Lmfao imagine being an Imperial Japanese conscript ordered to forage because the Americans keep sinking all the supply ships while US sailors are getting two cans of beer per day and they have barges dedicated to making ice cream https://t.co/m35RS1uzE5

— Sam (ABeardedPanda) (@ABeardedPanda) January 24, 2024

Today is Beer Can Appreciation Day! During WWII, the U.S. Navy tried to have enough beer at all installations to give each sailor two cans a day. With rapid demobilization following V-J Day, the beer supply piled up to the point that there was enough to give each sailor 92 cans a… pic.twitter.com/klAvqgcBoE

— U.S. Naval Institute (@NavalInstitute) January 24, 2024

I present to you, the unshootable plane. pic.twitter.com/VdXhrbVq1W

— Lachlan Phillips e/👾 (@bitcloud) January 25, 2024

In Indonesia generative AI/deepfake tech has been used to "resurrect" a former (late) president/dictator Suharto. Elections next month. The video was posted by a politician from Suharto's party. "Suharto" called to vote on the party (he's dead since 2008) https://t.co/GwlVbHO1O7 pic.twitter.com/C02Lg7ks2B

— Lukasz Olejnik, ☕️🥐 (@lukOlejnik) January 22, 2024

Stay humble, you are someone's weird coworker.

— Granite Man 🏴󠁧󠁢󠁳󠁣󠁴󠁿 (@GraniteDhuine) January 22, 2024

for those who missed the context of this week's drama in the Russian-speaking criminal underground community pic.twitter.com/TV5frKMCWV

— 𝕯𝖒𝖎𝖙𝖗𝖞 𝕾𝖒𝖎𝖑𝖞𝖆𝖓𝖊𝖙𝖘 (@ddd1ms) January 25, 2024

This story is wild: a teenager joked in a private group chat “On my way to blow up the plane (I'm a member of the Taliban).” Message was intercepted over airport WiFi, reported to Spanish intel which scrambled jets, he’s now on the hook for $120k pic.twitter.com/CBVqzT9hcr

— Cate Hall (@catehall) January 25, 2024

Brazilian police raid Bolsonaro ally’s home over illegal spying allegations https://t.co/MhU6qHScNu

— Dr. Dan Lomas (@Sandbagger_01) January 25, 2024

Alternatively.... I would work under the understanding that this is not going to be the last huge bug in SharePoint....so consider the idea that patched systems are also vulnerable and should not be exposed to untrusted users. https://t.co/eJrKyLTnKi

— Dave Aitel (@daveaitel) January 25, 2024

CISA recently issued a warning that threat actors are exploiting a critical Microsoft SharePoint Server vulnerability in the wild. Although the #vulnerability was patched in June, unpatched systems can still be exploited. Patch now! Read more: https://t.co/fVUPstoYrm #infosec

— Sherri Davidoff (@SherriDavidoff) January 25, 2024

ASLRn’t: How memory alignment broke library ASLR https://t.co/xSS9qWkoZw

— ringzerø.training && @ringzer0@infosec.exchange (@_ringzer0) January 25, 2024

What’s most pernicious about scientific fraud is that, while it’s relatively rare in absolute terms, every bad act empowers the know-nothings of the world to dismiss the work of thousands of honest scientists. pic.twitter.com/77XsIEKVPf

— Matthew Green (@matthew_d_green) January 24, 2024

As an aside, I used to work in an industry research lab. For those who think science is flawed because “academic incentives”, sure maybe. But I watched dozens of brilliant researchers get laid off by industry because it had zero incentive to fund them. Go fix that.

— Matthew Green (@matthew_d_green) January 25, 2024

That’s a wrap for Day 2 of #Pwn2Own Automotive. We’ve already awarded over $1,000,000 in prizes this week (¥150 million!) Tune back in tomorrow here or at the ZDI blog for the final day of the contest! Here are the current standings leading into the final day: pic.twitter.com/BZ5jopem9X

— Zero Day Initiative (@thezdi) January 25, 2024

Notepad.exe is working on sandboxing, this is a moment in my career.

