Let's say about 90% of incidents are auth based (that's a high level number based on CISA data and my view of the world)

telling people to worry about USB charging cables, rebooting their phones to defend against pegasus ...

well its kind of LULZ and kind of insane (when… pic.twitter.com/0qwNZHWhU0

— mRr3b00t (@UK_Daniel_Card) October 25, 2024

I updated the list of APTs targeting Russian organization; it now has 41 APTshttps://t.co/Rc8C7vT4BI pic.twitter.com/4WbX163n9J

— Oleg Shakirov (@shakirov2036) October 25, 2024

You might already know about this, it’s to check your cryptographic keys like certificates, CSR and SSH public keys for vulnerabilities: https://t.co/dit4CwuD9x

A Python package is available athttps://t.co/ia9X8J6lnx
and with 'pip3 install badkeys'.

— 🕳 (@sekurlsa_pw) October 24, 2024

Wait, wat? Apple released a Virtual Research Environment that you can poke their stuff with????https://t.co/pQr5yYo3Vn

and releasing source code for certain PCC components?

I guess times are a changing, this is very good pic.twitter.com/nU9R69h4ij

— Daniel Cuthbert (@dcuthbert) October 25, 2024

San Francisco to pay $212 million to end reliance on 5.25-inch floppy disks - Ars Technica https://t.co/I8kQ1K6Blv

— Sami Laiho (@samilaiho) October 25, 2024

Kill your AV/EDR product by getting the exact location it exists on disk (with the defrag API) and corrupting it. Bitlocker will boot on the drive but won’t be able to decrypt the data correctly.https://t.co/FbMLQ3VIL1

— 丂卄ㄖᗪ卂几 - 👋 crack fingers (@therealshodan) October 25, 2024

We are all in this together. Government, industry, and academia need to collaborate in an environment where attackers have the advantage. Sometimes, however, each side can be a bit aggressive in its messaging. 🤣 pic.twitter.com/xOVaBvRjKe

— Rob Joyce (@RGB_Lights) October 25, 2024

I mean, government doing something other than messaging with that aggression would be a good start towards improving the “collective” outcome here

— JD Work (@HostileSpectrum) October 25, 2024