February 15, 2024
February 15, 2024
European Court of Human Rights delivers a landmark ruling that data retention is unlawful, and end-to-end encryption is upheld as a right in a democratic society. This ruling puts fundamental limitations on any European Union attempts, too. https://t.co/2DfI9EPL2Q pic.twitter.com/iTeZXue64V
— Lukasz Olejnik, ☕️🥐 (@lukOlejnik) February 14, 2024
European Court of Human Rights bans weakening of secure end-to-endencryption - the end of EU‘s chat control CSAR mass surveillance plans? - EU Reporter
The European Court of Human Rights yesterday banned a general weakeningof secure end-to-end encryption. The judgement argues that encryptionhelps citizens and companies to protect themselves against hacking,theft of identity and personal data, fraud and the unauthoriseddisclosure of confidential information. Backdoors could also beexploited by criminal networks and would seriously jeopardise thesecurity of all users' electronic […]
Nice.
nice report from @Meta security folks covering commercial surveillance vendors. the section on hardening products and reducing attack surface is 👌👌https://t.co/2xKXnrOD4h
— billy leonard (@billyleonard) February 14, 2024
BREAKING:
— Visegrád 24 (@visegrad24) February 14, 2024
ABC reports that the new “serious national security threat” reported today by House Intelligence Committee Chair Mike Turner is a nuclear weapon in space.
ABC’s sources say Russia wants to put a nuke in space as a weapon to be used against satellites pic.twitter.com/NumkxGNpQU
Russia's top propagandist Vladimir Solovyov proposes to launch nukes in space to disable Starlink and target commercial US satellites in general. https://t.co/HAmD5i1L7F pic.twitter.com/zqZ47dnVUh
— Julia Davis (@JuliaDavisNews) May 31, 2023
(Via Kim Zetter)
This video only has 3k views and that confuses me. Take the time to learn from the SVR's operational capability. https://t.co/7sBsLDD4kN
— Dave Aitel (@daveaitel) February 14, 2024
Huh: “we show that LLM agents can autonomously hack websites, performing tasks as complex as blind database schema extraction and SQL injections without human feedback. Importantly, the agent does not need to know the vulnerability beforehand.” https://t.co/Bkc2gupDWL pic.twitter.com/D0S0iAAEkJ
— Ethan Mollick (@emollick) February 15, 2024
Man works with Walgreens manager to rob store once a month since July 2023, DC Police say https://t.co/1fqCM86wqy
— WUSA9 (@wusa9) February 14, 2024
— Kris Wilson (@KrisWilson) February 12, 2024
Excellent research work on home router (SOHO) hacking by @NCCGroupInfosec
— 0xor0ne (@0xor0ne) February 15, 2024
"Your not so Home Office - SOHO Hacking at Pwn2Own" (HITB2023) https://t.co/WgT1UlzRtP#iot #cybersecurity pic.twitter.com/8TsUnAWadb
'At the very least, CIA and MI6 attempts to troll their Russian counterparts serve to stoke the paranoia the latter already feel', writes @Sandbagger_01 in the latest #RUSICommentary.https://t.co/MZdTswY3b1
— RUSI (@RUSI_org) February 14, 2024
Indian Embassy Employee Arrested For Spying For Pak Was Honey-Trappedhttps://t.co/8BxfEWWxEs
— Dr. Dan Lomas (@Sandbagger_01) February 15, 2024
SIM HIJACKING
— Cyber Detective💙💛 (@cyb_detective) February 13, 2024
A detailed explanatory long read by @sensepost:
- Attacks Using Just A Phone Number
- Subscriber Identification Module (SIM)
- AT Commands
- SIM Application Toolkit (STK)
- TAR (Toolkit Application Reference)https://t.co/fzcMGATT9i
Tip by @0xor0ne pic.twitter.com/f4ttOxQKlq
This is some of the most staggering incompetence I have ever seen: company promises "secure, filtered email" to clients, leaves all mail unencrypted on the open web. https://t.co/MarWsG6vWu
— Eva (@evacide) February 14, 2024
Also real important thing to note: while Microsoft has patched the #MonikerLink bug in Outlook, the same issue may exist in many other Windows/COM based software and waiting to be discovered. Go hunt for more #MonikerLink bugs!https://t.co/N82MVLPizH
— Haifei Li (@HaifeiLi) February 14, 2024
Here we go!
— Haifei Li (@HaifeiLi) February 14, 2024
The crazy part for me when discovering the issue is that this is a very easy-to-find problem but overlooked for like decades - nothing special, I just typed the "!" in hyperlinks on Outlook..https://t.co/DgfTJVNlT2
Today, we're disclosing an overlooked, wide-impact bug/attack vector affecting the Windows/COM ecosystem, dubbed #MonikerLink. In Outlook, the bug's impact is far and wide: from leaking NTLM creds to RCE. The same issue may exist in other software, too. https://t.co/nfPDFJoCz6
— Check Point Research (@CPResearch) February 14, 2024
Changing the soundtrack makes this an entirely different movie pic.twitter.com/tccD6bqmKe
— Historic Vids (@historyinmemes) February 14, 2024
Microsoft, in collaboration with OpenAI, is publishing research on emerging threats in the age of AI, focusing on identified activity associated with known threat actors Forest Blizzard, Emerald Sleet, Crimson Sandstorm, and others. Learn more: https://t.co/y68MDypDXM
— Microsoft Threat Intelligence (@MsftSecIntel) February 14, 2024
This is interesting research that's worth reading. I'd encourage readers to also consider what's NOT here - these groups didn't use LLMs to make new malware or find zero-days. They used them to help research and write scripts. I'm not panicking about this... https://t.co/2OdZHI5OBx
— Katie Nickels (@likethecoins) February 14, 2024
My constant refrain on the current trajectory of LLM/generative AI in security: it has the potential to increase the velocity of action/decisions within current understanding, but lacks the ability to create net-new/novel approaches. Take for what you will.
— Joe Słowik 🌻 (@jfslowik) February 14, 2024
The 289-page NSA Information Book for the Presidential Transition 2009: a lot has been redacted, but still a nice comprehensive overview with interesting details:https://t.co/td2Ksf8muz pic.twitter.com/jDHtc5cAfX
— Electrospaces (@electrospaces) February 14, 2024