March 17, 2023

Lukasz Olejnik (@LukaszOlejnik@Mastodon.Social) @lukOlejnik

Seized cameras, electronic equipment and GPS transmitters, which the suspects planned to PLACE ON transports with the equipment. To aid in its localisation….?

Lukasz Olejnik (@LukaszOlejnik@Mastodon.Social) @lukOlejnik

Polish security services detained members of a Russian espionage ring preparing acts of sabotage in Poland and had been monitoring railroad routes used for the transport of weapons into Ukraine. https://t.co/LtJje8wrQO

11:24 AM ∙ Mar 16, 2023

-

Exchange bug is apparently pretty sweet. RCE with invisible emails.

Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability - MDSec

Date: 14th March 2023 Today saw Microsoft patch an interesting vulnerability in Microsoft Outlook. The vulnerability is described as follows: Microsoft Office Outlook contains a privilege escalation vulnerability that allows...

GitHub - sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY: Exploit for the CVE-2023-23397

Exploit for the CVE-2023-23397. Contribute to sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAY development by creating an account on GitHub.

-

This ICMP bug raised quite a bit of interest in certain circles, but exploitation seems to be in the theoretical stage for now.

A look at CVE-2023–23415 — a Windows ICMP vulnerability + mitigations (which is not a cyber meltdown) | by Kevin Beaumont | DoublePulsar

Yesterday Microsoft dropped a patch for a vulnerability found by @hexnomad. It’s a great vuln, in theory allowing code…

-

Tufail Ahmed @7ufail

🚨 NEW Blog from @Mandiant 🚨  Suspected Chinese Threat Actor (#UNC3886) involved in Espionage Operations. mandiant.com/resources/blog… 🧵

mandiant.comFortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation | MandiantA suspected Chinese actor used a zero-day vulnerability in FortiOS and custom malware for espionage.

4:04 PM ∙ Mar 16, 2023

---

152Likes86Retweets

-

Runa Sandvik @runasand

Latest post for my Journalist and Spy newsletter is about Peruvian journalist Vicky Peláez. In 2010, Peláez, her husband and eight others were arrested by the FBI for carrying out long-term, deep-cover assignments in the U.S. on behalf of Russia.

journalistandspy.substack.comVicky PeláezVicky Peláez is a Peruvian journalist and columnist, currently writing for The Moscow News and Sputnik. In June 2010, Peláez, her husband Mikhail Vasenkov, and eight others were arrested by the FBI for allegedly carrying out long-term, deep-cover assignments in the U.S. on behalf of Russia. All ten…

3:55 PM ∙ Mar 16, 2023

---

5Likes4Retweets

-

Joseph Cox @josephfcox

New: hacker who allegedly breached a U.S. federal law enforcement tool that let them look up info on "anyone in the US" was on-the-run. Now found he's been arrested in Florida

vice.comOn-the-Run Hacker Who Allegedly Breached Federal Cop Database Arrested in FloridaNicholas Ceraolo, who faces years in prison for allegedly accessing a U.S. federal law enforcement database and other crimes, was still at large when authorities announced the charges against him.

3:53 PM ∙ Mar 16, 2023

---

58Likes22Retweets

-

Marcel Böhme👨‍🔬 @mboehme_

Fuzzing a formally verified compiler for six CPU years: Found unbreakable.

From [PLDI'11] "Finding and Understanding Bugs in C Compilers" by Yang, Chen, Eide, and Regehr: users.cs.utah.edu/~regehr/papers…

Manuel Rigger @RiggerManuel

@mboehme_ CompCert contains/contained unverified parts for builtin handling, in which we have found bugs.

github.comSupport of GCC Builtins · Issue #243 · AbsInt/CompCertWe are currently studying the usage of GCC builtins by GitHub projects and how well various tools support them. To that end, we are also developing a test suite for the most frequently used machine...

4:02 AM ∙ Mar 16, 2023

Paper:

https://www.manuelrigger.at/papers/GCCBuiltins-ESECFSE19-preprint.pdf

-

Brad Heath @bradheath

Amazing work by @Reuters: An insider account of Wagner Group, the convict army feeding men into the "meat grinder" of Russia's war in Ukraine.

reuters.com/investigates/s…