February 24, 2025

                February 24, 2025

            February 24, 2025

            February 24, 2025

Looks like BlackHat have added the talks from USA 2024 to YouTube.

Here's @robHerrera_ and my talk on Listen Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretaphttps://t.co/WMi6ROlakE
— Alex Plaskett (@alexjplaskett) February 23, 2025

Three Years of Cyber Warfare: How Digital Attacks Have Shaped the Russia-Ukraine War | @Trustwave examines the dozens of threat groups involved, details how they conduct their activities, the tricks and malware each leverage... https://t.co/6hc4kZoeK1
— 780th Military Intelligence Brigade (Cyber) (@780thC) February 23, 2025

More OpenSSH source code auditing for error patterns identified by Qualys:
Revised CodeQL query "that I think improves accuracy" https://t.co/sTJ17yfGcx
"I also did some semi-manual auditing" (2 grep commands, 2 "uninteresting" bugs found, patches for EL9) https://t.co/OcP77xRusY
— Open Source Security mailing list (@oss_security) February 23, 2025

                  It is no longer safe to move our governments and societies to US clouds - Bert Hubert's writings
The very short version: it is madness to continue transferring the running of European societies and governments to American clouds. Not only is it a terrible idea given the kind of things the “King of America” keeps saying, the legal sophistry used to justify such transfers, like the nonsense letter the Dutch cabinet sent last week, has now been invalidated by Trump himself. And why are we doing this? Convenience.            

A data leak including a document with 7,000+ lines of work logs and code as well as scripts that connect to several 🇨🇳 government hostnames, academic institutions and news sites reveals that 🇨🇳 cybersecurity firm TopSec (北京天融) is likely enabling content moderation for… pic.twitter.com/FmYcgbkKIY
— Byron Wan (@Byron_Wan) February 23, 2025

https://t.co/1HtKIrsagJ This series of blog posts is amazing if you are curious about (part of) the Windows Logon process...
— Andrea Allievi (@aall86) February 23, 2025

Unexpectedly vulnerability discovered in the TCP subsystem of the Linux kernel : https://t.co/axgKxBoNL4  credits @andersonc0d3
— Binni Shah (@binitamshah) February 23, 2025

how did Bybit not realize they getting hacked...

does this answer the question? pic.twitter.com/6LFz9M2rmh
— high_byte (@high_byte) February 23, 2025

The author of this code wrote it as a result of our assembly language lessons:https://t.co/u6MKBb3Xbk

Learn assembly, write code 18x faster than C. https://t.co/K37QW2p87l
— FFmpeg (@FFmpeg) February 22, 2025

I'm pretty sure that we'll see the details of the Bybit attack line up pretty closely with the details in this full public post-mortem from @RDNTCapital on their multi-sig Gnosis Safe wallet w/ Ledger hardware wallets breach from just four months ago:https://t.co/t5d0XshbKO
— Dino A. Dai Zovi (@dinodaizovi) February 23, 2025

Front-end verification of all three multi-signature transactions showed no signs of compromise, aside from Safe App transaction resubmissions due to failures. It is important to highlight that resubmitting Safe transactions due to failures is a common and expected occurrence. Transactions submitted on the Safe front-end can fail due to gas price fluctuations, nonce mismatch, network congestion, insufficient gas limit, smart contract execution errors, token insufficiency, pending transactions, front-end synchronization issues, timeouts, or permission/signature errors in multi-signature setups. As a result, this behavior did not raise immediate suspicion. 

Highlight:

The malicious actors exploited this normalcy, using the process to collect multiple compromised signatures over several attempts, all while mimicking the appearance of routine transaction failures.

https://medium.com/@RadiantCapital/radiant-post-mortem-fecd6cd38081

CredMaster 2.0 passspray tool release! New features like notification alerts, advanced SOC evasion techniques, 8 new plugins and an easy config file. S/O to @ZephrFish for all his contributions in the rewrite
B: https://t.co/tnWU7cGtty
G: https://t.co/JJhk097xlS pic.twitter.com/KEqC6UEF8x
— Ellis Springe (@knavesec) January 23, 2023

                  GitHub - knavesec/CredMaster: Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling - knavesec/CredMaster            

                  Three questions about Apple, encryption, and the U.K. – A Few Thoughts on Cryptographic Engineering
Two weeks ago, the Washington Post reported that the U.K. government had issued a secret order to Apple demanding that the company include a “backdoor” into the company’s end-to-e…            

New video! We cover a very recent (Feb. 2025) espionage event from Ukraine that relied on a GPS tracking device we've presented in the past.https://t.co/HZsy836zm5#Ukraine #Russia #counterintelligence #surveillance
— Spy Collection (@SpyCollection1) February 24, 2025

Chrome Browser Exploitation: from zero to heap sandbox escape by @matteomalvica https://t.co/yiPi6l4YEe
— j j (@mistymntncop) February 24, 2025

Don't miss what's next. Subscribe to the grugq's newsletter: