January 15, 2024
January 15, 2024
Wild that the Senate Armed Services Committee, in its questions to Pete Hegseth, asked him whether Salt Typhoon was an act of war: https://t.co/FEzxYSVgpb
— Sean Lyngaas (@snlyngaas) January 14, 2025
6 critical vulnerabilities in rsync
https://www.openwall.com/lists/oss-security/2025/01/14/3Keeping the blog alive. For people who may be unaware, you can embed a file in a C/C++ program without needing to make a giant byte array in a header file for it. Kind of went a little bit overboard on the detail with this lol but it's pretty useful https://t.co/27ZWBMAAmR
— Matt Ehrnschwender (@M_alphaaa) January 13, 2025
Embedding Files in C/C++ Programs - Cybershenanigans Blog
Background Recently, I came across a post on X by @0xTriboulet asking how to deal with large header files in Visual Studio projects https://x.com/0xTriboulet/status/1878139439714558169. intelligence intellisense Based on this post and the rest of the thread, I assume that they were attempting to insert the binary data from a file in their program by converting it into a large C byte array and then pasting that array into a header file.
🇰🇵In parallel to @Cyberteam008 post, here's an intriguing look at how Willo has been leveraged to enhance credibility in #Lazarus' job interview campaigns. #APT #CTI #OSINT #APT38 https://t.co/CIQ5ogUOYp pic.twitter.com/mdo0isAbM8
— _eremit4 (@_eremit4) January 13, 2025
The new FaviHunter release (v1.2.0) is here! 🎉
— _eremit4 (@_eremit4) January 13, 2025
🔗 PyPI: https://t.co/7sVNxnUQs9
🔗 GitHub: https://t.co/TDWrmCCMh8
https://t.co/QGsBQ6bNa8
— MatheuZ (@MatheuzSecurity) January 13, 2025
Today an article was released that I wrote together with @humza4776466746 about Linux Kernel Rootkits, in it we talk about several very interesting things, feel free to read our article and share.#rootkit #linux #kernel #ebpf
Russian ISP confirms Ukrainian hackers "destroyed" its network
https://www.bleepingcomputer.com/news/security/russian-isp-confirms-ukrainian-hackers-destroyed-its-network/"Dear subscribers! Last night, an attack was carried out on our infra (presumably from Ukraine). The network has been destroyed. We are restoring it from backups," Nodex said. "There are no timelines or forecasts at the moment. Our priority is to first restore telephony and the call center."
NEW: I looked into how Barcelona became an unexpected hotbed for spyware startups in recent years.
— Lorenzo Franceschi-Bicchierai (@lorenzofb) January 14, 2025
There are now companies led by Israelis, French, and Italian security researchers. We name some in the article.
Some people in civil society see this as a concerning development.
Full story, based on interviews with people who work in the offensive cybersecurity industry, as well as business records, is here: https://t.co/hXLYknerT9
— Lorenzo Franceschi-Bicchierai (@lorenzofb) January 14, 2025
After an embargo of 8 months, we are glad to finally share our USENIX Security '25 paper! We found more than 4 MILLION vulnerable tunneling servers by scanning the Internet.
— Mathy Vanhoef (@vanhoefm) January 14, 2025
These vulnerable servers can be abused as proxies to launch DDoS attacks and access internal networks. pic.twitter.com/Yk73kpKljj
We investigated the owners of some of these vulnerable tunneling servers. This revealed that notable domains, such as Facebook’s content delivery network (CDN) and Tencent’s cloud services were affected. The home routers of some national ISPs were also affected. pic.twitter.com/E7i6CSqc8n
— Mathy Vanhoef (@vanhoefm) January 14, 2025
For more info, including the full demo video, see the article that @simonmigliano wrote: https://t.co/yMDgXxV690
— Mathy Vanhoef (@vanhoefm) January 14, 2025
IT admins can request access to our code to test servers (code is not yet public to prevent abuse): https://t.co/nM3obXtEtH
Academic paper: https://t.co/tPNgtadbto
Good, delete all the CCP stuff from the government PCs.
— Dio3333 (@ZX495239) January 14, 2025
The general feeling I get from reading the declassified MI5 files today is that working at MI5 in the 1950s involved sending vast amounts of utterly pointless and tedious memos. https://t.co/xGkE6jEgzV pic.twitter.com/AcioTG339Y
— Shashank Joshi (@shashj) January 14, 2025
The former US embassy in the city centre of Ankara in Turkey (1995). Shots of #SIGINT sheds on the roof. Highly sensitive monitoring equipment was hidden inside. The embassy was conveniently located around 500 metres from the Turkish parliament buildings 1/2 pic.twitter.com/HKyYNYwJjT
— Le cueilleur (@LCueilleur) January 14, 2025
Revealed: MI5’s 17-page guide to being a spy
— Michael Smith (@MickWSmith) January 14, 2025
This first appeared as an appendix to my book The Spying Game. Ironically, I had obtained it from the SVR archives! https://t.co/yVp0y5DMjY
MI5 spy handbook in full | DocumentCloud
MI5 spy handbook in full
Foreign intelligence services routinely target people online by posing as head-hunters, consultants, government officials, academics, and researchers. Here's what an actual Direct Message approach looks like, courtesy of the Australian Security Intelligence Organization. pic.twitter.com/BQ7UklYzq5
— NCSC (@NCSCgov) January 14, 2025
Tom Lyon ✅: "I am pleased to announce the availability of scan…" - Mastodon
Attached: 2 images I am pleased to announce the availability of scans of a 1971 DRAFT version of Aho & Ullman's "Theory of Parsing, Translation, and Compiling" (1972) Enabled by the kind permission of the authors - Turing award winners Drs. Al Aho and Jeff Ullman, whom I've been privileged to know... /
Tom Lyon ✅: "And the fact that my eldest brother David took Ul…" - Mastodon
Attached: 2 images And the fact that my eldest brother David took Ullman's class in 1971 and held onto these class handouts. Sadly, the scans are incomplete, we have only chapters 1-7 and 9. Not sure how these correspond to the ultimately published 2 volumes. / Directory on Google Drive: https://drive.google.com/drive/folders/18gK1ZESYmiNpIlm1qwkmL7sLY3_b6or6?usp=sharing
Tom Lyon ✅: "These volumes evolved into 1977's "Principles of …" - Mastodon
Attached: 4 images These volumes evolved into 1977's "Principles of Compiler Design" - the famous "Dragon Book", and continued to evolve through more titles and editions until today. Hugely influential.
Yuki just got finished doing a red team assessment on hiring fake remote workers, essentially targeting the 1st party hiring process for several AI & crypto companies.
— UwU-Underground (@uwu_underground) January 15, 2025
She wanted to share some stats:
7 companies tested
6 did not flag the fake remote workers documents or…
