In this article in @IntelNatSecJnl, I try to answer the question: Why are #Russian #covertoperations so easily unmasked. The answer is a combination of Russian ignorance, indifference, and incompetence.https://t.co/qk9dXMV13P#OpenAccess thanks to @Bruneluni.

— Kevin Riehle (@riehle_kevin) January 31, 2024

Iraqi armed group Kataib Hezbollah suspends military and security operations against U.S. forces -statement

— Idrees Ali (@idreesali114) January 30, 2024

Kataib Hezbollah: pic.twitter.com/KBSOQiF5YH

— Jesse (@KoalaSalesman) January 30, 2024

Doing some research for work (and for a talk, end of year, if it works), I have encountered this gem of a talk.

It is long but *brilliant*. It will take you around why, how, and what for. I hardly ever recommend talks but this one is fucking solid.https://t.co/BXDl9nIfdC

— 🌻 𝙼𝚎𝚊𝚍𝚘𝚠 𝙴𝚕𝚕𝚒𝚜 (2).arj 🌻 (@notameadow) January 31, 2024

It took more effort than initially expected, but the first European Cybersecurity Certification Scheme has arrived. Long live EUCC, and congratulations to Philippe Blot and all contributors https://t.co/BRSIjZ8viw

— Eric Vetillard (@evetillard) January 31, 2024

Bulgaria issues European arrest warrant for six Russian spies suspected of terrorism – @EURACTIV https://t.co/bLxH9lVWjm

— Adam D.M. Svendsen (@intstrategist) January 31, 2024

My prediction is that exploiting memory corruption vulnerabilities in C/C++ code will become a thing of the past in 10 years with hardware support for memory safety, control flow integrity, and sandboxing. https://t.co/Y0rzZi8frS

— Daniel Moghimi (@flowyroll) January 29, 2024

Man have I heard that a few times in my career :) https://t.co/8gXlmE4SyJ

— Dave Aitel (@daveaitel) January 29, 2024

I hope he’s right. But direct control flow transfers as a result of corruption is just one potential exploitation strategy. Data only corruption has been a thing for quite some time. Until the underlying hardware changes its fundamental design memory unsafety is here to stay.

— chrisrohlf (@chrisrohlf) January 29, 2024

Sandboxing.

What are examples of data-only attacks that could not be mitigated with sandboxing?

If people complain about performance, there are already hardware solutions for this on today's hardware (e.g. mpk).

— Daniel Moghimi (@flowyroll) January 30, 2024

Sandboxing is only effective as a security control when the target asset is outside of the sandbox. This is increasingly not the case with browsers and messaging apps. That doesn’t mean it’s not a worthwhile investment, but threat models do matter. Also worth noting the industry…

— chrisrohlf (@chrisrohlf) January 30, 2024

All of them? :)

MPKs suffer from the assumption that we can perfectly define what data is sensitive for a complex program execution and what not. And manage to separate that efficiently at the _page_ granularity.

Haven’t seen that a reality on any software.

— twiz (@lazytyped) January 31, 2024

I found implementing MPK support to be messy and limited. It has its place as part of a larger solution but is mostly useless for defending against memory corruption. Is Intel even shipping it anymore?

— chrisrohlf (@chrisrohlf) January 31, 2024

Quoted in the The Globe and Mail on the unfolding story of the second major hack of Canada's foreign affairs department in two years.

2024 is already off to a hell of a start.https://t.co/5dKtkFFrcT

— David Shipley 🍁 (@davidshipley) January 31, 2024

Rhyming AI-powered clock sometimes lies about the time, makes up words https://t.co/1wakvfBjaw

— Ars Technica (@arstechnica) January 30, 2024

Look at me
I’m Amazon Q
It’s 1:67
Disagree? Fuck you! https://t.co/X4UrVYZe1e

— Corey Quinn (@QuinnyPig) January 31, 2024

Update: The Seminole County Sheriff's Office has confirmed that the California teenager suspected to be Torswats is now in a Florida jail.

He was booked into the John E. Polk Correctional Facility on a no-bond status earlier today. https://t.co/bckVkBe6Ef pic.twitter.com/M8HC3VJc4w

— Dhruv Mehrotra (@dmehro) January 31, 2024

For a year, the FBI has hunted the most prolific swatter in the US. Known online as Torswats, hes called hundreds of false reports of active shootings to schools, courthouses, and mosques.

Last week they arrested a suspect.

Story here, more to follow:https://t.co/7wyNox37RU

— Dhruv Mehrotra (@dmehro) January 26, 2024

🎉 https://40.83.189.251/owa https://t.co/ZkPqWQo2ll pic.twitter.com/nu9N4pKQx3

— Kevin Beaumont (@GossiTheDog) January 30, 2024

Why orgs like Microsoft shouldn’t run end of life Microsoft software: https://t.co/15vNzcI8iS

— Kevin Beaumont (@GossiTheDog) January 31, 2024

Exclusive: Russia is likely behind an increase in instances of jamming satellite signals used by airlines, smartphones and weapons systems in eastern Europe, Estonia's military chief says https://t.co/eoluE75uyG via @bpolitics @OttTammik @aaroneglitis

— Patrick Donahue (@patrickjdo) January 31, 2024

Interesting declassified report on the covert communications systems used by Soviet intelligence organizations https://t.co/GegurepIeq pic.twitter.com/LNbmgdnPNX

— Aaron Bateman (@aaronbateman22) January 31, 2024

There's a guy on reddit that can see his neighbor playing online poker through a window, and has been playing against him and smashing him lmao pic.twitter.com/Ii91CVvv9R

— Jeremiah Johnson 🌐 (@JeremiahDJohns) January 31, 2024

dudes rock pic.twitter.com/yb4DutrhT6

— Stephen Hoskins 🔰🏗️🧦🪩 (@GeorgistSteve) January 31, 2024

Todays odd tank predates WW1. It is the Austro-Hungarian Burstyn Motorgeschütz, a concept tank (with no real production). It is unspecified what gun this vehicle would use, but the weaponry would include at least 1 cannon and 2 MG’s. The “arms” would help it cross gaps. pic.twitter.com/EZudjcuetV

— Odd Tank Poster (@KrypTanko) January 31, 2024

Trying to sleep... then I remember ntdll.dll contains a little linear disassembler/emulator that unwinds epilogs. I wonder if you could make a stack machine based off unwind codes.

Also wonder what the ARM version of this looks like... msdn time 🧐 pic.twitter.com/i6lEOJdcGX

— IDontCode (@_xeroxz) February 1, 2024

The first human received an implant from @Neuralink yesterday and is recovering well.

Initial results show promising neuron spike detection.

— Elon Musk (@elonmusk) January 29, 2024

as tha first @neuralink patien i muss say things r going well!1! Cann only eat solid$ until next year (2028), butt feel fresh and ready 4 life!! thanks Father..!1! https://t.co/U67wvqkic5 pic.twitter.com/HuxZN02vmt

— Dan Toomey (@dhtoomey) January 30, 2024

The job layoffs keep coming in cyber security with Proofpoint, Rapid7 and Secureworks announcing mass job cuts in the last few months. But I’ll give it 3 months until the press releases start complaining again about a ‘skills shortage crisis’ in cyber.

— Joe Tidy (@joetidy) January 31, 2024

Very rare to see the full version of this Mussolini quote pic.twitter.com/yF09W3qFG4

— Andrew Hunter Murray (@andrewhunterm) January 31, 2024