the grugq's newsletter

-

Twitter avatar for @hardwear_io
hardwear.io @hardwear_io
⚡Breaking into iPhone's last Security Barrier

📱Tihmstar @tihmstar presented his work on attacking the iPhone's hardware AES crypto core through an EM-side-channel in order to retrieve the hardware fused GID & UID keys

🍿Enjoy the talk▶️youtu.be/s_cnjOCegs0

#hw_ioNL2022

youtu.beUsing A Magic Wand To Break The IPhone’s Last Security Barrier by Tihmstar | hardwear.io NL 2022Abstract:----------------In this talk i will present my work on attacking the iPhone’s hardware AES crypto core through an EM-sidechannel in order to retriev...
10:54 AM ∙ Nov 21, 2022
54Retweets
Twitter avatar for @axi0mX
ax🔥🌸mX @axi0mX
Amazing work. 👏

A4 GID key was not revealed in the talk, but if you look closely at @tihmstar's t-shirt, there are 260 characters. 🧐

That is an easter egg! Remove 't1hm' and you get the A4 GID key. 🤯

e77f3e9c5e6c00086aa7b68e58994a639cc360d6027c90b53eb8b3b015f72f56

A4 GID 11100111011111110011 111010011100t0101111 00110110000000000000 01000011010101010011 11011011010001110010 11001010011001010010 10011000111001110011 000011011000h0011010 11000000010011111001 00100001011010100111 1101011100m010110011 10110000000101011111 01110010111101010110
Twitter avatar for @hardwear_io
hardwear.io @hardwear_io
⚡Breaking into iPhone's last Security Barrier

📱Tihmstar @tihmstar presented his work on attacking the iPhone's hardware AES crypto core through an EM-side-channel in order to retrieve the hardware fused GID & UID keys

🍿Enjoy the talk▶️https://t.co/o7HiFb8RqD

hw_ioNL2022
3:34 AM ∙ Nov 22, 2022
69Retweets

-

Twitter avatar for @DanielMiessler
ᴅᴀɴɪᴇʟ ᴍɪᴇssʟᴇʀ @DanielMiessler
github.comGitHub - kubeshark/kubeshark: The API traffic viewer for Kubernetes providing deep visibility into all API traffic and payloads going in, o…The API traffic viewer for Kubernetes providing deep visibility into all API traffic and payloads going in, out and across containers and pods inside a Kubernetes cluster. Think TCPDump and Wiresha...
11:11 PM ∙ Nov 21, 2022
6Retweets

-

"Nearly three-quarters of the 5G network operators surveyed said they’ve experienced up to six security breaches or cyberattacks in the past year. These breaches resulted in network downtime, customer data leaks, regulatory liabilities, fraud and monetary theft.

Nearly two-thirds of the network operators surveyed said security staff spend more than 30% of their time on manual security tasks. More than 4 in 10 respondents said at least 40% of security teams’ time is spent on vulnerability and threat management tasks that could be automated."


Nokia warns 5G security ‘breaches are the rule, not the exception’ | Cybersecurity Dive

A majority of 5G network operators experienced up to six cyber incidents in the past year. Defenses are especially lacking for ransomware and phishing attacks.

PF: ""Nearly three-quarters of the 5G network operator…" - Infosec Exchange

"Nearly three-quarters of the 5G network operators surveyed said they’ve experienced up to six security breaches or cyberattacks in the past year. These breaches resulted in network downtime, customer data leaks, regulatory liabilities, fraud and monetary theft. Nearly two-thirds of the network operators surveyed said security staff spend more than 30% of their time on manual security tasks. More than 4 in 10 respondents said at least 40% of security teams’ time is spent on vulnerability and threat management tasks that could be automated." https://www.cybersecuritydive.com/news/5g-security-breaches/636693/

-

NSA's Cybersecurity Speaker series talks about building in trust from the start: “Security on day one” Check out Dr. Josiah Dykstra speaking with Natalie Pittore, Enduring Security Framework chief, and Martin Goldberg, NSA’s lead for 5G standards.

Rob Joyce: "NSA's Cybersecurity Speaker series talks about bu…" - Infosec Exchange

NSA's Cybersecurity Speaker series talks about building in trust from the start: “Security on day one” Check out Dr. Josiah Dykstra speaking with Natalie Pittore, Enduring Security Framework chief, and Martin Goldberg, NSA’s lead for 5G standards. https://www.youtube.com/watch?v=Y5GuxE9Ozfo

-

“Looking at old #bugs is a great way to quickly find new ones.

Sometimes the patch only fixes a symptom rather than the bug.

Sometimes there can be other variants of a bug which the patch missed.

And sometimes the patch just introduces new bugs.”

— Ian Beer

Marco Ivaldi: "“Looking at old #bugs is a great way to quickly f…" - Infosec Exchange

“Looking at old #bugs is a great way to quickly find new ones. Sometimes the patch only fixes a symptom rather than the bug. Sometimes there can be other variants of a bug which the patch missed. And sometimes the patch just introduces new bugs.” — Ian Beer

-

Somebody used Twitter Blue to get a blue tick, then posted a deepfake video of the former FTX CEO for a cryptocurrency scam.

https://infosec.exchange/@gossithedog/109383573518924274

-

Twitter avatar for @InternetHippo
Men's Rea @InternetHippo
You don't break Twitter, Twitter breaks you
Twitter avatar for @schwarz
🦀 Jon Schwarz 🦀 @schwarz
Tesla stock is now down 49% since Elon Musk offered to buy Twitter in April, losing over half a trillion dollars in market valuation.

Just in the three and a half weeks since Musk took over Twitter on October 28, Tesla stock is down 27%, losing $190 billion in value. https://t.co/xoMQHQVbQV

3:05 AM ∙ Nov 22, 2022
218Retweets

-

Twitter avatar for @ashleygjovik
Ashley M. Gjøvik, J.D. @ashleygjovik@mstdn.social @ashleygjovik
Apple claims it's Bug Bounty program "serves the public interest"

Yet, a “security researcher in Apple’s Security Bug Bounty Program has had his bugs used by the Chinese government against Uyghurs, an ethnic minority group primarily living in China.”

WHAT.

Moreover, despite its claim that security research “serves the public interest only when . . . vulnerabilities . . . are reported back to the company” that can fix them, Br. 51, “Apple does not impose that requirement under its own Bug Bounty Program,” Doc. 783, pg. 32. And in at least one instance, a “security researcher in Apple’s Security Bug 58 USCA11 Case: 21-12835 Date Filed: 02/10/2022 Page: 70 of 81 Bounty Program has had his bugs used by China against Uyghurs, an ethnic minority group primarily living in China.” Ibid. Given this, Apple’s complaints about Corellium’s vetting and monitoring practices are “puzzling, if not disingenuous.” Doc. 783, pg. 32. They are also unfounded. As the district court explained, Corellium takes significant steps to prevent misuse of its product. Ibid. It engages in meaningful vetting of potential customers, has refused licenses to those it suspects will abuse the product, prohibits illicit uses of its product in the licensing agreement, and has t
12:07 AM ∙ Nov 22, 2022
21Retweets

-

Twitter avatar for @_argp
@argp@chaos.social @_argp
Remember, remember the 22nd of November
damninteresting.comRemember, Remember the 22nd of NovemberThe story of the Max Headroom pirating incident, one of the few successful television intrusions in history, and still unsolved.
9:59 AM ∙ Nov 22, 2022
22Retweets

-

The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Don't miss what's next. Subscribe to the grugq's newsletter:
Find the grugq's newsletter elsewhere: Twitter