July 26, 2024
July 26, 2024
1/ A world first reverse engineering analysis of AWS Session Tokens.
— Tal Be'ery (@TalBeerySec) July 25, 2024
Prior to our research these tokens were a complete black box. Today, we are making it more of a glass box, by sharing code and tools to analyze and modify AWS Session Tokens.https://t.co/hpz7u3cwqw
Reverse Engineering for everyone
https://0xinfection.github.io/reversing/Remember Silk Road 2.0? How it was started by some dumb kid who was very quickly arrested? What do you reckon he’s up to these days? Crypto entrepreneur!
https://archive.is/2024.07.25-024257/https://www.nytimes.com/2024/07/24/business/blake-benthall-silk-road-crypto.html"Griaznov cooled his heels in St. Vlas, dined with the friend, got hammered again,& boasted of his special operation to disrupt the Olympic opening ceremonies in Paris on April 26. The friend was incredulous. So did what any deep-cover chekist would do: he whipped out his FSB ID" https://t.co/uKq6hQ0AXQ
— eleanorina (@_eleanorina) July 25, 2024
Michelin Red Star: The Insider reveals identity of arrested Russian chef-agent who planned “destabilizing” acts at Paris Olympic Games
A Russian lawyer-turned-chef who once appeared on a dating show back in his homeland was directed by the Kremlin’s intelligence services to stage “large-scale” acts of “destabilization” at the opening of the Olympic Games in France on July 26, The Insider has learned. The Insider can confirm that Kirill Griaznov, who revealed his plans in a drunken conversation over dinner on the Bulgarian Black Sea coast, has extensive ties to FSB and GRU officers. Griaznov has been arrested by French security ...
Binary secret scanning helped us prevent (what might have been) the worst supply chain attack you can imagine | JFrog
The JFrog Security Research team has recently discovered and reported a leaked access token with administrator access to Python’s, PyPI’s and Python Software Foundation’s GitHub repositories, which was leaked in a public Docker container hosted on Docker Hub. As a community service, the JFrog Security Research team continuously scans public repositories such as Docker Hub, …
A wonderful example of how “reality is more complex than it seems.” Whenever real people do things, there will be weird edge cases.
The bizarre secrets I found investigating corrupt Winamp skins / Jordan Eldredge
I started looking through corrupt Winamp skins and it lead me down some very strange rabbit holes
New: a leaked document obtained by 404 Media shows that billion dollar AI video generator 'Runway' had a company-wide effort to rip off YouTube videos without permission, as well as pirated films. We've posted the full spreadsheet of training data https://t.co/aDNagiy5XT
— Joseph Cox (@josephfcox) July 25, 2024
You know...
— Brian in Pittsburgh (@arekfurt) July 25, 2024
This might (might) change the conversation on software liability more than I initially thought.
The stunning nature of the process shortcomings at CS plus the monetary scope of damages and broad nature of disruptions are potentially potent. https://t.co/nV1rBp0heo
SWARM WARS: Pentagon holds toughest drone-defense demo to date. Eight counter-UAS systems — wielding a mix of radars, machineguns, missiles, jammers, and more — were tested against swarms of up to 50 drones of different types attacking simultaneously from different directions. /1 pic.twitter.com/59cR2oU8GA
— Sydney Freedberg (@SydneyFreedberg) July 24, 2024
Thread by @SydneyFreedberg on Thread Reader App – Thread Reader App
@SydneyFreedberg: SWARM WARS: Pentagon holds toughest drone-defense demo to date. Eight counter-UAS systems — wielding a mix of radars, machineguns, missiles, jammers, and more — were tested against swarms of up to ...…
Yesterday KnowBe4 disclosed a cyber-security-incident where a North Korean national successfully infiltrated KnowBe4 ... by applying for a job there, interviewing, and getting hired.
— vx-underground (@vxunderground) July 24, 2024
Their blog post highlights North Korean identity fraud techniques.https://t.co/FVLJTtKrrD
Process injection via GetThreadDescription and SetThreadDescription.
— vx-underground (@vxunderground) July 25, 2024
This makes this the 9,001 process injection technique on Windows. https://t.co/sUILmELc2Q
It’s been one week since the largest IT outage ever began - larger than any cyber attack.
— Kevin Beaumont (@GossiTheDog) July 26, 2024
I just want to shout out the true heroes - IT support and sysadmins. Maybe they should be paid properly. pic.twitter.com/ljCGc2t8Gi
Our @marcoslaviero wrote a post on why all our @ThinkstCanary customers log in to isolated VMs instead of a single multi-tenanted SaaS instance.
— haroon meer (@haroonmeer) July 25, 2024
(It’s more work for us, but significantly more secure for customers).
Making unfashionable choices:https://t.co/PiOY9pilBo pic.twitter.com/MmjLDFifH4
Introducing Chrome exploitation with a walkthrough of CVE-2023-4069https://t.co/pS6WgfabP1
— 0xor0ne (@0xor0ne) July 25, 2024
Credits @matteomalvica#chrome pic.twitter.com/pOvaMmcSc2
Drone drama saga
New: Canada Soccer said it has suspended women's head coach Bev Priestman after new information came to the organization's attention about the use of drones prior to the 2024 Olympics in Paris.
— Rick Westhead (@rwesthead) July 25, 2024
The Canadian Olympic Committee has removed Priestman from Team Canada. Assistant coach… pic.twitter.com/9RGtCyLQbs
Acer, Dell, Gigabyte, Intel, and Supermicro impacted: the platform key was leaked in 2022 on GitHub at https://t.co/fjmtg5vqRe
— JP Aumasson (@veorq) July 26, 2024
"The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character…