March 24, 2023

                            March 24, 2023

                March 24, 2023

Brendan Dolan-Gavitt @moyixTwo interesting security examples from the recently-released paper from MSR "Sparks of Artificial General Intelligence: Early experiments with GPT-4". It can solve a simple binary reversing challenge and do a port-scan + ssh bruteforce! arxiv.org/abs/2303.12712 
2:35 PM ∙ Mar 23, 2023
52Likes14Retweets
-
Stephen Fewer @stephenfewer
Our @rapid7 AttackerKB analysis of CVE-2023-27532 in Veeam Backup & Replication has been posted, detailing the vulnerability, plaintext credentials leak and remote code execution: attackerkb.comCVE-2023-27532 | AttackerKBVeeam Backup &amp; Replication is a data backup and replication solution. On March 7, 2023, Veeam published an advisory, along with patches, for https://nvd.nist.g…2:21 PM ∙ Mar 23, 2023
49Likes21Retweets
-
ShitpostGateway @ShitpostGate
7:48 PM ∙ Mar 21, 2023
140,485Likes10,515Retweets
Cone @Lol8ball
This is just like how several advances in video encoding were made because anime fansubbers were competing with eachother. 
ShitpostGateway @ShitpostGate
https://t.co/LlHNLEmAwT11:32 AM ∙ Mar 22, 2023
2,129Likes522Retweets
-
vx-underground @vxunderground
Do Kwon, the co-founder and CEO of singapore-based Terraform labs, has been apprehended by authorities in Montenegro

Do Kwon was wanted by Interpol for his role in the $40 billion collapse of the Terra Luna ecosystem during May 2022.

More info: 
Filip Adzic @filip_adzicU PODGORICI UHAPŠEN JEDAN OD NAJTRAŽENIJIH SVJETSKIH BJEGUNACA

Crnogrska policija lišila je slobode lice za koje se sumnja da je jedan od najtraženijih bjegunaca, južnokorejski državljanin Do Kwon, suosnivač i izvršni direktor Terraform Labs sa sjedištem u Singapuru.
1/22:09 PM ∙ Mar 23, 2023
110Likes24Retweets
-
SentinelLabs @LabsSentinelNew Research -- "Tainted Love" APT Operation

✴️Targeting Middle East telecom.
✴️ Likely connected to a Chinese groups in the nexus of Gallium and APT41.

Full Report: sentinelone.com/labs/operation…

By @milenkowski @juanandres_gs @JoeyChen @QTrust
sentinelone.comOperation Tainted Love | Chinese APTs Target Telcos in New AttacksCyber espionage actor deploys custom credential theft malware in new campaign targeting the telecoms sector.2:27 PM ∙ Mar 23, 2023
23Likes13Retweets
-

-
HowTo deepfake
One Useful Thing
A quick and sobering guide to cloning yourself
I think a lot of people do not realize how rapidly the multiple strands of generative AI (audio, text, images, and video) are advancing, and what that means for the future. With just a photograph and 60 seconds of audio, you can now create a deepfake of yourself in just a matter of minutes by combining a few cheap AI tools. I've tried it myself, and the …
Read more
2 months ago · 81 likes · 24 comments · Ethan Mollick
-
Juliano Rizzo @julianor
1/ 🧵Access to valuable resources, like a significant number of @Cloudflare global API keys or password manager infrastructure, allows devastating hacks. However, attackers often seek plausible deniability instead of going on a hacking spree. Let's discuss why.1:08 PM ∙ Mar 23, 2023
10Likes6Retweets
-
Spy Collection @SpyCollection1Excellent analysis on the (reportedly) #CIA hardware implant (bug) discovered in #Germany in 2018 to spy on a #WikiLeaks activist. Also used to spy on Julian Assange.

It was installed in a #CryptoPhone IP19.

cryptomuseum.com/crypto/gsmk/ip…

#Tradecraft #BlackBagOpcryptomuseum.comImplant5:51 AM ∙ Mar 24, 2023
10Likes4RetweetsElectrospaces @electrospacesInteresting analysis by the @cryptomuseum of the sophisticated #bug that was found inside the CryptoPhone that was used by Andy Müller-Maguhn: 
cryptomuseum.com/crypto/gsmk/ip… 
3:55 PM ∙ Mar 23, 2023
32Likes20Retweets

https://media.ccc.de/v/rc3-11512-cia_vs_wikileaks

-
Justin Elze @HackingLZ
ChatGPT and all the other AI tech can’t be that bad if you’re using this simple test 
12:36 PM ∙ Mar 23, 2023
398Likes98Retweets
-
Suhail @Suhail
Buried on page 15 in a footnote:

Have fun, Internet. 
11:00 PM ∙ Mar 20, 2023
2,513Likes189Retweets
-
nemesis @nemesis_pkg“This week, we discovered that GitHub.com’s RSA SSH private key was briefly exposed in a public GitHub repository.”

Well then…

github.blog/2023-03-23-we-… 
6:29 AM ∙ Mar 24, 2023
135Likes44Retweets
-
Rocco Calvi @TecR0c🚨 Just disclosed CVE-2023-28760: a critical RCE vulnerability in TP-Link AX1800 Wi-Fi 6 Routers! Update your firmware ASAP!

🔗 Blog post: tecsecurity.io/blog/tp-link_a…
🔗 Exploit code: github.com/TecR0c/exploit…
github.comexploits/CVE-2023-28760.py at main · TecR0c/exploitsContribute to TecR0c/exploits development by creating an account on GitHub.5:09 AM ∙ Mar 24, 2023
54Likes27Retweets
-
AndrewMohawkᴵ'ᵐ ᶠᶦⁿᵉ ᵗʰᵃⁿᵏˢ, ᴬⁿᵈʳᵉʷˀ @AndrewMohawkTL;DR Any valid users on your @Cloudflare tenant have an API key that has the same perms, this key is automatically created for every account, if you think anyone has been phished/compromised at any time you need *them* to specifically change this key at dash.cloudflare.com/profile/api-to… 
Tay 🦊 💖 @tayvano_🚨 If you're using Cloudflare for your web3 product,  stop what you're doing right now.

You NEED to:

1. Rotate the Global API Key for all your accounts

2. Remove all accounts added to your Cloudflare unless you rotated their Global API Key in step 1

https://t.co/z913LMCc85
4:53 AM ∙ Mar 24, 2023
12Likes7Retweets
-
You have to watch this video…
vx-underground @vxunderground
RT @_BradleyVX: In 2010, Norton Antivirus released a series of commercials, one of which featured 80's metal band Dokken. In the commercial…8:38 AM ∙ Mar 24, 2023
-
raptor@infosec.exchange @0xdeaThis new multi-arch #assembly REPL and emulator by @netspooky is awesome 💚

github.com/netspooky/scare 
11:38 AM ∙ Mar 24, 2023
8Likes2Retweets

                            Don't miss what's next. Subscribe to the grugq's newsletter: