Jan 8, 2023

                            January 8, 2023

                Jan 8, 2023

                        (On a personal note, I just want to say how proud I am to have not sent out a newsletter with 2022 in the date.)

-
Rory Cormac @RoryCormac
Remarkable story this.
By way of comparison, MI6 had a secret slush fund chest” after WW2. Rather than investing it in a notorious conman and losing it all, they just spent it on covert ops…Far more boring 

france24.comThe con artist and the WWI war chest: How the French secret service wound up in a blackmail scandalIt has all the elements of the perfect spy novel – a secret war chest, an immoral businessman and daring blackmail attempts. An explosive investigative report on Wednesday blew the lid off of what may be…1:34 PM ∙ Jan 7, 2023
27Likes9Retweets
-
raptor @0xdeaNice comprehensive #vulnerability #research writeup on #googlehome 

Turning Google smart speakers into wiretaps for $100k

downrightnifty.meTurning Google smart speakers into wiretaps for $100kI was recently rewarded a total of $107,500 by Google for responsibly disclosing security issues in the Google Home smart speaker that allowed an attacker within wireless proximity to install a “backdoor” account on the device, enabling them to send commands to it remotely over the Internet, access…8:55 AM ∙ Jan 8, 2023
10Likes5Retweets-
-
Interesting concept. China’s weird approach to Covid means that they’re now losing a huge swathe of their intellectual capital. 

https://www.scmp.com/news/china/science/article/3205736/top-engineers-and-scientists-dying-unprecedented-rate-china-after-lifting-covid-controls

-
Wild Geerters @steinkobbe
The Romanian authorities have wiretaps of Andrew Tate saying "I'm making money from doing crimes" and his defenders are still going to be like they got him because he was exposing the feminist agenda 
9:00 PM ∙ Jan 7, 2023
3,502Likes557Retweets
-
Longhorn @never_released
Another very interesting ML licensing situation:

- code is Apache2: great
- license for the parameters is custom and contains:

> You will not use the Software for any act that may undermine China's national security and national unity [...]

in the license. 
Andy Chen @AndyChenML1/ GLM-130B outperforms OpenAI's GPT-3 175B and Google's PALM 540B on critical benchmarks.

AND it's open sourced, which means — you can run this model on your own machine, for free. https://t.co/K5xKrh4wL0
10:26 PM ∙ Jan 7, 2023
104Likes29Retweets
-
steven monacelli @stevanzetti
Running from DPD? Here's what you need to do to out maneuver the average Dallas police officer. 
11:52 PM ∙ Jan 6, 2023
10,121Likes855Retweets
-
Hurt CoPain @SaeedDiCaprio
my life is a movie 
5:40 AM ∙ Jan 8, 2023
3,232Likes165Retweets
-
Andrey Fedotov @anfedotoffCASR is open-sourced: github.com/ispras/casr
Triage crashes, estimate their severity, and collect reports
cargo install casr
#rust #fuzzing
github.comGitHub - ispras/casr: Collect crash reports, triage, and estimate severity.Collect crash reports, triage, and estimate severity. - GitHub - ispras/casr: Collect crash reports, triage, and estimate severity.3:03 PM ∙ Oct 21, 2022
22Likes5Retweets
-
femb✦t @__femb0t
“Make better choices” 
2:48 AM ∙ Jan 5, 2023
153,419Likes13,976Retweets
-
Gi7w0rm @Gi7w0rmThe #TabShell #vulnerability has dropped. Its a form of #PriviligeEscalation which allows breaking out of the redtricted Powershell Sandbox after you have successfully gained access through #OWASSRF .

For a detailed write see this blogpost: 
blog.viettelcybersecurity.com/tabshell-owass…
#Exchange
blog.viettelcybersecurity.comThe OWASSRF + TabShell exploit chainWe see that one of our vulnerabilities is exploited in the wild Link. So we decided to public the detail analysis of our two bug chains. Any customer has enough information to mitigate these bugs. The vendor also released all patches a week ago. This blog post shares the detail7:58 AM ∙ Jan 6, 2023
114Likes53Retweets
-

                            Don't miss what's next. Subscribe to the grugq's newsletter: