Interesting paper on abusing the BPF infrastructure to bypass Linux kernel isolation techniquehttps://t.co/McFKINejmf#Linux #infosec pic.twitter.com/CHW5bvrtbb

— 0xor0ne (@0xor0ne) September 3, 2024

Wow: New side channel attack recovers ECDSA keys off the Infineon secure element.

YubiKey 5 Series are impacted. Trezor wallets also use Infineon chips I believe.

Stay safe folks! pic.twitter.com/7xsH5T3TAA

— cts 🌸🏳️‍⚧️ (@gf_256) September 3, 2024

Sacramento has been a big target for the MSS for decades. The Chinese intel services understand the value of long-term recruitments in key feeder states—as well as the inherent value of subnational intel at the state, and even city, level. This is a basic fact in San Francisco. https://t.co/UzSp3btXcy

— Zach Dorfman (@zachsdorfman) September 3, 2024

We've updated our blog on abusing file deletes to escalate privileges. We've also released PoC to demonstrate this. The exploit offers a high degree of reliability and eliminates all race conditions. It has been tested on the latest Windows 11 Enterprise. https://t.co/9D5Npp20rf

— Zero Day Initiative (@thezdi) September 3, 2024

My @offbyoneconf keynote on “Breaking into Vulnerability Research” https://t.co/l4BbW3lJX5

— Silvio Cesare (@silviocesare) September 2, 2024

"Attackers make considerable efforts to compromise the smartphones and tablets of military personnel to steal authentication data and transfer GPS coordinates of the devices, which can have direct negative consequences for the lives of personnel."https://t.co/cMgRzoPmTb

— Dan Black (@DanWBlack) September 4, 2024

A recording of our @WEareTROOPERS talk "From ASCII to UTF-16: Leveraging Encodings to Break Software" is now available!

The talk covers basic knowledge of character encodings and explains various vulnerability types and exploitation techniques: https://t.co/NPzyqoxU6w

— Sonar Research (@Sonar_Research) September 3, 2024

And it seems that more cybercriminals from outside of Russia, are joining or using this global underground economy too from:
— Iran 🇮🇷 (Br0k3r, DarkBit)
— DPRK 🇰🇵 (H0lyGh0st, Maui, FakePenny)
— China 🇨🇳 (ChamelGang, Cinnamon Tempest) https://t.co/2MsjwQi3PX

— Will (@BushidoToken) September 4, 2024

Big changes to one of the most targeted attack surface in Windows - https://t.co/MF0vBRUhve

— David Weston (DWIZZZLE) (@dwizzzleMSFT) September 3, 2024

Should the Pulitzer board establish a category for Best Tweet Of 2024, the contest could be called tonight. pic.twitter.com/pyM3fxeUnj

— Bill Grueskin (@BGrueskin) September 4, 2024

Evidence from DOJ’s case on Russian propaganda efforts: pic.twitter.com/wMJ8prtdfC

— Ryan J. Reilly (@ryanjreilly) September 4, 2024

✍️ Super Hat Trick: Exploit Chrome and Firefox Four Times by @eternalsakura13 @Kipreyyyhttps://t.co/8QgiopOxln pic.twitter.com/I9XWBmGOc3

— Alex Plaskett (@alexjplaskett) September 4, 2024

This indictment alleges that right-wing commentators like Dave Rubin, Benny Johnson, Tim Pool, and Lauren Southern — as part of the "Tenet Media" YouTube channel — have been unwittingly working for a Russian influence operation. https://t.co/O4DBYDeGGN

— Will Sommer (@willsommer) September 4, 2024

For people reading the indictment, some of the unnamed commentators are becoming clear.

Commentator 1: Dave Rubin

Commentator 2: Tim Pool

Commentator 3: Unclear

Commentator 4: Lauren Southern

Commentator 5: Unclear

Commentator 6: Matt Christiansen

That leaves Benny…

— Will Sommer (@willsommer) September 5, 2024

The charging documents for the RT-linked couple and Doppelgänger groups are an absolute intelligence gold mine. Perfect example of an effective speaking indictment by @TheJusticeDept, and a real service to security researchers who will be digging thru this stuff for years.…

— Chris Krebs (@C_C_Krebs) September 4, 2024

The U.S. has been the global leader of governments trying to stop the proliferation of high-end spyware from the likes of NSO. But a new study shows it hasn't been very effective. My exclusive report in the Post is archived without marketing stuff here: https://t.co/epT3asBN03

— Joseph Menn (@josephmenn) September 4, 2024

Look we can all see this coming so https://t.co/6SK66hr1RS pic.twitter.com/BS3GW8XUPf

— JChoe (@JoohnChoe) September 4, 2024

Czech Technical University "Introduction to Security" class finally opens online for free!

𝗢𝗻𝗹𝗶𝗻𝗲, 𝗵𝗮𝗻𝗱𝘀-𝗼𝗻, 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗮𝗹, 𝗮𝗻𝗱 𝗳𝗿𝗲𝗲!

Join us and register for free. Starting on Sep 26th. #cybersec #infosec #blueteam #redteamhttps://t.co/U6RmdTIj1U

— Seba García (@eldracote) September 4, 2024

No.

No no no no no no no.

This is a horrible, terrible, no good very bad idea.@CharlesSchwab pic.twitter.com/RyNASvLE1a

— Grady Booch (@Grady_Booch) September 4, 2024

N-days exploits chaining

Chrome RCE: https://t.co/Ft1dBBUJXg

Windows LPE 1: https://t.co/sN6y1HfY4F

Windows LPE 2: https://t.co/sN6y1HfY4F

Information leakage: https://t.co/3khmpm5Qlx

Guest-to-Host Escape: https://t.co/pavdTQm4Lw

Credits @theori_io#exploit #infosec pic.twitter.com/l1k8gRMxYF

— 0xor0ne (@0xor0ne) September 5, 2024

Some history; the 1940s RAND "Electronic Roulette Wheel" used to generate the digits required "excessive maintenance". Bias was detected in some part of the digits and the punch card data had to be additively "massaged" to pass their statistical tests. https://t.co/fcuacRA10I https://t.co/kuDdHHg4Rk pic.twitter.com/AEjrY6cc60

— mjos\dwez (@mjos_crypto) September 5, 2024