February 24, 2024

                            February 24, 2024

                February 24, 2024

                        February 24, 2024
Every. Single. New. Google. Product. pic.twitter.com/7XAaKknrOQ
— Marcos Besteiro 👧🏻👶🏻 (@MarcosBL) February 23, 2024

Secure By Default: I don't know why all of a sudden lawyers seem to think the Common Weaknesses taxonomy is somehow strong enough to hang liability on, except to say: that is absolutely insane. pic.twitter.com/vJFJ0eZSxf
— Dave Aitel (@daveaitel) February 23, 2024

Wow the #MonikerLink bug even won a rare bounty under MSRC's very strict Office bug bounty program - bypassing attachment restrictions. The amount is not big but this is a rare Office bug bounty!:)

I'm attaching my original email here so you know more why this bug is risky. pic.twitter.com/jYC0wUy7U3
— Haifei Li (@HaifeiLi) February 23, 2024

Introduction by @linode  to Linux red teaming basic techniques

Exploitation: https://t.co/kKRI3SHW9F

Escalation: https://t.co/WRAmKTsx4t

Persistence: https://t.co/pEtfWHrSnE#Linux #cybersecurity pic.twitter.com/Kr0tmw9Mlb
— 0xor0ne (@0xor0ne) February 23, 2024

The reason nobody found this problem in dnssec before now is that, as they say, the fundamental design flaws were completely hidden by the superficial design flaws. https://t.co/bvMc5ZF3qb
— apenwarr (@apenwarr) February 23, 2024

Nevada's attorney general filed for a restraining order and prelim injunction against Meta this week to prevent it from pushing out end-to-end encryption as default on Messenger for users in Nevada who are under 18. The brief is here: https://t.co/rLj6X7FOqW

(h/t @Riana_Crypto) pic.twitter.com/ch1dp9CYJ7
— Kim Zetter (@KimZetter) February 23, 2024

Pittsburgh Weekly Gazette, Pennsylvania, August 16, 1905 pic.twitter.com/h1HWudPGQn
— Yesterday's Print (@yesterdaysprint) February 24, 2024

RCMP Network breached in a “cyber event”.

Working with international partners to assess the damage to national security. 

This does not look good. Not long ago DND and GoC were hit with a big breach. https://t.co/21AENCifMH
— Ian Boyle (@IanWBoyle) February 23, 2024

NEW: Illia Vitiuk, cyber chief at Ukraine’s Security Service, told me that Russia is “becoming more vigorous” in its cyber operations, including stationing APT groups on the front lines to more easily access captured equipment. For Pros here: https://t.co/ssm7LETh41
— Maggie Miller (@magmill95) February 23, 2024

When you wield God-like abilities, people come to you with humble requests like this and within seconds you just blow their mind -- alternate introduction: "what can you do with bpftrace on Linux?" Let's go …
— FreeBSD Frau (@freebsdfrau) February 23, 2024

Thread by @freebsdfrau on Thread Reader App – Thread Reader App
@freebsdfrau: When you wield God-like abilities, people come to you with humble requests like this and within seconds you just blow their mind -- alternate introduction: "what can you do with bpftrace on Linux?" Let...…

Repeat from a couple days ago.
This is the craziest paper I've read this week:

"PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound" pic.twitter.com/EGjfx79mZA
— LaurieWired (@lauriewired) February 23, 2024

Link to the paper:https://t.co/74ZUa96Gi1
— LaurieWired (@lauriewired) February 23, 2024

🧵From a secret letter to Vice Admiral M. A. Usatov, deputy head, First Chief Directorate, #KGB, May 1979.

How Lithuanian KGB planned to spy on NATO:

1. Using its foreign agents to conduct visual surveillance, make contacts with officials and employees of NATO facilities, and pic.twitter.com/bHZgg4Yy2J
— Filip Kovacevic (@ChekistMonitor) February 22, 2024

Thread by @ChekistMonitor on Thread Reader App – Thread Reader App
@ChekistMonitor: 🧵From a secret letter to Vice Admiral M. A. Usatov, deputy head, First Chief Directorate, #KGB, May 1979. How Lithuanian KGB planned to spy on NATO: 1. Using its foreign agents to conduct visual sur...…

The thrust of the Secure by Design legal theory as presented on LawfareBlog seems to be having CISA take CWE and distill from it a set of unpardonable errors that now define a standard that makes software manufacturers liable.  This is not a good idea, to put it mildly.
— Dave Aitel (@daveaitel) February 23, 2024

this is such an interesting time to be alive. we concreted the internet as our second equal and primary reality but it's full of ghosts now

we try to talk to them and they pass right through

it's a haunted world of dead things who look real but don't really see us pic.twitter.com/VpqcDTeE60
— .chantal//RYAN ➡️ GDC (@thoughtrise) February 23, 2024

Great writeup by @0vercl0k on pwning a TP-Link AC1750 (Pwn2Own 2021)

Couple years old but still a good read for anyone interested in consumer routers securityhttps://t.co/nqPXaGFUtj#iot #cybersecurity pic.twitter.com/zC1UWIdmQY
— 0xor0ne (@0xor0ne) February 23, 2024

you cannot convince me this isn't the funniest fucking humans vs robots video to come out in our time https://t.co/IwVTSvvmV9 pic.twitter.com/JtPtQP70Vd
— Wade (in Tarnation) (@watn_tarnation) February 23, 2024

will never stop laughing at the video where SFPD is trying to get a driverless car to not run over a firehouse and they start yelling at it like a bad dog while waiving a flare around to scare it
— Wade (in Tarnation) (@watn_tarnation) February 23, 2024

New Blog! Lessons from the iSOON Leakshttps://t.co/wE4gdXrkDq pic.twitter.com/dUxh1inm6q
— Will (@BushidoToken) February 22, 2024

After infiltrating LockBit's systems, we gathered a lot of information about their criminal activity and those who worked with them.

Including their network of 194 hackers or 'affiliates' who we'll be in touch with very soon.

Until then, we hope they have a nice day 🙂#Cronos pic.twitter.com/dDOHaWxWit
— National Crime Agency (NCA) (@NCA_UK) February 23, 2024

Predictable claims by PRC spokesperson. If my report below is any guide to China’s coming response, we may soon see fresh allegations of US hacking against targets in China. H/t @snlyngaas https://t.co/LZ2Yl48E0b pic.twitter.com/G2zsJ19XKp
— Dakota Cary (@DakotaInDC) February 23, 2024

Rajat Khare wants you to know that "he did not engage in conspiracy to or complicity in murder." Ooooookay. https://t.co/bDsZk5QJcO
— Eva (@evacide) February 24, 2024

WHO COULD HAVE FORESEEN AGE VERIFICATION MECHANISMS ARE THE SAME THINGS HACKERS ARE AFTER

Face off: Attackers are stealing biometrics to access victims’ bank accounts https://t.co/HxeDwR5Kth

COUGH COUGH https://t.co/xAtKD4AmLD
— Shoshana Weissmann, Sloth Committee Chair 🦥 (@senatorshoshana) February 22, 2024

I managed to extract and compile i-Soon (aka Anxun) IOCs from the screenshots of the documents. Thanks to @BushidoToken @AzakaSekai_ @RussianPanda9xx

Stay informed and stay safe.#ISOON #IOC #CTI #Leaks #threatintelligence #CyberSecurity pic.twitter.com/9jn5x6v4CW
— ctiyeewesley (@ctiyeewesley) February 21, 2024

Damn...

"Microsoft Azure Hit With The Largest Data Breach In Its History; Hundreds Of Executive Accounts Compromised"https://t.co/0dFtfVdFat
— The XSS Rat - Uncle Rat ❤️ (@theXSSrat) February 23, 2024

Fast forward to 4.5 years later: https://t.co/8b4riSGaOC https://t.co/sbz2RIaz18
— 🎻 Eric Lawrence (@ericlaw) February 23, 2024

Well, lookie here. When you install @avast_antivirus, it secretly injects this into Chrome's environment block. pic.twitter.com/oSTtCLC51f
— 🎻 Eric Lawrence (@ericlaw) August 9, 2019

                            Don't miss what's next. Subscribe to the grugq's newsletter: