
6 charges related to:
✔️Complicity in CSAM, trafficking & money laundering, organized crime..
✔️Unresponsiveness to lawful requests
✔️Failures to declare & register cryptography services.
€5m bail, forbidden from leaving FR. pic.twitter.com/XuaPHyUGN7
Check out our latest blog post “Sky’s the Limit – Quick Analysis and Exploitation of a Chrome ipcz TOCTOU Vulnerability”https://t.co/IAIunRRccd
— Binary Gecko (@Binary_Gecko) August 28, 2024
For those into UEFI firmware reverse engineering - we released a blog post last week that you might be enjoy.https://t.co/eJ2Ye3HCKU
— Brandon Miller (@zznop_) August 28, 2024
Ukrainian soldiers call them sugar cubes. They are personal drone detectors that sense enemy drones nearby without giving away the wearer's position. They're small, light, easy to use, and work well to save lives. Ukrainian forces are working hard to equip every soldier with one. pic.twitter.com/H5ppP525bu
— Now I am become more main bastard fella 🇺🇦 🇨🇦 (@iEndure_4evr) August 28, 2024
You can learn more about these personal drone detectors here...https://t.co/r2Wzf5lAmz
— Now I am become more main bastard fella 🇺🇦 🇨🇦 (@iEndure_4evr) August 28, 2024
Read some of the obsequious emails that alleged IRGC hackers posing as think tankers have sent to former Biden and Trump officials to try to break into their computers: https://t.co/sG2DeeDipc pic.twitter.com/1zdU1nJgwk
— Sean Lyngaas (@snlyngaas) August 28, 2024
John Regehr: "love to see this!
"RISCVuzz: Discovering Archite…" - Mastodon
love to see this!
"RISCVuzz: Discovering Architectural CPU Vulnerabilities via Differential Hardware Fuzzing"
https://ghostwriteattack.com/riscvuzz.pdf
ChatGPT Jailbreaks, GPT Assistants Prompt Leaks, GPTs Prompt Injection, LLM Prompt Security, Super Prompts, Prompt Hack, Prompt Security, Ai Prompt Engineering, Adversarial Machine Learning.https://t.co/dg2sS8wpEb
— Nicolas Krassas (@Dinosn) August 28, 2024
Talking to a friend now I remembered something. Back in 2018, when I started learning about windows internals, me and my friends started this strict habit to take 10 exe/DLLs from System32 directory and just google/read up about them. No fancy hacks, no reversing, nothing. We did…
— Chetan Nayak (Brute Ratel C4 Author) (@NinjaParanoid) August 27, 2024
Just wrote a new blog post discussing how we discovered and fixed a SQLite3 bug during #AIxCC! Dive into the details and see how our system tackled real-world challenges. Read it here: https://t.co/wSyzgIQD8p https://t.co/xVFMEvPxm1
— Hanqing Zhao (@hankein95) August 28, 2024
🔥 Microsoft fixed a high severity data exfiltration exploit chain in Copilot that I reported earlier this year.
— Johann Rehberger (@wunderwuzzi23) August 27, 2024
It was possible for a phishing mail to steal PII via prompt injection, including the contents of entire emails and other documents.
The demonstrated exploit chain…
Analyze the exploitability of non-control objects (data only) objects in Linux kernelhttps://t.co/WchmwitgVa#Linux #cybersecurity pic.twitter.com/bRtfv55OEk
— 0xor0ne (@0xor0ne) August 29, 2024
MiraclePtr is a very ambitious project and while it would take quite some time for it to have full effect (manual rewrite efforts required and they are not easy & successful), the effect would be huge, albeit not unbypassable neither directly nor indirectly (thru other bugs) https://t.co/686cFT8G7Q
— dunadan (@udunadan) August 29, 2024
Note to that d*ckhead who have been using https://t.co/uHQ0tKsGFm to monitor peoples Teams availability:
— Dr. Nestori Syynimaa (@DrAzureAD) August 28, 2024
1️⃣ I'm paying for all the computing resources by myself - making over 200k requests in two months is not what the service is made for 🤦♂️
2️⃣ Username requests are now throttled…
People seem impressed by that service. I don’t have any way to test it but figured it might be relevant for someone.
Hello. I need to tell all people the truth. I got all data in completely legally. I entered this command in terminal once. Well, you would be surprised at that🤡
— Bizarredect (@Bizarredect) August 29, 2024
wget -r https://t.co/FxxEbalz8q -e robot=off --no-check-certificate