February 20, 2024
February 20, 2024
Lockbit ransomware groups website has been seized by EUROPOL. pic.twitter.com/Z4UTRy25z6
— vx-underground (@vxunderground) February 19, 2024
Background on the Chinese company that was leaked
Background on the company subject to the leaks https://t.co/fEfwJoAUZL
— Dakota Cary (@DakotaInDC) February 19, 2024
Archive of the leaks, just in case
tl;dr archived stuff, see link below
— vx-underground (@vxunderground) February 19, 2024
Earlier today a GitHub titled "I-S00N" leaked supposedly sensitive Chinese government data - specifically related to offensive cyber security.
The initial discovery, and documentation of the documents, derive from @AzakaSekai_. We have…
Lockbit ransomware group has issued a message to individuals on Tox.
— vx-underground (@vxunderground) February 19, 2024
"ФБР уебали сервера через PHP, резервные сервера без PHP не тронуты"
"The FBI fucked up servers using PHP, backup servers without PHP are not touched"
Lockbit ransomware group administration claims that law enforcement agencies compromised them by exploiting CVE-2023-3824
— vx-underground (@vxunderground) February 20, 2024
More information: https://t.co/28v1Yz4L7t
Lockbit when they're compromised pic.twitter.com/rSfeJfMRFp
— vx-underground (@vxunderground) February 20, 2024
No one can do patch management.
Some pushback on the CVE 2023 3824 claim
skeptical about this claim.. I quickly looked at the diff for CVE-2023-3824 and I think it only allows for a single off-by-two(?) NULL byte write to memory that is adjacent to a php_stream_dirent->d_name[]. also it would require some PHAR data upload+parse primitive? https://t.co/DjY2rFKwFj
— blasty (@bl4sty) February 20, 2024
perhaps lockbit is somehow unaware of the whole PHAR deserialization class of vuln^H^H^H^Hfeatures PHP offers, found some PHAR data artifact and wrongly concluded CVE-2023-3824 to be the culprit?
— blasty (@bl4sty) February 20, 2024
I'd be very surprised if it was not exploitable. The biggest difficulty are the preconditions (file upload, directory listing routine with controlled path prefix), but they are not so unlikely.
— Charles Fol (@cfreal_) February 20, 2024
Last year I discovered multiple bugs in virtio-net for VirtualBox (CVE-2023-22098, CVE-2023-22099, CVE-2023-22100) and wrote a 100% reliable VM escape using an out-of-bounds write (with ASLR defeat). Published the exploit code: https://t.co/qx1SxppYhw
— Andy Nguyen (@theflow0) February 20, 2024
Bug is fun, they checked "uVlanId > VIRTIONET_MAX_VLAN_ID" instead of "uVlanId < VIRTIONET_MAX_VLAN_ID"
— Andy Nguyen (@theflow0) February 20, 2024
Seems that folks successfully achieved working RCE w/ a previous RTF/Win exploit! This is expected as #MonikerLink is a powerful attack vector (delivering exp) on Outlook - it bypasses Protected View too!
— Haifei Li (@HaifeiLi) February 18, 2024
Now u have more reasons to PATCH & GET PROTECTED!https://t.co/esPv5KUJpd
Interestingly, this "!" trick has been used before in a CVE-2021-40444 exploit as noticed by @wdormann back in 2021 https://t.co/XusZBcFxFX
— Mitja Kolsek (@mkolsek) February 19, 2024
Thread by @mkolsek on Thread Reader App – Thread Reader App
@mkolsek: I don't see why a possibility for chaining this with an old, already patched RCE would suffice for qualifying as RCE itself. I mean, @xaitax video shows coupling with Follina (CVE-2022-30190), and couples i...…
I wrote down some thoughts on that "LLM Agents can Autonomously Hack Websites" paper thats been going around. TLDR; no data, lack of transparency, no knowledge of existing traditional tools.https://t.co/is1bGAeuGY
— chrisrohlf (@chrisrohlf) February 19, 2024
Haibo used his personal email address, shutdown@139.com, to register i-soon[.]net in 2010 pic.twitter.com/SThXK3a8X4
— Nathan Patin (@NathanPatin) February 19, 2024
Not very opsec friendly for an APT dude 😅 https://t.co/NrkDvG79Y3 pic.twitter.com/7qp39ToyLg
— Soufiane (@S0ufi4n3) February 19, 2024
🚗 Perhaps the first vulnerability in #Automotive Security Product. #ProductSecurity #CyberSecurity https://t.co/OXgdXq9eq6
— delikely (@delikely) February 20, 2024
So here's my understanding of one of the groq tricks (the paper is really easy to read):
— Nathan Odle (@mov_axbx) February 19, 2024
Since a neural network's computational graph is known at compile time, they also know at compile time how data will flow between computational units.
As a result, they can do away with…
This is big! New original Xbox exploit has been released, working on stock consoles with just a save.
— MrMario2011 (@MrMario2011) February 19, 2024
Can be triggered from the Dashboard and used as an entrypoint for unsigned code, no exploit games or swaps needed!!
🥳https://t.co/7EbRZSpSud
I wrote this week on how Russian intelligence services have learnt from their mistakes & adapted. The GRU has changed its organisation & tradecraft. We publish exclusive details of a forthcoming RUSI report, which draws on Ukrainian & other docs & sources. https://t.co/zFYQF778Wh
— Shashank Joshi (@shashj) February 20, 2024