March 23, 2023

                            March 23, 2023

                March 23, 2023

Aristotle Tzafalias @Aristot73
Open source libraries should stop forcing their way into the code base of billion $ companies. just stop! 
Sam Altman @samawe had a significant issue in ChatGPT due to a bug in an open source library, for which a fix has now been released and we have just finished validating.

a small percentage of users were able to see the titles of other users’ conversation history.

we feel awful about this.6:57 AM ∙ Mar 23, 2023
53Likes15Retweets
-
Stephen Dziedzic @stephendziedzic
Some genuinely staggering foreign interference stories coming out of Canada right now 
Sam Cooper @scoopercooper
BREAKING: Liberal MP Han Dong secretly advised Chinese diplomat in 2021 to delay freeing Two Michaels: sources  | https://t.co/6oS5jHrnWQ https://t.co/tXTQI3kpsz10:44 PM ∙ Mar 22, 2023
145Likes55Retweets
-
Steven Murdoch @sjmurdoch
I did a little digging to see why Windows Snip and Sketch leaves part of the old image in a file when you crop a screenshot, potentially disclosing sensitive information (Acropalypse). It looks like the new Windows Save File API is defective by design. Why do I say this?🧵 1/97:29 PM ∙ Mar 22, 2023
492Likes178Retweets
-
MG @_MG_I just did some digging into that “USB Bomb” story. 

So here is a quick thread on what it looked like, the damage it did, and the pretext.

🧵1/n

bbc.com/news/world-lat…
bbc.comJournalist opens USB letter bomb in newsroomEcuador’s government condemns the attack after journalists nationwide are targeted.5:45 PM ∙ Mar 22, 2023
322Likes106Retweets
MG @_MG_
So this looks to be one of the unexploded drives. Which indicates a modified brand name thumb drive.

Note reads:

THE INFORMATION IS GOING TO UNMASK THE CORREISMO.

THINK IT'S USEFUL, WE CAN REACH AN AGREEMENT AND I'LL SEND YOU THE SECOND PART.
🧵2/n 
5:45 PM ∙ Mar 22, 2023
-

-
cje @caseyjohnellisPARCH YO’ SILIC… actually, never mind - Researchers Spot Silicon-Level Hardware Trojans in Chips, Release Their Algorithm for All to Try - Hackster.io 
bit.lyResearchers Spot Silicon-Level Hardware Trojans in Chips, Release Their Algorithm for All to TryUsing thousands of electron microscope images and the original chip layout, 37 of 40 deliberate modifications were spotted.5:17 AM ∙ Mar 23, 2023
13Likes11Retweets
-
John Lyon @JohnLyonTweets
[Casio headquarters, 1975]

CEO: We need to make our calculators more versatile. Give me your ideas.

First executive: Maybe they could also be phones?

Second executive, a smoker who often oversleeps: I have a better idea. 
11:19 PM ∙ Mar 22, 2023
140Likes45Retweets
-
@@ProfJeffJarviss@mastodon.mogadishu @ProfJeffJarviss
Pro tip: Stop thinking of serendipitous texts as “spam”, use them as opportunities to network. 
1:15 AM ∙ Mar 23, 2023
69Likes10Retweets
-
Programmer Humor @PR0GRAMMERHUM0RGigachad Ken Thomson. reddit.com/r/programmerhu… 
1:00 AM ∙ Mar 23, 2023
382Likes60Retweets
-
Zero Day Initiative @thezdi
Success! @testanull of @starlabs_sg was able to execute a 2-bug chain on Microsoft SharePoint. They earn $100,000 and 10 Master of Pwn points. #Pwn2Own #P2OVancouver 
7:04 PM ∙ Mar 22, 2023
235Likes42Retweets
-
Andrew Case @attrcMalware samples found while investigating targeted attacks often create hidden services to avoid detection on a live system. In our new blog post, we detail two new @volatility 3 plugins that automatically detect these hidden services within memory samples.

#DFIR #infosec volatility @volatilityIn the latest @volatility blog post, Memory Forensics R&D Illustrated: Detecting Hidden Windows Services, we walk through our R&D process to develop a new #Volatility3 plugin that automatically detects hidden services on Windows: https://t.co/7ysyEmq6Uo 
#memoryforensics #dfir6:23 PM ∙ Mar 22, 2023
46Likes21Retweets-
A look at 55 0days from 2022

https://www.mandiant.com/resources/blog/zero-days-exploited-2022

-

                            Don't miss what's next. Subscribe to the grugq's newsletter: