January 31, 2024
January 31, 2024
You probably want to know about the future of mobile phones on the battlefield. You’re in luck! That was the topic for Between Two Nerds this week!
https://risky.biz/BTN65//cdn.vox-cdn.com/uploads/chorus_asset/file/25255994/246965_vision_pro_AKrales_0235.jpg)
Apple Vision Pro review: magic, until it’s not - The Verge
The Apple Vision Pro is supposed to be the start of a new spatial computing revolution. After several days of testing, it’s clear that it’s the best headset ever made — which is the problem.
https://www.bloomberg.com/news/articles/2024-01-29/flood-of-personal-data-makes-life-tough-for-nsa-cia
https://archive.is/wRdWf
Our Cloned Website Canarytoken¹ has caught attackers all over the world.
— Thinkst Canary (@ThinkstCanary) January 30, 2024
Jacobs new CSS Canarytoken² allows this to work when all u can control is ur sites CSS. (It also works a treat to detect AitM phishing on Azure login portals)https://t.co/K3yr1S6ici
__
¹ Free
² Also Free pic.twitter.com/xFgbIuICPI
Out-of-bounds read & write in the glibc's qsort(), @Qualys Security Advisory. https://t.co/BSxmIegJjS
— Open Source Security mailing list (@oss_security) January 30, 2024
For the algorithm lovers: Nontransitive comparison functions lead to out-of-bounds read & write in glibc's qsort().
Do you want to know the truth behind the Sony, Pipeline, and State Farm attacks claimed by RansomedVC? I have the answer from direct engagements with the attackers and now you do too! #RANSOMWARE DIARIES 4 is OUT!👇@Analyst1 https://t.co/DVClTVnokR
— Jon DiMaggio (@Jon__DiMaggio) January 30, 2024
This is the big “Microsoft Azure OAuth AD Hack” collection.
Sketch of interpretation of Midnight Blizzard's attack flow based on @MsftSecIntel's blogpost (had to make a few assumptions, noted in grey).
— Amitai Cohen 🎗️ (@AmitaiCo) January 30, 2024
Big h/t to @cnotin and @EricaZelic for their analysis of this incident (links in thread) and to @LSecResearch for valuable input. https://t.co/wWgxIcYiao pic.twitter.com/iwmVnCyxEL
Midnight Blizzard: Guidance for responders on nation-state attackhttps://t.co/THQGEsai7r
— John Lambert (@JohnLaTwC) January 26, 2024
two additional recommendations to prevent malicious oAuth applications:
— Joe Stocker (@ITguySoCal) January 26, 2024
1) disable ability for users to register applicationshttps://t.co/fOEI1EIYBM
2) route oAuth consents to Admins to reviewhttps://t.co/oit0oeABCF pic.twitter.com/jzfdn5SSTJ
What I think happened in the Midnight Blizzard breach of Microsoft: how could they pivot from the test tenant to the production tenant using a OAuth application? 🤔⤵️https://t.co/GNhJDZeDAZ
— Clément Notin (@cnotin) January 26, 2024
Thread by @cnotin on Thread Reader App â Thread Reader App
@cnotin: What I think happened in the Midnight Blizzard breach of Microsoft: how could they pivot from the test tenant to the production tenant using a OAuth application? ð¤â¤µï¸ microsoft.com/en-us/security⦠"Midnight B...â¦
First, I want to compliment @Microsoft for being forthright with details. Some of the problems I see in this report, I SEE EVERYWHERE due to VULNERABLE DEFAULTS.
— typedef struct _IAMERICA{ (@EricaZelic) January 26, 2024
Let's start with creating malicious OAuth applications. By default, ANY USER can create app registrations and… pic.twitter.com/2BIUzO8xfF
Thread by @EricaZelic on Thread Reader App – Thread Reader App
@EricaZelic: First, I want to compliment @Microsoft for being forthright with details. Some of the problems I see in this report, I SEE EVERYWHERE due to VULNERABLE DEFAULTS. Let's start with creating malicious OAut...…
Great tips as always Erica, if I might pich in https://t.co/LMP7a3709g has all these recommendations and a lot more and its free. Great way to keep up with best practices when it comes to securin Entra ID and M365.
— Jose (@schenardie) January 26, 2024
Good morning! Here's a short post about the things I found when my computer started repeatedly crashing. Didn't fully fix the problem but discovered some fun things on the way: https://t.co/Ya6wb1XRLJ pic.twitter.com/84TRPPRjwD
— Yarden Shafir (@yarden_shafir) January 30, 2024
We have been exploring encrypted keyboards to counter exactly these kinds of threats.https://t.co/n9y78ZR1N5 https://t.co/OE22G1lIVc
— Nitesh Saxena (@saxenaTAMU) January 30, 2024
I’m trying to get a better sense of what Google’s AI scanning in the Messages app actually means for privacy. This article doesn’t really give enough details. https://t.co/8SrOvffD9V
— Matthew Green (@matthew_d_green) January 29, 2024
— cts🌸 (@gf_256) January 31, 2024
Spending all day proving we’re not robots is how the robots will distract us as they take over
— schadenfreude74 (@schadenfreude74) January 30, 2024
"Germany demonstrates passive radar system using Starlink satellite radiation" https://t.co/cZktu84rnB
— KF (@d0tslash) January 30, 2024
Bare metal firmware reverse engineering
— 0xor0ne (@0xor0ne) January 30, 2024
Introduction series by @RagnarSecurity
Part 1: https://t.co/is6MwpHQCy
Part 2: https://t.co/is6MwpHQCy
Part 3: https://t.co/T954DxOcbS#iot #cybersecurity pic.twitter.com/58JxkbWFpp
Bruges in 1500--looks strikingly eukaryotic. It also metabolizes material and energy, has a semipermeable membrane, keeps itself far from thermodynamic equilibrium, integrates information, responds adaptively to threats, and expels waste. Are cities alive? pic.twitter.com/FHQwewce3b
— Peter🌲Brannen (@PeterBrannen1) January 29, 2024
A Practical Guide to PrintNightmare in 2024 | itm4n's blog
Although PrintNightmare and its variants were theoretically all addressed by Microsoft, it is still affecting organizations to this date, mainly because of quite confusing group policies and settings. In this blog post, I want to shed a light on those configuration issues, and hopefully provide clear guidance on how to remediate them.
#BREAKING: The DOJ has indicted an Iranian drug trafficker and a Canadian Hells Angels hitman working with Iranian intelligence to kill two Americans in Maryland.
— Gabriel Noronha (@GLNoronha) January 29, 2024
The Hells Angels member was building a 4-man squad to carry out the killings for $350,000. pic.twitter.com/FBjEIPQVgU
This was an excellent writeup by @thalium_team on exploiting ARM secure world (TrustZone, TEE) on Samsung deviceshttps://t.co/HZ5HA14fpb#trustzone #cybersecurity pic.twitter.com/KLEXraIJH2
— 0xor0ne (@0xor0ne) January 30, 2024
In 2020 a person in Berlin, Germany found this covert tracking & listening device installed in their car. Reportedly, by the #BKA who suspected them of criminal activities. It was installed in Aug. 2019.
— Spy Collection (@SpyCollection1) January 31, 2024
Source: https://t.co/6DeFrwCtY5#Surveillance #Espionage #Germany #Berlin pic.twitter.com/XQ9lxB945t
Breaches aren’t interesting, usually. Except this sort of data set (not the customer list, although that is certainly worrying to those affected) includes pattern of life data that could reveal a lot more.
I find the large amount of pattern of life data available for purchase quite worrying. There are just so many ways it can be used to create surveillance profiles for people. It’s data that we don’t even think about, such as records of Uber trips, hotel stays, insurance, food delivery, travel… and then the vast volumes of data siphoned off apps like location and activities.
If you've ever rented a car via Europcar - your info is likely in a breach that just dropped.
— Matt Johansen (@mattjay) January 30, 2024
The rough part is a lot of these pieces of data aren't easily rotated
Let's look at it:
Let's talk about the OSI model pic.twitter.com/W0K4IXe2vP
— lcamtuf (@lcamtuf@infosec.exchange) (@lcamtuf) January 31, 2024
MySQL's (not very) random number generator https://t.co/CjmLj7zbAa #cryptography
— ringzerø.training && @ringzer0@infosec.exchange (@_ringzer0) January 31, 2024