November 22, 2023
November 22, 2023
It was an honor to be invited to give the closing keynote at #VB2023. I tried something that felt new and very out there, tussling with some of the foundational metaphors that (mis|)shape cybersecurity as a practice. Video is finally up :)https://t.co/qMQUFJ26qB
— J. A. Guerrero-Saade (@juanandres_gs) November 21, 2023
How we will thank the vulnerability research community at @NCSC going forward - see the blog 'Thanking the vulnerability research community with NCSC Challenge Coins'
— Ollie Whitehouse (@ollieatnowhere) November 22, 2023
"we’ll now also be awarding NCSC Challenge Coins to selected researchers."https://t.co/K3DNmDn9ZB pic.twitter.com/0JR2RXyYLM
Boeing sharing their LockBit incident details with CISA to share with the world should be a seminal moment in the fight against ransomware.
— Kevin Beaumont (@GossiTheDog) November 22, 2023
Don’t cover it up; talk about it and fight back together, stronger.
Culture reboot, burn old incentives. pic.twitter.com/v3cRIBW8T8
I wrote about how LockBit ransomware group have assembled a Strike Team and are using a Citrix vulnerability to extort the world’s largest companies.
— Kevin Beaumont (@GossiTheDog) November 14, 2023
Pieces together what happened at ICBC, Boeing, DP World, Allen & Overy and more. https://t.co/aXEsPfxnKi
Recommended read. Another example demonstrating ignorance for infrastructure security in the blockchain world. Oh and lets not forget decentralization when pwning a single company can affect multiple blockchains :) https://t.co/ENcMnP3gP7
— Pawel Wylecial (@h0wlu) November 22, 2023
1/ Our team at @dWalletLabs discovered a chain of vulnerabilities that could result in a loss of more than $1B in crypto assets. The full article here: https://t.co/cUUfevvUQ9 Let's take a closer look
— Elad Ernst (@EladErnst) November 21, 2023
Thread by @EladErnst on Thread Reader App – Thread Reader App
@EladErnst: 1/ Our team at @dWalletLabs discovered a chain of vulnerabilities that could result in a loss of more than $1B in crypto assets. The full article here: Let's take a closer look0d.dwalletlabs.com/the-bill...…
I look at a new book on Second World War communications security in a new post on https://t.co/WRLJBi3eCN and thoroughly recommend it. pic.twitter.com/y7NLCV90AI
— Tony Comer (@TCHisTree) November 21, 2023
Sigint Historian: A Valuable New Book on Second World War Communications Security
Anybody who reads this blog will know of my interest in cryptography: the opposite side of the coin to cryptanalysis. How poor UK cryptogr...
https://mostlynerdless.de/blog/tag/lets-create-a-debugger-together/
Building an #Exploit for #FortiGate #Vulnerability CVE-2023-27997https://t.co/HjYmUR07Othttps://t.co/FYu3L2nW6R
— raptor@infosec.exchange (@0xdea) November 22, 2023
Remember, remember the 22nd of Novemberhttps://t.co/k6prBQemLn
— argp (@_argp) November 22, 2023
Boom!
— Jesse D'Aguanno (@0x30n) November 21, 2023
Windows Hello fingerprint authentication bypassed on top three devices:
- Dell Inspiron
- Lenovo ThinkPad
- Microsoft Surface Pro
Still waiting for recordings from our BlueHat talk to drop, but here's our writeup: https://t.co/BTkIJQpE9F#infosec #security #vulnresearch…
Here are the slides of this morning's talk "Everything is (still) broken - looking back at 20 years of hacking." https://t.co/srsUCHcb44 - don't take it too serious, I know I don't.
— Fabian Yamaguchi (@fabsx00) November 21, 2023
People complain about the "woke mind virus" but honestly I find the Bayesian mind virus far more worrisome--all these tech cults & CEOs tossing around words like priors, updating beliefs, expected value, p(doom), in ways that don't make sense just to virtue signal or whatever 🤮
— Noah Giansiracusa (@ProfNoahGian) November 20, 2023
Exhibit A in HOW NOT TO USE THESE CONCEPTS--this gem from the new CEO of OpenAI. WTF does he even mean by "value" here? https://t.co/kKknH6PUxj
— Noah Giansiracusa (@ProfNoahGian) November 21, 2023
The Nazis were very evil, but I'd rather the actual literal Nazis take over the world forever than flip a coin on the end of all value.
