Ever wondered what happens when side-channel resistant code meets a fancy prefetcher? Checkout our paper breaking constant time crypto on Apple CPUs. https://t.co/PFKOMkBDDV

Joint work with Boru Chen, @YingchenWang96, @PradyumnaShome, Chris Fletcher, @dkohlbre, @ricpacca

— Daniel Genkin (@DanielGenkin) March 21, 2024

We found a way to defeat pointer authentication (and forge kernel pointers from userspace) on the Apple M1 via a new hardware attack.

Here’s how it works-https://t.co/6Kz3jnRtwI

— Joseph Ravichandran (@0xjprx) June 10, 2022

⚡️ 2023 Annual Report by Insikt Group https://t.co/OXZD5dxxht pic.twitter.com/YnPdQZ0KQ1

— 𝕯𝖒𝖎𝖙𝖗𝖞 𝕾𝖒𝖎𝖑𝖞𝖆𝖓𝖊𝖙𝖘 (@ddd1ms) March 21, 2024

Wir listen von nun an APT-Gruppen auf, die gegen Ziele in Deutschland aktiv sind.

Die Quellen sind die eigene Sensorik im Regierungsnetz, vom BSI behandelte Vorfälle, sowie freigegebene Meldungen von Partnern.

Demnächst wird es weitere Seiten geben.https://t.co/y8BIiQVXdy

— Timo Steffens (@Timo_Steffens) March 20, 2024

House passes Protecting Americans’ Data from Foreign Adversaries Act, H.R. 7520https://t.co/vRvihmWHUa pic.twitter.com/YA0H4Xi1v0

— Chris Wysopal (@WeldPond) March 21, 2024

New from 404 Media: we've uploaded the documents from the U.S. government's new and massive anti-trust case against Apple. No email or paywall. We bought docs so free for anyone to download here: https://t.co/LM6Qw5rxw2 pic.twitter.com/Uok9AxKI7S

— Joseph Cox (@josephfcox) March 21, 2024

New blog today w/ @Mandiant @googlecloud! It dives into the run & gun🇨🇳MSS access broker landscape. UNC5174 is a pro adapting 1 day vulns for #initialaccess thats later brokered to other china-nexus baddies. Access brokers still used to access enterprises https://t.co/WX7eofzlRZ

— Digital_Monet (@aRtAGGI) March 21, 2024

Wouldn't it be useful to have a tool that tells you the XProtect rule for common #macOS #malware names, or that told you the industry names for Apple's coded rule names? YES IT WOULD!
A little/useful addition to our ongoing repo tracking XProtect: https://t.co/YY8UxUbl0c pic.twitter.com/tHsI9bJEi4

— Phil Stokes ⫍🐠⫎ (@philofishal) March 21, 2024

https://t.co/1o4wW6gaP2 https://t.co/0xit8JTjaQ

RIP OpenBSD zoomers.

Tho us boomers who have been in the xdev trenches for a long time probably remember when certain bugs were were easier to exploit on OpenBSD and never believed Theo anyway. pic.twitter.com/s5v6p30d6K

— LCFR (@lcfr_eth) March 21, 2024

Criticism of Passkeys, the advertised password replacement. Are there risks or harms even? "WebAuthn is a questionable standard. It removes almost all risks from the service provider and puts all responsibility on the user". Including regulatory risks? https://t.co/Ftyqpa9cpj pic.twitter.com/279EySJhc5

— Lukasz Olejnik, ☕️🥐 (@lukOlejnik) March 22, 2024