October 5, 2023
October 5, 2023
Here's my POC for CVE-2023-4911. It's a little rough, so PR's are definitely welcome đhttps://t.co/xsVyhJv4Kk pic.twitter.com/wXVxQDwtwh
â Rick de Jager (@rdjgr) October 4, 2023
A hardly noticed, but important document from the Snowden trove: the legal framework for GCHQ Cyber Defence operations:https://t.co/5IqpHT43oL pic.twitter.com/9waiGDFx0z
â Electrospaces (@electrospaces) October 4, 2023
Tales from the Crypto: How the Baltic states became the hub of money laundering and fraud - VSQUARE.ORG
Estonia became a global hotspot for crypto companies. We discovered dozens of cases of massive fraud, money laundering, sanctions evasion
Hot 0day fall? CVE-2023-22515 >> Critical privilege escalation in Atlassian #Confluence Server and Data Center. Exploited in the wild, freshly disclosed. Advisory seems to imply it's remotely exploitable despite being a privesc. Advisory has IOCs. https://t.co/g2PiINzcuO
â Caitlin Condon (@catc0n) October 4, 2023
"Leaked British intelligence reported that Chinaâs PLA Navy submarine â093-417â suffered a catastrophic failure, poisoning the crew on August 21".
â Dr. Dan Lomas (@Sandbagger_01) October 4, 2023
https://t.co/eHCZHI5g36
While I appreciate your honesty, I'd like to remind you that we are on the phone with the auditors.
â Accidental CISO (@AccidentalCISO) October 4, 2023
Trying to explain the absolute failure of cyber policy preferences focused on law enforcement responses when the first reporting of the day is about a continuing criminal enterprise built from tooling first developed 18 years ago, for malware as a service operations whoseâŠ
â JD Work (@HostileSpectrum) October 5, 2023
When the effort to extend US law enforcement reach to international jurisdiction takes longer than the prison time a convicted subject receives, let alone serves, it is usually prima facie evidence of mismatch between tool & problem set. To say nothing of damage to intel equitiesâŠ
â JD Work (@HostileSpectrum) October 5, 2023
Can honestly say Iâm not sure that long prison sentences are the solution to this problem.
If you're an attacker with local admin privs, consider storing your malicious files in
â Florian Roth (@cyb3rops) October 4, 2023
C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection
MS tends to store noisy and shady scripts there, leading many security vendors to eventually exclude that folder
this seems to be happening now on mobile, one day after Elon Musk tweeted that links don't get as much attention. certainly one way to decrease attention to links is make it difficult/impossible to know what a link goes to... https://t.co/5dxCwjzXOq pic.twitter.com/e44RxYtleV
â Erin Woo (@erinkwoo) October 4, 2023
If you've got on-prem Confluence servers you've got work to do today: A critical 0day is being exploited in the wild against them. Patch or apply the mitigation (breaks access to setup pages, but should allow normal operation) as soon as possible. https://t.co/jxxlATU4fV pic.twitter.com/H8vbQ6sMMz
â Brian in Pittsburgh (@arekfurt) October 4, 2023
This story digs a little deeper into Ashton Kutcherâs startup, Thorn. https://t.co/NseuWXULvv
â Matthew Green (@matthew_d_green) October 5, 2023
Who Exactly Is Ashton Kutcherâs Anti-Sex-Trafficking Tech Company Helping? The actorâs recent PR crisis has led to scrutiny around his advocacy work.
Who Is Ashton Kutcherâs Anti-Sex-Trafficking Org Helping?
The actorâs recent PR crisis has led to scrutiny of his complicated advocacy work.
My closest encounter with the mafia is I went to a starkly empty pizza place in Rhode Island once, they seemed utterly confused that I wanted a pizza, it took 45 minutes to make, they gave it to me for free, and it was the best pizza Iâd ever had.
â Jessica Ellis (@baddestmamajama) October 4, 2023
A Hollywood-Backed Nonprofitâs App Promises To Identify Sex Traffickers. But Critics Say It Endangers Survivors
A Hollywood-Backed Nonprofitâs App Promises To Identify Sex Traffickers. But Critics Say It Endangers Survivors
Cofounded by an ex-CIA agent and former NavySeal, DeliverFund was gaining plaudits and big-name donors for its work to prevent trafficking. But critics have accused it of endangering victims of the same crime itâs supposed to be fighting.
NEW - A nonprofit full of ex-CIA/NSA/US intel launched an app claiming it would help identify possible sex traffickers with just an email or phone number.
â Thomas Brewster (@iblametom) October 4, 2023
I found it includes numbers tied to child victims and sex workers.
Critics say that's, erm... bad.https://t.co/rpnixQfsu3
MEPs vote against amendment to ban EU governments spying on journalists
Politicians opt for change they say amounts to de facto ban on spyware but free speech campaigners dispute claim
MEPs vote against amendment to ban EU governments spying on journalists | European Union | The Guardian
Politicians opt for change they say amounts to de facto ban on spyware but free speech campaigners dispute claim
China isnât just trying to be the leading high-tech manufacturer. Itâs also wants to manufacture everything. This goes against the typical development pattern and most economistsâ advice. So why does Xi want to do it, and can he pull it off? A long𧔠1/
â adam wolfe (@adamkwolfe) October 4, 2023
Thread by @adamkwolfe on Thread Reader App â Thread Reader App
@adamkwolfe: China isnât just trying to be the leading high-tech manufacturer. Itâs also wants to manufacture everything. This goes against the typical development pattern and most economistsâ advice. So why does Xi...âŠ
David Beckham is the last remaining investigative journalist pic.twitter.com/XQgwOqdoav
â Chris Bakke (@ChrisJBakke) October 5, 2023
iâve changed my mind on ai art. itâs extremely funny microsoft rushed to get bing ai out and didnât think about the consequences pic.twitter.com/3G7l2aGylr
â mayor andre dickless (@capittalism) October 4, 2023
1/2 A threat actor has allegedly leaked data from 23andMe @23andMe. They claim the data has a list of half of the users of 23andMe; 7 million. The data includes a lot of confidential information. #23andMe #DNA #Clearnet #DarkWeb #DarkWebInformer #Database #Leaks #Leaked pic.twitter.com/OAj1m0gjgx
â Dark Web Informer (@DarkWebInformer) October 3, 2023
The type of data the threat actor allegedly has is origin estimation, phenotype & health information, photos & identification data, raw data & last login date. The threat actor claims to have more than 13 million pieces of data. #23andMe #DNA #Clearnet #DarkWeb #DarkWebInformer
â Dark Web Informer (@DarkWebInformer) October 3, 2023
Following a claim that someone had gained access to and is selling certain 23andMe customer data, we conducted an investigation. We have not identified any unauthorized access to our systems. We will continue to monitor the situation.
â 23andMeSupport (@23andMeSupport) October 4, 2023
đ§
Patch Diffing continues to pay the bills.
â clearbluejar (@clearbluejar) October 4, 2023
I just came across a writeup from June with a textbook example of leveraging patch diffing to root cause a 9.2 Fortigate CVE. @AlizTheHax0r digs deep on a 66MB binary with 100,000+ functions, identifies the single vulnerable function,⊠pic.twitter.com/H6L0C2vOuZ