— David Weston (DWIZZZLE) (@dwizzzleMSFT) January 25, 2024

for the past 8 months, my team at @trailofbits has been building a new, pure-Rust X.509 validator for the Python ecosystem, and we're announcing it today!

read more here: https://t.co/z1kgxf4KJb

— William Woodruff (1.3.6.1.4.1.55738) (@8x5clPW2) January 25, 2024

Leaks and Revelations: A Web of IRGC Networks and Cyber Companies https://t.co/DvsdglEvAu

— switched (@switch_d) January 25, 2024

Analysis of the execution flow of a MSF Meterpreter payload
Great research work by @DaniLJ94

Slides: https://t.co/eemNi4h65Z#redteam #infosec pic.twitter.com/qWLsBQPS8S

— 0xor0ne (@0xor0ne) January 25, 2024

Interesting article on the CSAM detection software offered by Thorn. Despite public claims to the contrary, it apparently requires sending plaintext to servers, since the use of homomorphic encryption is too expensive. https://t.co/QyfvtZjuRu pic.twitter.com/pxyiECnfrM

— Matthew Green (@matthew_d_green) January 25, 2024

Another detail: the false positive rate for CSAM images is 1 in 1000 (99.9% accuracy) which sounds good. But in practice means vast numbers of false positives, given the huge volume of images being transmitted. pic.twitter.com/dg1RZ2bceB

— Matthew Green (@matthew_d_green) January 25, 2024

inside .githttps://t.co/EgXbXrvDoD pic.twitter.com/KmoJuiOt5E

— 🔎Julia Evans🔍 (@b0rk) January 24, 2024

A few days ago folks were speculating whether the SVR's email stealing intrusion at Microsoft was really as bad as MS's filing with the SEC/blog post made it sound to some of us.

It's not.

It's even worse: https://t.co/uIY6QoD9II pic.twitter.com/Is334Ayl3Y

— Brian in Pittsburgh (@arekfurt) January 26, 2024

Additional analysis from the Microsoft Threat Intelligence teams from our ongoing analysis and investigation of the Midnight Blizzard activity, includes guidance for defenders and relevant TTPs - https://t.co/YLum8MFXgP

— Matt Zorich (@reprise_99) January 26, 2024

getting gpt to draw a grandfather without a beard is, apparently, impossible pic.twitter.com/wxIZguuKTj

— rob (@rob_mcrobberson) January 24, 2024

New impact from 404 Media: YouTube deletes 1,000 videos of in which Taylor Swift, Steve Harvey, and Joe Rogan pitch Medicare scams. Comes after we reported the practice, which was operating at a massive scale. Many still remain.https://t.co/hXcI69tHdm pic.twitter.com/qPaRev3ZK6

— Joseph Cox (@josephfcox) January 25, 2024

Two new 1950s comics aimed at young women added to the collection at https://t.co/k5ppYzHTse ("Confessions of the Lovelorn #56: Communist Kisses!" and "Girls in Love #54: My Wrong Boyfriend"). pic.twitter.com/6EIUUVsKEB

— lcamtuf (@lcamtuf@infosec.exchange) (@lcamtuf) January 26, 2024

We hebben een serieus probleem https://t.co/yClhHmgwTv

— thaddeus e. grugq thegrugq@infosec.exchange (@thegrugq) January 26, 2024

A new OAuth app created by the intruder gets approved by a new user account created by the intruder and gets given rights to access all email accounts at MS by a test account.

😞

— Brian in Pittsburgh (@arekfurt) January 26, 2024

My last message before my Slack was deactivated pic.twitter.com/WXc7bAYfn8

— Jorge Murillo 💙 (@TheHornetsFury) January 25, 2024

First, I want to compliment @Microsoft for being forthright with details. Some of the problems I see in this report, I SEE EVERYWHERE due to VULNERABLE DEFAULTS.

Let's start with creating malicious OAuth applications. By default, ANY USER can create app registrations and… pic.twitter.com/2BIUzO8xfF

— typedef struct _IAMERICA{ (@EricaZelic) January 26, 2024

Following a requirement to be compatible with EU Digital Markets App, users on iOS/iPad will be able to use web browsers of other vendors (only in EU). So far it was only Safari/WebKit - even if the user used a different browser, the engine was the same. https://t.co/2HHgG4VJBH pic.twitter.com/76rOU4jpjJ

— Lukasz Olejnik, ☕️🥐 (@lukOlejnik) January 26, 2024

The security and privacy requirements are the key here. Security management (prompt vulnerability fixes). The entitlement is available only to web browsers blocking third-party cookies (etc. - this is a good decision!). So soon to all web browsers. https://t.co/ToyotXfauI pic.twitter.com/P973ql0Lh3

— Lukasz Olejnik, ☕️🥐 (@lukOlejnik) January 26, 2024

The interesting consequence is that web browsers that won't phase out third-party cookies won't be eligible to be installed on iOS/iPhone/iPad/etc. What a coincidence, eh? Stakes just went up. https://t.co/O1U8mq6JRB

— Lukasz Olejnik, ☕️🥐 (@lukOlejnik) January 26, 2024