July 28, 2023
July 28, 2023
Strong letter from @RonWyden about Microsoft security failures that enabled SolarWinds hack and recent Storm-0558 campaign. He calls on @CISAgov, @FTC and @TheJusticeDept to investigate company and hold it "responsible for its negligence." https://t.co/AY4ImksoBV pic.twitter.com/mpv2pFiEOQ
— Kim Zetter (@KimZetter) July 27, 2023
STACK OVERFLOW JUST ANNOUNCED THEIR OWN AI!!!
— Danny Thompson (@DThompsonDev) July 27, 2023
OverflowAI is a tool, that will also have a VS Code plugin. The way this works, if you are on the site and ask a question, it will produce the answer for you while also citing the sources it used to produce the answer.
You can then… pic.twitter.com/QrOKDvqWFG
(ノo‿o)ノ✧.*・。゚ Publication day!! First four articles from the US 2020 Facebook and Instagram Election study (FIES) are out! 3 in Science and 1 in Nature pic.twitter.com/fIDNfNgvut
— Taylor W Brown (@taywbrown) July 27, 2023
i must study war so my sons can study business so their sons can study art so their sons can write gay vampire fiction https://t.co/lu0qU3v7Py
— sophie (@netcapgirl) July 27, 2023
— Dr. Dan Lomas (@Sandbagger_01) July 28, 2023
Very misleading bulletin:
— Daniel Moghimi (@flowyroll) July 27, 2023
1. ZenBleed is not a side channel.
2. End users rely on the OS for sandboxing.
3. It is not even clear what "side channels" are. https://t.co/AFCNbYpWsf
I’m glad our silly Federal laws provide a strong incentive for people to keep large amounts of privacy-preserving cash in circulation. https://t.co/47Kvil1ogd
— Matthew Green is on BlueSky (@matthew_d_green) July 27, 2023
Supporting Command and Control for Land Forces on a Data-Rich Battlefield | Royal United Services Institute
Forces that can leverage battlefield hyperconnectivity capabilities are likely to secure a competitive advantage over those that cannot. This paper seeks to explain what is driving changes to land forces’ command and control, the enterprise architecture that best supports the emerging requirements, and the implications for how command is practised.
CVE-2023-38646 Metabase RCE. Metabase as a data visualization tools assembles a host of mainstream JDBC drivers. I demonstrated one exploitation of them. If you feel like more, I propose reading the slides of the presentation which @pmnh_ and I have spoken of in BH Asia 2023. pic.twitter.com/rugMIRIbuU
— pyn3rd (@pyn3rd) July 28, 2023
Call of Duty multiplayer servers temporarily suspended due to a malware that's automatically propagating to players' systems. The worm was initially identified on VirusTotal on 24th July, 2023. More samples from the same source: https://t.co/9tDNEHE8n1 https://t.co/YFXa9dhC1H pic.twitter.com/rJN8LuHr0w
— Bernardo Quintero (@bquintero) July 27, 2023
Fascinating world of ancient #glass: #Roman bird-shaped vessels were used as perfume bottles. The liquid was sealed inside the vessels and the tip of the tail had to be broken to remove the perfume. This one is still intact and filled with the scented content! I would like...1/2 pic.twitter.com/gzzhLxoYs3
— Nina Willburger (@DrNWillburger) July 27, 2023
CVE-2023-38633 in librsvg: Arbitrary file read when xinclude href has special characters: Posted by Alan Coopersmith on Jul 27I haven't seen this go by yet, so for those who haven't seen it:
— Open Source Security mailing list (@oss_security) July 27, 2023
https://t.co/DRWLWJDWQe reports:
CVE-2023-38633:… https://t.co/3zAt2CkITY
— Dr. Dan Lomas (@Sandbagger_01) July 28, 2023
My husband and I called my sweet, 85-year-old grandma to tell her I got a new job.
— Mommy Owl (@Mommy__Owl) November 12, 2018
She congratulated us, talked for a bit, and then hung up.
Later she called me to say I should open a secret bank account and never tell my husband about it.
My grandma is fierce.
https://twitter.com/riskybusiness/status/1684706292060073986
🚨We found adversarial suffixes that completely circumvent the alignment of open source LLMs. More concerningly, the same prompts transfer to ChatGPT, Claude, Bard, and LLaMA-2…🧵
— Andy Zou (@andyzou_jiaming) July 28, 2023
Website: https://t.co/ja2FPw9aad
Paper: https://t.co/1q4fzjJSyZ pic.twitter.com/SQZxpemCDk
I’ve just released some research into 38 SaaS-native attack techniques across the kill chain and produced a SaaS attack matrix to go along with it.https://t.co/1bbkpI5IlC
— Luke Jennings (@jukelennings) July 27, 2023
This is just the beginning but my hope is this will become an ongoing community project.
P4wnP1 by @mame82 for the @raspberrypi Zero W is awesome, but needing a USB stem or cable makes for a clunky package. @RoganDawes found out that you can install Linux ON an LTE modem. It's the perfect platform for long or short distance P4wnP1 shenanigans! https://t.co/54oqx3ZYdH pic.twitter.com/EnGVnYzGty
— Orange Cyberdefense's SensePost Team (@sensepost) July 27, 2023
Fact: Metabase doesn't release the fixed code in their "oPen-SouRce" repository https://t.co/HMgjfSMh6q
— Janggggg (@testanull) July 27, 2023
So basically, If you're naively using their open-source version, you're still vulnerable! pic.twitter.com/mRLBvHUfQW
https://twitter.com/0xmatt/status/1684301870469373952
Best poster award pic.twitter.com/eIlxXKDFtE
— Daniel Severo (@_dsevero) July 27, 2023
My daughter just put herself in timeout in her room because she was “done hearing other people’s voice noise.”
— Mommy Owl (@Mommy__Owl) July 25, 2023
i love u guys so much 😭 pic.twitter.com/cV2KSQSOgZ
— Jenn Takahashi (@jenntakahashi) July 27, 2023
OMG. Seymour Hersh’s handler really messed up.
— Bad Baltic Takes (@BadBalticTakes) July 27, 2023
The “anonymous US official” supposed to be briefing Hersh used a russian expression (мальчик в трусиках) that English speakers don’t use. 😂 pic.twitter.com/iwq4c2ZVzN
https://twitter.com/glazerboohoohoo/status/1681367518911565824
Start the conversation: