February 6, 2024
February 6, 2024
Excellent blog post by @sec_consult about reverse engineering custom ASICshttps://t.co/zx4Lr16zxJ#reverseengineering #cybersecurity pic.twitter.com/RFONTjZ2gg
— 0xor0ne (@0xor0ne) February 5, 2024
Vesuvius Challenge 2023 Grand Prize awarded: we can read the first scroll!
Vesuvius Challenge 2023 Grand Prize awarded: we can read the scrolls! | Vesuvius Challenge
The 2000-year-old scroll discusses music, food, and how to enjoy life’s pleasures.
Tomorrow the UK and France will co-host a conference at Lancaster House titled: The Pall Mall Process- Tackling the Proliferation and Irresponsible Use of Commercial Cyber Intrusion Capabilities. Stay tuned for updates over the next two days #pallmallprocess #cybersecurity
— LondonCyber (@LondonCyber) February 5, 2024
I get it that it's a touch more effort to do your homework and determine if a vulnerability is new, or whether it's merely another product affected by an EXISTING vulnerability. But can we at least pretend that we want to follow CVE rules?
— Will Dormann (@wdormann) February 5, 2024
CVE-2024-21893 is merely CVE-2023-36661 https://t.co/Nd9cZZOkSk pic.twitter.com/aD4619ayGt
Well this is timely.
— Will Dormann (@wdormann) February 3, 2024
Ivanti Connect Secure is vulnerable to xmltooling CVE-2023-36661.
How was this handled?
HackerOne assigned CVE-2024-21893 to capture this. 🤦♂️https://t.co/PNU9vzeVDG pic.twitter.com/hR8KQ1Ax0a
Things on a currrent Ivanti VPN box:
— Will Dormann (@wdormann) February 5, 2024
curl 7.19.7 2009-11-04 (14 years)
openssl 1.0.2n-fips 2017-12-07 (6 years)
perl 5.6.1 2001-04-09 (23 years)
psql 9.6.14 2019-06-20 (5 years)
cabextract 0.5 2001-08-20 (22 years)
ssh 5.3p1 2009-10-01 (14 years)
unzip 6.00 2009-04-29 (15 years)
In case you missed it last week: runc, a critical component in the container runtime stack, disclosed a high severity vulnerability.https://t.co/e3qxcSWFEn
— @cpuguy@hachyderm.io (@cpuguy83) February 5, 2024
Make sure to update runc on your system.
Inside the Underground Site Where ‘Neural Networks’ Churn Out Fake IDs
The site, called OnlyFake, threatens to streamline everything from bank fraud to money laundering, and has implications for cybersecurity writ large.
CUT MY LIST IN TWO PIECES
— Corey Quinn (@QuinnyPig) October 7, 2023
THAT’S HOW YOU START QUICK SORT pic.twitter.com/QOYrNogjgC
ICYMI: Our attack path explanation & analysis of the January Microsoft breach:
— Andy Robbins (@_wald0) February 5, 2024
Blog 1: https://t.co/2YbcvyK9el
Blog 2: https://t.co/M98HTrfZi0
Video: https://t.co/SwHi5xdQti
Tomorrow (Feb 6) 9AM Pacific: AMA about this breach in the BloodHound Slack - https://t.co/RMujGtkb3s
I wuz robbed.
— Cory Doctorow @pluralistic@mamot.fr (@doctorow) February 5, 2024
More specifically, I was tricked by a phone-phisher pretending to be my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I figured out what happened. And *then* he tried to do it again, a week later!
1/ pic.twitter.com/xtlHVFufqG
Thread by @doctorow on Thread Reader App – Thread Reader App
@doctorow: I wuz robbed. More specifically, I was tricked by a phone-phisher pretending to be my bank, and he convinced me to hand over my credit-card number, then did $8,000+ worth of fraud with it before I...…
Something to watch: @johnnysaks130 reports that CISA's Joint Cyber Defense Collaborative is losing steam as participants disengage over weak technical staffing and fears of being collateral damage in right-wing attacks on CISA. https://t.co/FWAdovRBLv pic.twitter.com/IimEBjc8uX
— Eric Geller (@ericgeller) February 5, 2024
I'm about 50% done integrating SAILR into angr master: https://t.co/jnHS5ieTmb 🎉
— Zion Basque (@mahal0z) February 5, 2024
P.S.: You can also use angr's decompiler more easily now. Try this out:
```
pip3 install angr && \
angr decompile /bin/true --functions main
```
Amazon is purchasing first-party data based on user activity on websites to address Google Chrome's phase out of third-party cookies. A deal with a publisher Reach. Privacy-proofing that will be a challenge... #GDPR https://t.co/0A3jiK4ziW pic.twitter.com/u4ghsSGaSx
— Lukasz Olejnik, ☕️🥐 (@lukOlejnik) February 5, 2024
I have a friend who has been tasked with conducting DDoS testing (approved as part of a red teaming exercise).
— Jason Haddix (@Jhaddix) February 4, 2024
I suggested https://t.co/T5O1Afw9hr because it's what malicious actors are using in conjunction with freshly purchased SOCKS proxies.
Do you know of any other tools…
CanSecWest Presentation by @kutyacica
— dragosr (@dragosr) February 5, 2024
There Will Be Bugs: Exploiting Basebands in Radio Layer Two pic.twitter.com/7X3p8EAwRZ
Amicus brief by former USG cyber bigwigs in the SolarWinds case, calling for more info sharing by industry with government.
— Ravi Nayyar (@ravirockks) February 6, 2024
Look forward to reading.https://t.co/TWcXPlanzJ
🇲🇲 #Myanmar: Myanmar Border Guard Police (BGP) have been seen fleeing over the border into #Bangladesh as clashes between the Arakan Army and Junta intensify. At least 15 policemen who fled over the border were wounded as a result of ongoing clashes.
— POPULAR FRONT (@PopularFront_) February 6, 2024
(via @tbim6 on IG) pic.twitter.com/JxkFKoCfwC
Finland's National Bureau of Investigation (NBI) identified and arrested an individual by getting his fingerprints ... from a photograph made by a phone.
— vx-underground (@vxunderground) February 6, 2024
Attached image is where they got his fingerprints
More information: https://t.co/E3AXQCqtxo pic.twitter.com/aPcA7dfPko
Start the conversation: