July 19, 2024
July 19, 2024
Another research (from Trento colleagues @marcotonin @brulepri @mtizzoni) suggesting that offline partisan isolation, both considering physical encounters or residential sorting, is higher than online segregation.https://t.co/ZFFA362GJY pic.twitter.com/8HztsoDPnt
— Alberto Acerbi (@acerbialberto) July 18, 2024
Hey @CrowdStrike Can you guys maybe review/pull this latest patch you released? We're seeing BSOD Org wide that are being caused by csagent.sys, and it's taking down critical services. I'll open a ticket, but this is a big deal.
— Kevin McCurdy (@McCurdy1987) July 19, 2024
Just to follow up -- no official confirmation yet but my understanding is government is treating the widespread computer outages as an a error from an update to a popular cybersecurity software. No evidence so far to suggest it's anything nefarious.
— cameron wilson (@cameronwilson) July 19, 2024
CrowdStrike code update bricking Windows machines around the world
https://www.theregister.com/2024/07/19/crowdstrike_falcon_sensor_bsod_incident/abadidea: "I see the infosec industry has finally achieved s…" - Infosec Exchange
I see the infosec industry has finally achieved security once and for all by shutting down every workstation connected to the internet
lol
You wouldn't see this with any of our products (just sayin.) 🤷 pic.twitter.com/39veWooFio
— Kaspersky (@kaspersky) July 19, 2024
A Certificate Authority has mis-issued a bunch of certificates and is refusing to revoke them, breaching the CABF Baseline Requirements. I hear you think “what’s new Scott?”, but, here are the reasons provided by the CA on why they won’t revoke the certificates: pic.twitter.com/argJz1a02C
— Scott Helme (@Scott_Helme) July 17, 2024
A detailed analysis from @ret2systems of vulnerabilities CVE-2024-26003 and CVE-2024-26005 in Phoenix Contact CHARX EV chargers, focusing on C++ destructor behavior and UAF issues.
— Pedram Amini (@pedramamini) July 17, 2024
The exploit they used for Pwn2Own Auto 2024 is published here with a detailed blog to come:… pic.twitter.com/9QJRqXgF2i
The copyright office is considering an exemption that would provide legal protection for researchers jailbreaking / circumventing DRM / breaking terms of service to expose how AI tools work. This is really important bc current ToS are v threateninghttps://t.co/AzbLrsJo2O
— Jason Koebler (@jason_koebler) July 18, 2024
forget to say that I found CVE-2024-27802 in Apple's Metal.framework while was trying to find attack surface in WebGPU to escape to GPU process. after spending considerable time on
— Meysam (@R00tkitSMM) July 18, 2024
Render<->GPU IPC, I found that some texture parsing happens in GPU. https://t.co/25mUaRts6r
It's fascinating to watch the AI safety community race through 25 years of painful cybersecurity history and lessons in just 24 months.
— chrisrohlf (@chrisrohlf) July 18, 2024
Concepts such as full disclosure of vulnerabilities often seem shocking to a group determined to keep a tight hold on information they wrongly… https://t.co/U0B4UkhtqK
Tabletop game forumite achieves posting godhood, emerging from the void after 100,000 hour 11 year ban to continue the same argument from 2013
Tabletop game forumite achieves posting godhood, emerging from the void after 100,000 hour 11 year ban to continue the same argument from 2013 | PC Gamer
No, I am not revealing my username.
Nice work from @InterruptLabs on their JADX-GUI (Java Decompiler) collaboration extension:https://t.co/I71fXxBtCr
— Pedram Amini (@pedramamini) July 17, 2024
Operates over Git, multiple users can push/pull symbols. Read more about the plug-in design in their blog here:https://t.co/jLPywTsmjn pic.twitter.com/YNJLWajhbW
I hacked the @SAP AI platform by changing my UID to 1337.
— Hillai Ben-Sasson (@hillai) July 17, 2024
…Yeah, really.
This led to admin permissions on several SAP systems, but also access to customers’ secrets and private AI files 👀
This is the story of #SAPwned 🧵⬇️ pic.twitter.com/Ljgme06CrH
Thread by @hillai on Thread Reader App – Thread Reader App
@hillai: I hacked the @SAP AI platform by changing my UID to 1337. …Yeah, really. This led to admin permissions on several SAP systems, but also access to customers’ secrets and private AI files 👀 This is...…
The Meiji government translated 10,000 technical books (applied science, industry, etc).
— Whyvert (@whyvert) July 18, 2024
Then, Japan became an industrial powerhouse.
Must be the greatest industrial policy investment ever made!
Once again: the importance of upper human capital.
h/t 🔒 https://t.co/lAlTK8c7fU pic.twitter.com/aJfa7X9SLZ
I'm going to talk about this publicly because enough time has passed and there's no longer any capability to burn. I typically don't talk about anything I work on due to obvious reasons but here goes...
— Dan Kelly (@int0x00) July 18, 2024
Several years ago I was monitoring an APT actor. There's little point trying…
1/ The exploiter of the @WazirXIndia Multisig was able to drain it after changing the implementation of the Multisig, that couldn't have been done without compromising the signers EOA, but here's a closer look on the attack flow 🧵
— Vazi (@0xVazi) July 18, 2024
Thread by @0xVazi on Thread Reader App – Thread Reader App
@0xVazi: 1/ The exploiter of the @WazirXIndia Multisig was able to drain it after changing the implementation of the Multisig, that couldn't have been done without compromising the signers EOA, but here's a closer lo...…
Consider that a decade ago DPRK was lame af, and now they’re used as an example of sophisticated hacking. Wild.
i’ll never stop being amazed that we invented a computer that cannot do math. that’s like. their whole thing. https://t.co/jop8ZCpv0n
— worm food 🇵🇸🌸✨🌸🇵🇸 (@frogs4girls) July 18, 2024
A thread on a my just published article — “Digital Rummaging” — that tries to reimagine the Fourth Amendment harms of new mass surveillance technologies. #surveillance #privacy #FourthAmendment 1/12 https://t.co/3b7BmZgzIv pic.twitter.com/FElqLgwreb
— Andrew G. Ferguson (@ProfFerguson) July 18, 2024
Thread by @ProfFerguson on Thread Reader App – Thread Reader App
@ProfFerguson: A thread on a my just published article — “Digital Rummaging” — that tries to reimagine the Fourth Amendment harms of new mass surveillance technologies. #surveillance #privacy #FourthAmendment 1/12 ...…
Wait, is this true? People can just lie on the Internet??
Important update here: The FBI briefed senators yesterday that they believed this Steam account did indeed belong to Crooks, per source familiar. Now, the FBI has revised that assessment and investigators think the account is fake, US official tells CNN https://t.co/3d1ovGu7rO
— Sean Lyngaas (@snlyngaas) July 18, 2024