On the outside, it's just any old briefcase. 💼

But on the inside, it's a secure telephone system used for delivering top secret messages to the then Prime Minster.

Find out how the Brahms was made and subsequently hand-delivered ⬇️https://t.co/xQsFeKcewX pic.twitter.com/2aM6VMC7cQ

— GCHQ (@GCHQ) January 2, 2024

Best get ready for the cyber Pearl Harbour, @ciaranmartinoxf. pic.twitter.com/UuI3KimdOO

— Dr. Dan Lomas (@Sandbagger_01) January 2, 2024

A monumental #vulnerability #research deep dive in 8+ parts by @Claroty ✊

OPC UA Deep Dive: A Complete Guide to the OPC UA Attack Surfacehttps://t.co/uaDDdl7BTjhttps://t.co/qSEMCyqEtN

— raptor@infosec.exchange (@0xdea) January 3, 2024

300 scam centers taken down, over 40,000 people sent back to China as a result of Operation 1027; MNDAA commander Peng Deren’s New Year speech also notes that 3BHA has taken 1000+ POWs, and MNDAA is doubling down on its commitment to topple the military dictatorship. pic.twitter.com/AcYpGMqNMo

— Jason Tower (@Jason_Tower79) January 2, 2024

New from 404 Media: a 13 year old has become the first person in the world to beat the NES version of Tetris. They reached Tetris’ Kill Screen; previously only an AI had achieved this.

“I can’t feel my hands,” he said at one point. https://t.co/WrLLKFgJja pic.twitter.com/OD4oiovEGk

— Joseph Cox (@josephfcox) January 2, 2024

Someone reported a #QuestDB bug in a binary search algo.
The report links to an article by @joshbloch: https://t.co/4uHxHCFGEO
It's almost 20 years old and I still find the story fascinating.

tl;dr: auto mid = (low + high) / 2; may overflow. it's rare -> it goes unnoticed⏱️💣

— Jaromir Hamala (@jerrinot) January 2, 2024

The 2024 edition of our State of #Ransomware report is out. To add to the excitement, it includes commentary from @uuallan and @GossiTheDog. https://t.co/aMQUsuIlg8

— Brett Callow (@BrettCallow) January 2, 2024

As foretold - LLMs are revolutionizing security research: https://t.co/HfvHKclm4r

— lcamtuf (@lcamtuf@infosec.exchange) (@lcamtuf) January 2, 2024

2024 will be the year of linux on the desktop

— John Hammond (@_JohnHammond) January 2, 2024

Possibly my favorite "WW2 US industrial might" story yet.

Plane a little dinged up after a mission? Bulldoze it off the side of the carrier/airbase and get a shiny new one. pic.twitter.com/PXtEnT0y7W

— Sly Tea Jar (@JayGSlater) January 2, 2024

Your wifi is public property! 😂😂 pic.twitter.com/2kzSbFp1ZA

— Alvin Foo (@alvinfoo) January 1, 2024

In April 2017 a KHL hockey coach from Russia found this wireless covert listening device installed in their room at Ice Palace in Saint Petersburg, Russia.

Source: https://t.co/Tlg3XdtIg3#Espionage #Surveillance #Bug #Spy #Russia pic.twitter.com/SMM7dRdRMJ

— Spy Collection (@SpyCollection1) January 3, 2024

THIS is an APT. No "cmd /c net user", just technical capability that's almost indistinguishable from magic pic.twitter.com/ruEhr0Zuaa

— Josh (@passthehashbrwn) December 28, 2023

This is more likely work of an intelligence agency, not an APT. APT is contractor service organized or reporting to the intelligence agencies of a nation-state or an OCG and does not have the same level of bureaucracy with payload delivery. The selective targeting gives it away. https://t.co/uWssWM30hd

— hackerfantastic.x (@hackerfantastic) December 30, 2023

This is a meaningless distinction. In-the-wild discovery and observability don’t entail a difference. Perfect information or leaks tell when we are dealing with a high-end contractor or an in-house shop but the difference in intent or m.o. is not inherent in the positioning. https://t.co/fm09KVltW9

— J. A. Guerrero-Saade (@juanandres_gs) January 3, 2024

APT was literally coined for Chinese military intelligence cyber operations. It describes a type of threat class — those who are capable and mission driven. Thats it.

They are capable (“advanced”)
They have purpose/mission (“persistent”)
They are active (“a threat”) https://t.co/ecvDfusydH

— thaddeus e. grugq thegrugq@infosec.exchange (@thegrugq) January 3, 2024

By combining #Frida with an enhanced version of #Tenet, #Frinet facilitates the study of large programs, #vulnerability #research and root-cause analysis on iOS, Android, Linux, Windows, and most architectures. 🤩 https://t.co/xW5yWciHk8https://t.co/O5t0IaolUU

— raptor@infosec.exchange (@0xdea) January 2, 2024

i have never been so disappointed in all of my life pic.twitter.com/iQmNz4IIRV

— Uncle Duke (@UncleDuke1969) May 26, 2021

The fact that people today feel comfortable looking back at Y2K and laughing is because enough people took the problem seriously and fixed it before anything catastrophic could occur.

It was a real problem, fixing it took real work. Even if many just remember it as a joke. 🧵

— Librarianshipwreck (@libshipwreck) January 1, 2024

The third edition of my Security Engineering texbook will be freely available for download later this year, 42 months after publication. We did that with the first and second editions too, and in each case it increased sales of the paper book! https://t.co/PSnvpt1ivv https://t.co/pKX2NbZaUR

— Ross Anderson (@rossjanderson) January 1, 2024

Basic introduction to patch diffing in Ghidra by @qkaiser
(Cisco RV110W)

Part 1: https://t.co/V75JrLhRUl
Part 2: https://t.co/xarGXBnfMd#reverseengineering #patch #cybersecurity pic.twitter.com/yDLzZ86giZ

— 0xor0ne (@0xor0ne) January 2, 2024

Excellent introduction to Linux kernel exploitation by @k3170Makan

Debugging with QEMU: https://t.co/MFkoXhjCXP
Stack Overflows: https://t.co/E6meVjl5ub
RIP control: https://t.co/mIdgQs4F0f#cybersecurity #Linux pic.twitter.com/cHg2xiFGFg

— 0xor0ne (@0xor0ne) January 2, 2024

I wrote a long piece on how ransomware & the response to it is evolving. Western states, seemingly led by Five Eyes countries, are making more aggressive use of sanctions and offensive cyber operations against ransomware groups. What effect is that having? https://t.co/ydxfOgDYwA

— Shashank Joshi (@shashj) January 1, 2024

A CourtWatch & ⁦@404mediaco⁩ scoop - ‘The alleged mastermind of a massive, nationwide Airbnb scam whose exploits were first detailed in a viral article which then led to sweeping policy changes at company has been charged, according to court records. https://t.co/FB4nM9C0L9

— Seamus Hughes (@SeamusHughes) January 2, 2024

#redteamtips pic.twitter.com/Zzvr1dJu72

— spencer (@techspence) January 2, 2024

The rumour mill in the elite circle is that senior PLAARF officers gave the US the entire Chinese strategic weapon blueprint and battle plans.

This is estimated to have set the Chinese back 20 years and hundreds of billions of dollars at a time they can least afford it. https://t.co/gAwpkl5XdP

— (@ReturnYueFei) January 2, 2024

When Charles II tried to ban coffeehouses in 1675, he was correct that they were facilitating new information flows which were exploitable by threat actors against national security.
In 1688, the Dutch used this vuln to persuade lords to politely invite them to invade England. https://t.co/iu40ajeNNK pic.twitter.com/I2OlFBPbGr

— davidad 🎇 (@davidad) January 2, 2024

Here's the story of another technology that faced massive backlash in its time that will sound very familiar to today's battles over #AI.

Coffee.

a thread. pic.twitter.com/RqUm4qwCGS

— Daniel Jeffries (@Dan_Jeffries1) December 31, 2023

Kid has taken her rings off to eat mcnuggets. My line "it's like someone killed a hedgehog" has not been well received. pic.twitter.com/MavvCY8zzv

— 2024 edition (still pointless) (@DismalChips) January 2, 2024

this platform remains undefeated pic.twitter.com/sHQ3lfOlGg

— gaut (@0xgaut) January 2, 2024

Welcome to my 2023 Irreverant Red Team TTP Wrap Up (Trends, Trolls, Predictions)

It's likely some of these will ruffle feathers, but hackers break things right? 😁

🧵👇

— Jason Lang (@curi0usJack) January 2, 2024

There is an orchid called the Gomesa Jiaho Queen Orchid, and this is what it looks like pic.twitter.com/wDnffuGHBZ

— Science girl (@gunsnrosesgirl3) January 1, 2024

As promised: Here's the first $10,000 @Intel bug (aka CVE-2022-33942) that allows to bypass the authentication of Intel's DCM by spoofing Kerberos and LDAP responses.

Exploit inside, enjoy 🥳https://t.co/PmK0Xq2T4o#BugBounty #security

— Julien | MrTuxracer 🇪🇺 (@MrTuxracer) November 23, 2022

kfd, short for kernel file descriptor, is a project to read and write kernel memory on Apple devices: https://t.co/wR7MSxdQ5L

— p0up0u (@p0up0u) July 21, 2023

I’m in Wensleydale and I’d like to show you the most amazing water bottle pic.twitter.com/7VqwvjBz7x

— Duncan McKay (@DuncMcKay) January 2, 2024

Hidden gem in @DonnchaC's #37C3 talk on Predator spyware: state actors could generate @letsencrypt certificates for any website by using their MitM capabilities at ISP level to complete verification challenges (both HTTP and DNS I expect).

CT may be the only way to detect this.

— Ivan Kwiatkowski (@JusticeRage) January 2, 2024

Welcome OpenVoice! 🎙️

A versatile voice cloning approach that requires only a short audio clip from the reference speaker to replicate their voice and generate speech in multiple languages.

Open access weights 🔥

It enables granular control over voice styles, including… pic.twitter.com/iyCx3tABu8

— Vaibhav (VB) Srivastav (@reach_vb) January 2, 2024

After the discovery of child abuse imagery within AI training data, my new piece for Tech Policy Press suggests that policymakers & the media aren’t listening to the right people when defining the risks of generative AI: https://t.co/9EERVE4e59 #ai #policy

— Eryk Salvaggio (@e_salvaggio) January 2, 2024