August 30, 2024
August 30, 2024
I've finally finished my series of security frameworks.
— Julian Cohen (@HockeyInJune) August 19, 2024
Security Operations: https://t.co/X37hqWvFva
Product Security: https://t.co/7azFSbWGs8
Enterprise Security: https://t.co/17jZI2TGOU
At the height of One Million Checkboxes's popularity I thought I'd been hacked. A few hours later I was tearing up, extraordinarily proud of some brilliant teens.
— nolen (@itseieio) August 29, 2024
A thread about my favorite story from running OMCB.... https://t.co/uBIsiKDs0B
Thread by @itseieio on Thread Reader App – Thread Reader App
@itseieio: At the height of One Million Checkboxes's popularity I thought I'd been hacked. A few hours later I was tearing up, extraordinarily proud of some brilliant teens. A thread about my favorite story from run...…
Intel issued an official statement regarding the vulnerable SGX Root Provisioning Key: https://t.co/hwb14mjIT9
— Mark Ermolov (@_markel___) August 30, 2024
Guys, it doesn't work like that for SGX. Where is the official notice about the exclusion of all Gemini Lake/Refresh platforms from the Remote Attestation Service (https://t.co/ulrHYHJ2Hj)?
— Mark Ermolov (@_markel___) August 30, 2024
So this turned out to be an IRGC domestic counterintelligence op, as detailed by Google's report today: https://t.co/kouTxk0awC https://t.co/hWdW08bjYB
— Costin Raiu (@craiu) August 29, 2024
No such podcast. NSAs podcast coming soon. pic.twitter.com/vbw27S9lkd
— Phil Venables (@philvenables) August 29, 2024
Part 2 is out: "Linux Detection Engineering - A Sequel on Persistence Mechanisms"
— Ruben Groenewoud (@RFGroenewoud) August 29, 2024
Learn about more advanced Linux persistence techniques: theory, setup, detection, and hunting.
Plus, follow along and check out PANIX!
Blog: https://t.co/XTxqKkKeY5
PANIX: https://t.co/ohTz7xkLdP
Bypassing airport security via SQL injection
Bypassing airport security via SQL injection
We discovered a serious vulnerability in the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs used by the Transportation Security Administration.
TSA security was fully bypassable via a 2005-style sql injection
— near (@nearcyan) August 29, 2024
TSA's annual budget is 11.8 Billion and grows by 20%/year pic.twitter.com/o1DZZ7R8HT
China is beating the world at science, says think tank
https://www.theregister.com/2024/08/30/aspi_technology_tracker/#GSM security: A5/4 was approved by 3GPP together with A5/3 (2009), but most vendors were lazy to change from 64 to 128bit keys on both UE and network side. A5/2 and A5/1 lessons were not enough to prevent history repeating: https://t.co/2pw4adlvsa https://t.co/wvMquFPTYV
— LaForge - @LaF0rge@chaos.social (@LaF0rge) August 30, 2024
Since the UK defence establishment is discussing hedging against potential future US isolationist policy, perhaps it is time to debate whether or not public advocacy for declared adoption of a US style VEP should proceed under the same balancing assumptions, or a different…
— JD Work (@HostileSpectrum) August 29, 2024
The threat actors behind Black Basta ransomware have been making changes to their initial access vectors, becoming less reliant on email-related techniques and employing methods such as SEO poisoning and malvertising in some campaigns. https://t.co/QIKBIq0AzU
— Microsoft Threat Intelligence (@MsftSecIntel) August 29, 2024
Microsoft has also observed threat actors such as Forest Blizzard, Emerald Sleet, Crimson Sandstorm, and others expanding their techniques by using large language models (LLMs) to operationalize their campaigns.
— Microsoft Threat Intelligence (@MsftSecIntel) August 29, 2024