July 17, 2024
July 17, 2024
Excited to publish a new report on a linux kernel eBPF vulnerability. CVE-2024-41003https://t.co/ZfHbgclUtA
— 那个饺子🥟(JJ) (@thatjiaozi) July 16, 2024
We found this (a month ago) with https://t.co/vnmClTCo4r on a friday, had a RCA by monday, working LPE exploit on tuesday and reported it on wednesday.
Hacktivism or just cybercrime? NullBulge is using poisoning-the-well attacks to hit AI enthusiasts and game modders alongside big compenies like Disney, deploying ransomware, and claiming to rebel against AI. Great work by Jim Walter 👇 https://t.co/sTYOz9m9wS
— J. A. Guerrero-Saade (@juanandres_gs) July 16, 2024
Currently exploring some COM stuff – found a cute trick to read registry keys.
— vx-underground (@vxunderground) July 16, 2024
The COM interface expects a WCHAR string (BSTR). But then... it converts it to a CHAR string to invoke RegQueryValueExA pic.twitter.com/3eM7kF0qps
https://x.com/vxunderground/status/1813240797858570543
https://pastebin.com/raw/V1jmkp39Lazarus SIGNBT backdoor 🇰🇵
— Florian Roth (@cyb3rops) July 16, 2024
(when it was first uploaded, only ESET, AhnLab and ClamAV pointed into the right direction) https://t.co/KQaorhwGab pic.twitter.com/z7Y7ZZruzQ
Holy Mother Dragon, what a blogpost about CoreSight.
— Meysam (@R00tkitSMM) July 16, 2024
ARMored CoreSight: Towards Efficient Binary-only Fuzzinghttps://t.co/g3vvtfJEdp
DYK most #VPN services can actually make you less secure? Today @PET_Symposium, Benjamin Mixon-Baca will present research done in collaboration with the Citizen Lab about how VPNs can enable an attacker to act as an in-path router between you and the VPN server. The study… pic.twitter.com/qB89VsfqHQ
— Citizen Lab (@citizenlab) July 16, 2024
Location data from mobile phone apps show the movement profile of intel service staff throughout Germany #BND #BfV. US services are also affected #NSA. 3.6 billion sensitive geodata from a free monthly subscription ... https://t.co/HWDDBzd6wJ
— Le cueilleur (@LCueilleur) July 16, 2024
Google has removed features letting advertisers exclude kids games because toddlers generate tons of accidental ad clicks they get to charge businesses for. pic.twitter.com/0IEwHd5UA4
— SwiftOnSecurity (@SwiftOnSecurity) July 16, 2024
🚨 Sue Mi Terry, a US security expert who had worked on the White House National Security Council, has been indicted on U.S. charges she worked as an unregistered agent for South Korea's government in exchange for luxuries and other gifts, according to a newly unsealed indictment
— Robbie Gramer (@RobbieGramer) July 16, 2024
Indictment outlines the following as Reuters reportshttps://t.co/x0WqoBnFud pic.twitter.com/inwNRiy1yp
— Robbie Gramer (@RobbieGramer) July 16, 2024
Wife’s busy with her gardening (you know you’ve hit peak middle-age when this is very much a thing) so I was left alone finally reading this brilliant report https://t.co/FEiMYTsI9I. pic.twitter.com/l1jI40hJVn
— Daniel Cuthbert (@dcuthbert) July 16, 2024
> Elastic has pushed the defensive industry forward with their anomalous call stack detection logic that is a formidable challenge for modern red team operations.
— Gabriel Landau (@GabrielLandau) July 16, 2024
Thanks for the shout-out! We have plans to make your jobs even harder. 🙂https://t.co/uMVEZABLSW
Happy to share my slides for the #fuzzing summer school at NUS in May in which I covered the topic of expanding the reach of fuzzing beyond well-tested apps (w/ #AFLNet, #GraphFuzz), beyond the crash oracles (w/ #EDEFuzz), and beyond the coverage plateau: https://t.co/8QgrVulrU7.
— Thuan Pham (@thuanpv_) July 17, 2024
webcopilot – All-in-One Web Vulnerability Scanner: Find XSS, SQLi, RCE, and More https://t.co/l3hrKLenWq
— Nicolas Krassas (@Dinosn) July 17, 2024
If you're into beautiful attacks, check out this piece of work by @rskvp93.
— thAI Duong (@XorNinja) July 16, 2024
ProseMirror is a powerful web editor used by the NYT, The Guardian or Atlassian. Its rather complicated design spec is 100+ pages in print.@rskvp93 was like, "Oh the spec has a bug in page 79." https://t.co/P5RwXIwZir
How do we see our future. Content analysis of 200 sci-fi films for decades from 1950's to now. https://t.co/J8y9RY19bX
— Alberto Acerbi (@acerbialberto) July 17, 2024
Indictment outlines the following as Reuters reportshttps://t.co/x0WqoBnFud pic.twitter.com/inwNRiy1yp
— Robbie Gramer (@RobbieGramer) July 16, 2024
The video just went live for my recent @BlueHatIL talk about a new Windows vulnerability class, including an exploit for kernel code execution 👇https://t.co/b1oRjXOKM5
— Gabriel Landau (@GabrielLandau) July 15, 2024
Bug bounties are a scam. They reward low effort spray and pray researchers and punish those who go deep. https://t.co/r3Q2d9V8ac
— Brandon Falk (@gamozolabs) July 15, 2024