January 21, 2024
January 21, 2024
No, you’re freaking out because it’s already three weeks into 2024!
Hans reiser on the removal of Reiserufs
https://lore.kernel.org/lkml/b98b29cf-27d9-49e0-b10b-1848399badfd@kittens.ph/T/#u
Dave Aitel on CISA’s Secure By Design
Dave Aitel: "Here is my draft initial essay on Secure By Desig…" - Mastodon
Here is my draft initial essay on Secure By Design/Secure By Default #CISA #essays . Feel free to comment on it. @thedarktangent@defcon.social @boblord@infosec.exchange https://docs.google.com/document/d/1s__73KUZgZQnbV-24PdduJKcy8pxbbN5e5oaGpzSPe8/edit?usp=sharing
Looks like I accidentally killer s.o 0day (: . Probably not the best idea to drop the write-up just days after the patch, especially since most folks haven't updated yet. https://t.co/irS3mMvFvu
— Suto (@__suto) January 20, 2024
Well done on some awesome research @n30m1nd @sherl0ck__ !! Keep tackling those hard targets!https://t.co/Ka89BplXla#chrome #Exploit #vulnerabilityresearch
— Exodus Intelligence (@XI_Research) January 19, 2024
Wrote a CodeQL query to find interesting objects for Linux kernel heap exploitation. Will add more predicates to find more interesting things soon 😁 https://t.co/IIZbZqEHkF
— Jordy Zomer (@pwningsystems) January 19, 2024
Please do reach out if you have more ideas!
I made the struct thing a dashboard! https://t.co/BtwcyI4Jc6 https://t.co/OI6l3zZ89a
— Eduardo Vela (@sirdarckcat) January 20, 2024
Someone on my stream mentioned CET bypasses. To date, I've only seen this done by avoiding ROP, such as mentioned here using RPC: https://t.co/Mc48lx3CoB
— Stephen Sims (@Steph3nSims) January 19, 2024
If someone has seen a different way, please share if public.
@yarden_shafir covers this in her OffensiveCon talk (9:35)https://t.co/7MfpUnm15A
— Jael Koh (@_jaelkoh) January 20, 2024
https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/
Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents. The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself.
Nice counterintelligence work.
https://t.co/0l6S9cyErP That's one way to handle a massive vuln
— Brad Spengler (@spendergrsec) January 18, 2024
At @assetnote, we focused on building a comprehensive set of exploits for the recent Ivanti Pulse Connect Secure vulnerabilities (CVE-2023-46805 & CVE-2024-21887. We found an additional auth bypass payload that works on older versions of the software: https://t.co/4BHwNDFN3V pic.twitter.com/nLgknkeOdm
— shubs (@infosec_au) January 19, 2024
LLVM-Yx-CallObfuscator: An LLVM plugin to transparently apply stack spoofing and indirect syscalls to Windows x64 native calls at compile time. https://t.co/1VEOPGumjL
— yxel (@httpyxel) January 17, 2024
Are you looking to build a hardware hacking lab? Check out our guide here!https://t.co/QsPQ9yU2tF#hardware #reverseengineering
— VoidStar Security LLC (@voidstarsec) January 18, 2024
New malware from 🇷🇺 with ❤️, COLDRIVER deploying a custom tool, SPICA, in small number of targeted campaigns. Great write up from @wxs @auroracath and @Google TAG. actor to keep an 👁️ on moving into 2024!https://t.co/0rzO3EYRGF
— billy leonard (@billyleonard) January 18, 2024
To date I've already written 644 pages to help the security community and, hopefully, more articles will be released in the coming months:
— Alexandre Borges (@ale_sp_brazil) January 17, 2024
9. https://t.co/yKH5ockWuw
8. https://t.co/2Hv0XLMuqU
7. https://t.co/V3rw0gSZfu
6. https://t.co/7WKSDijTIb
5. https://t.co/JMqvn2wK67
4.… pic.twitter.com/yw6xGq0nUY
Useful collection of resources related to industrial network protocolshttps://t.co/oEr0NFctVq#industrial #infosec pic.twitter.com/4hxnxZtSJK
— 0xor0ne (@0xor0ne) January 20, 2024
https://research.myshell.ai/open-voice
Ukraine's 'Blackjack' Hackers Breach 500 Russian Military Sites, Cause Chaos https://t.co/M79ODEN4ru
— Dr. Dan Lomas (@Sandbagger_01) January 21, 2024
The group, dubbed "Blackjack", which has previously been linked to the Security Service of Ukraine (SBU), hacked into a Russian state enterprise involved in construction work for President Vladimir Putin's military. Blackjack was able to obtain more than 1.2 terabytes of classified data.
They hacked a construction company and pulled all the data on location, layout, etc etc. then they deleted all of it.
This is far more interesting than the last three hacks that Ukraine took credit for. This is possibly the first actually militarily significant hack of the war (by Ukraine, that has been publicly reported)
In 2017, HMRC (the UK's tax authority) came up with a new law that was meant to help officials crack down on corporate tax evasion …
— The Bureau of Investigative Journalism (@TBIJ) January 21, 2024
But how many companies have been charged since then?
Turns out it’s zerohttps://t.co/ryazaM78oc
Parcel delivery firm DPD have replaced their customer service chat with an AI robot thing. It’s utterly useless at answering any queries, and when asked, it happily produced a poem about how terrible they are as a company. It also swore at me. 😂 pic.twitter.com/vjWlrIP3wn
— Ashley Beauchamp (@ashbeauchamp) January 18, 2024
#SpyNews - week 3 (January 14-20):
— Spy Collection (@SpyCollection1) January 21, 2024
A summary of 104 espionage-related stories from week 3 coming from 🇹🇷🇮🇱🇮🇷🇾🇪🇬🇧🇨🇳🇺🇸🇺🇦🇷🇺🇳🇬🇫🇷🇷🇸🇦🇱🇩🇰🇮🇶🇳🇮🇧🇾🇸🇴🇵🇱🇰🇪🇸🇩🇳🇱🇷🇴🇦🇪🇬🇷🇭🇰🇰🇵🇫🇮🇪🇪🇪🇸🇦🇺🇱🇧🇩🇪🇨🇾🇹🇼🇵🇰🇮🇳🇰🇷🇵🇭🇨🇦🇨🇭🇦🇪🇮🇹🇬🇭🇨🇮🇳🇪🇧🇫 https://t.co/x6Emw687js#Espionage #OSINT #HUMINT #SIGINT #Spy