January 22, 2025
January 22, 2025
A bug in Cloudflare (and just the nature of how CDNs work) let an attacker learn the broad location of Discord, Signal, Twitter users by just sending them an image, according to a researcher. It works because you check which data center cached the image https://t.co/4rs3pUIeNK
— Joseph Cox (@josephfcox) January 21, 2025
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform · GitHub
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform - research.md
Floats in C are hella weird.
— Maxwell ꓘ Dulin (Strikeout) (@Dooflin5) January 21, 2025
I wrote a C pwnable years ago for exploiting the rounding in floats. However, a student found an crazy unintended solution using NaN that is hilarious. https://t.co/WJgpG1DTGr
NaN Of Your Business - My Favorite Unintended CTF Solution
Floats in C are weird. Floating point number rounding and NaN shenanigans to bypass security protections.
Smart phish via github - email comes from github - issue is created on repo that suspicious activity was detected and to click link to revoke access.
— Dave Kennedy (@HackingDave) January 21, 2025
When you click the link its to give full permissions to that repo.
If you didn't know it was an issue, might accidentally give… pic.twitter.com/ehtiA1VjAK
New USB Army knife release just dropped. With it, support for USB CDROMs so you can become your own evil USB NIC with 100% less FUD - real attack demo soon!
— 丂卄ㄖᗪ卂几 - 👋 crack fingers (@therealshodan) January 21, 2025
Other stuff:
* Lower mem
* Web server is snappier
* Upgraded to latest libs
* New commands to control device settings https://t.co/iKWFX6ymyV
Ross Ulbricht, the creator of the infamous Silk Road, has been pardoned by Donald Trump.
— vx-underground (@vxunderground) January 22, 2025
“The misinfo & disinfo that [CISA] have stubbed their toe into and meddled with should be refocused onto what their job is, and that is to support critical infrastructure … to have the resources and be prepared for those cyberattacks that they will face,” Noem said, calling out…
— Chris Wysopal (@WeldPond) January 21, 2025
“There is no information in information security, comrade.”
DHS has terminated the memberships of everyone on its advisory committees.
— Eric Geller (@ericgeller) January 21, 2025
Includes several cyber committees, like CISA's advisory panel & the Cyber Safety Review Board, which was investigating Salt Typhoon.
That review is "dead," person familiar says.https://t.co/hprXfw7VuA pic.twitter.com/5yjfMYXGaM
Members of the Cyber Safety Review Board were informed they have been dismissed pursuant to a DHS order disbanding all advisory committees.
— Dustin Volz (@dnvolz) January 21, 2025
The board had been in the middle of probing the Chinese hack of U.S. telecoms, a review that now is in limbo and possibly terminated.
BBC News - Man accused of spying for Russia 'spoke to MI5'https://t.co/WkC3J4oUhk
— Dr. Dan Lomas (@Sandbagger_01) January 21, 2025
CDN cache tracking attack: When your device loads Cloudflare content, attacker can check which datacenter cached it to find your location. Works via push notifications on Signal/Discord, no clicks needed.https://t.co/1741Gg2JFO
— Dan Guido (@dguido) January 21, 2025
Weaponizing WDAC: Killing the Dreams of EDR #WeaponizingWDAC #KillDreamsEDR #DefenseEvasion #ActiveDirectoryThreat #LateralMovement https://t.co/ENaB1fvmPE
— reverseame (@reverseame) January 21, 2025
So, folks are understandably freaked out by this but I could also see this being used by content creators to run their photos through BEFORE posting to make sure there ISN’T anything in the photo that can be used to locate them. https://t.co/IffLc2Z0dw
— Aimee Pepper (@artbypep) January 21, 2025
I spent the last month reverse engineering Call of Duty's anti-cheat!
— ssno (@ssnossnossno) January 20, 2025
Blog post here: https://t.co/EBLCtbKU0Z
Reverse Engineering Call Of Duty Anti-Cheat // ssno
I’ve been reversing Black Ops Cold War for a while now, and I’ve finally decided to share my research regarding the user-mode anti-cheat inside the game. It’s not my intention to shame or promote cheating/bypassing of the anti-cheat, so I’ve redacted a few things. To clear up any confusion, Black Ops Cold War does not have the kernel-mode component of Ricochet that Modern Warfare (2019) and later titles have. I’ll be referring to the anti-cheat as TAC (Treyarch Anti-Cheat) as the game I reversed...
— Jack Rhysider 🏴☠️ (@JackRhysider) January 21, 2025
AIGoat - A deliberately Vulnerable AI Infrastructure. Learn AI security through solving our challenges https://t.co/QUkbiLOXtZ
— Panos Gkatziroulis 🦄 (@netbiosX) January 20, 2025
Modal built infra to run user code in a safe and isolated way. Turns out a lot of our users wanted run the code of _their_ users in a safe and isolated way (or, in many cases, LLM-generated code).
— Erik Bernhardsson (@bernhardsson) January 21, 2025
So we built Modal sandboxes, which are GA as of today! https://t.co/taPXf0vAzs
PySQLRecon: Offensive MSSQL toolkit written in Python https://t.co/QDKp9oXknX
— Nicolas Krassas (@Dinosn) January 21, 2025
Great read! Long time no such blog post from MSRC! Love vendors like Microsoft sharing what they have done in solving security challenges automatically and scalably. Could be enlightening to anyone, even for bug hunters like me. https://t.co/knZXWltOj9
— Haifei Li (@HaifeiLi) January 21, 2025
In the last quarter of 2024, Microsoft Threat Intelligence observed developments in the ransomware ecosystem that researchers and defenders should watch for in 2025. 🧵 pic.twitter.com/XuLfUAy6qd
— Microsoft Threat Intelligence (@MsftSecIntel) January 21, 2025
From arbitrary pointer dereference to arbitrary read/write in latest Windows 11: https://t.co/czO0QTfNPA
— ringzerø.training && @ringzer0@infosec.exchange (@_ringzer0) January 21, 2025