November 20, 2024
November 20, 2024
Love this series. The actual size of ancient battles is hard to comprehend without seeing a full simulation. It is kilometres from one end to the other.
New: the company behind Pokemon Go has announced it is using data collected by its millions of players to build an AI model that can navigate the real world, and could be used for robots. Doubt Pokemon Go players anticipated this https://t.co/jHWj7hL5m0
— Joseph Cox (@josephfcox) November 19, 2024
in today's 'no way, is it real?' we found out that Palo Alto's PAN-OS CVE-2024-0012 and CVE-2024-9474 were the equivalents of saying 'turn off auth and give me a shell'.
— watchTowr (@watchtowrcyber) November 19, 2024
Enjoy!https://t.co/P0PZq0diFF
Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
It'll be no surprise that 2024, 2023, 2022, and every other year of humanities' existence has been tough for SSLVPN appliances. Anyhow, there are new vulnerabilities (well, two of them) that are being exploited in the Palo Alto Networks firewall and SSLVPN offering, and as ever, we’re here to
Rob €100 million from Kiabi's treasury, make a new life for herself in California, then return to France 4 years later to be arrested getting off a private jet 🤡 (the linked article is in French) // cc @thegrugq https://t.co/Rux55pqJPA
— Nicolas Grégoire (@Agarri_FR) October 1, 2024
AI needs to be stopped lmao pic.twitter.com/6MxXC8SRUD
— Not Jerome Powell (@alifarhat79) November 18, 2024
Fancy retrieving plaintext user credentials, deactivation passcodes and uninstall passwords for Palo Alto Global Protect VPN? Thank goodness Palo Alto make that easy for you ...
— 0xBB (@bb_hacks) November 19, 2024
Full write up here : https://t.co/6T65cHCi9n
Tooling available here : https://t.co/bAPNigVlX5
How I reverse-engineered an Android app, bypassed custom encryption layer, achieved server-side RCE, and earned a $5000 bounty. read the full story here (TLDR; but worth reading)https://t.co/xgvffzspiB pic.twitter.com/LR51IiPqpK
— YS (@YShahinzadeh) November 19, 2024
🚨 [New Research] Women In Russian-Speaking Cybercrime: Mythical Creatures or Significant Members of Underground?
— Anastasia (@intel_anastasia) November 19, 2024
💥 It was an absolute pleasure to collaborate with the @sansforensics on research. Many thanks to @vHUMINT for his support and to @BushidoToken and Margo Lychak for… pic.twitter.com/2cHdpt9Mfz
The Qualys Threat Research Unit (TRU) has discovered five vulnerabilities. These vulnerabilities can be exploited by any unprivileged user to gain full root access without requiring user interaction. Read about TRU's discovery in our #blog. https://t.co/fMGIqNVeHD #needrestart pic.twitter.com/Vix2BjuC0z
— Qualys (@qualys) November 19, 2024
Absolute bonanza for foreign SIGINT agencies. “In calls with foreign heads of state, Trump has cut out the State Department, its secure lines and its official interpreters…The transition team cannot use secure federal email servers” https://t.co/YdP5sSzB9K
— Shashank Joshi (@shashj) November 19, 2024
🎯"counter to the idea that gullibility to false information is the main factor underlying inaccurate beliefs, skepticism against belief-incongruent true information is much more pronounced than gullibility to belief-congruent false information" https://t.co/kGj70N5TaB
— Rob Sica (@robsica) November 19, 2024
My sandbox bypass technique is now visible https://t.co/9g2YRqNRY7
— phoen1xxx (@phoen16xxx) November 19, 2024
NEW: Billions of coordinates sold by a US data broker exposed the movements of thousands of US military & intel personnel—from nuclear vaults and NSA hubs to their homes and brothels. The DoD knows the data is out there but can’t stop its sale.https://t.co/42RdnAI8dy
— Dhruv Mehrotra (@dmehro) November 20, 2024
The Cyber Resilience Act has been published in the Official Journal or the EU:
— Aristotle Tzafalias (@Aristot73) November 20, 2024
Regulation - 2024/2847 - EN - EUR-Lex pic.twitter.com/zmJenMs4pJ