— Emmett Shear (@eshear) June 1, 2023
Exhibit B: this now famous gem from SBF pic.twitter.com/XeEwCEj2CC
— Noah Giansiracusa (@ProfNoahGian) November 21, 2023
Awesomely detailed post on #fuzzer #development by @h0mbre_ ✊
— raptor@infosec.exchange (@0xdea) November 22, 2023
Fuzzer Development: The Soul of a New Machinehttps://t.co/PghYqdoQoMhttps://t.co/r48M1r0aus
A secret White House surveillance program is giving federal, state, and local agencies easy access to TRILLIONS of Americans' phone records... including location data, which the Supreme Court held should be off-limits without a warrant. 1/2 https://t.co/TkRkYznGj8
— Elizabeth Goitein (@LizaGoitein) November 20, 2023
Suspicious #GitHub accounts, #crypto theft, new #malware families and fake jobs — tracking two campaigns linked to North Korean threat actors has uncovered a complex web we detail in full. Read now: https://t.co/dkgjW82kiq pic.twitter.com/EHfwVlzwjY
— Unit 42 (@Unit42_Intel) November 21, 2023
Cool series by @SonarSource on #VSCode #vulnerability #research
— raptor@infosec.exchange (@0xdea) November 22, 2023
Visual Studio Code Security: Deep Dive into Your Favorite Editor https://t.co/KPMSJck1PShttps://t.co/HAh0GDRftI
❗ The wait is finally over ❗
— Microsoft BlueHat (@MSFTBlueHat) November 21, 2023
The #BlueHat Oct 2023 sessions are now live on our YouTube channel. Kick back, relax, and dive into the latest cybersecurity research and insights.
Happy viewing! 📺 https://t.co/HY9mpJWuch
Fascinating details about Khrushchev’s perception of Kennedy based on @DrRadchenko’s groundbreaking work analyzing recently declassified Soviet archives
— Dmitri Alperovitch (@DAlperovitch) November 22, 2023
It completely upends previous understanding of the causes of the Cuban Missile Crisis (such as Kennedy’s perceived weakness) https://t.co/gujmezcC3E
On the sixtieth anniversary of John F. Kennedy's assassination, here's a thread on his relationship with Nikita Khrushchev, one of the most important relationships of the Cold War.
— Sergey Radchenko (@DrRadchenko) November 22, 2023
Thread by @DrRadchenko on Thread Reader App – Thread Reader App
@DrRadchenko: On the sixtieth anniversary of John F. Kennedy's assassination, here's a thread on his relationship with Nikita Khrushchev, one of the most important relationships of the Cold War. Moscow welcomed JFK'...…
How to turn an unbalanced unlock kernel bug🪳into a Use-After-Free (CVE-2023-2612)? The #Grehack23 slides are now available 👉https://t.co/9qCw0Q4CaF
— JB Cayrou (@jbcayrou) November 21, 2023
Calling a meeting to say “Think of ways to make money.” That’s leadership. https://t.co/CuhKUmwNbL
— Travis View (@travis_view) November 21, 2023
SCOOP: Inside Linda Yaccarino’s X all-hands after Elon Musk sued Media Matters: ‘By all means, put your heads together to bring new revenue into the company’ https://t.co/OSeBhd8w5p
— Kylie Robison (@kyliebytes) November 21, 2023
this is how your email finds me https://t.co/FL04NDAjx7
— Rob DenBleyker (@RobDenBleyker) November 22, 2023
— Possumeveryhour.io (@PossumEveryHour) November 22, 2023
Can anyone tell me why the public WiFi with an attacker in it is unsafe?
— mRr3b00t (@UK_Daniel_Card) November 22, 2023
I can read all the targets traffic metadata but I can’t read their traffic.
Anybody? The ASD say it’s not safe but I’m not really sure why…..
If you can show me an attack that will do something let me… https://t.co/4GsWMCjeQN
Target located! 🕵️♂️🥷 pic.twitter.com/1AlcSW5rjX
— mRr3b00t (@UK_Daniel_Card) November 21, 2023