September 8, 2023
September 8, 2023
Apparently, no one in my office appreciated the interpretive dance routine I did with my middle fingers this morning.
— 𖤐 Father Red McGee 𖤐 (@drinksmcgee) September 7, 2023
North Korean actors 🇰🇵 are targeting security researchers again including use of at least one 0-day. IOCs in the blog ⬇️ If you've been in contact, please reach outhttps://t.co/SiMq2tsNuY pic.twitter.com/kjqmNdOWm8
— Maddie Stone (@maddiestone) September 7, 2023
More good stuff on Chrome RCE vuln research: @bjrjk wrote a super deep dive analysis of CVE-2022-4262, a non-trivial type confusion in v8 JavaScript engine which I reverse-engineered from patch early this year and briefly covered in my PHDays talk in May: https://t.co/lhWuQPXngG…
— Alisa Esage Шевченко (@alisaesage) September 7, 2023
US and UK dropped sanctions on Russian cybercriminals from the Trickbot/Conti ecosystem. UK being explicit about links to Russian intel. These guys were trying to launch a blitz on US hospitals on the eve of the elections during the height of COVID. https://t.co/muylLwrsMr
— John Hultquist🌻 (@JohnHultquist) September 7, 2023
Our latest blog on how we update the hypervisor on Azure Host OS in under a second: https://t.co/UtX01vIhJJ
— Hari Pulapaka (@TheRealHariP) September 6, 2023
By the way, I made some significant revisions and added some content to my article on the history of calculators:https://t.co/qC3SzMI7VK
— lcamtuf (@lcamtuf@infosec.exchange) (@lcamtuf) September 8, 2023
If you haven't read it before, now's the time! https://t.co/7SemofgNxH
Earlier this year, the Paranoids Vulnerability Research team disclosed a critical remote code execution (RCE) vulnerability in @GoIvanti’s endpoint management product: https://t.co/CMIktsDTH8.
— The Paranoids (@TheParanoids) September 7, 2023
North Korean actors 🇰🇵 are targeting security researchers again including use of at least one 0-day. IOCs in the blog ⬇️ If you've been in contact, please reach outhttps://t.co/SiMq2tsNuY pic.twitter.com/kjqmNdOWm8
— Maddie Stone (@maddiestone) September 7, 2023
List of "Cyber Weapons":
— Joe Słowik 🌻 (@jfslowik) September 7, 2023
* Stuxnet
* Industroyer
* Triton
* PowerShell
* Active Directory
— Tinfoil 🌻 (@tinfoil_globe) September 7, 2023
We're doing weapons right now, war crimes will come later.
— Joe Słowik 🌻 (@jfslowik) September 7, 2023
🚨🚨WE URGE EVERYONE TO UPDATE THEIR APPLE DEVICES AS SOON AS POSSIBLE.
— Citizen Lab (@citizenlab) September 7, 2023
We have found an actively exploited #zero #click vulnerability that was used to deliver #NSO group’s #Pegasus #spyware. https://t.co/BS0ZI4QuIz
I wonder if the report from FSB and Kaspersky on the alleged NSA hacking of iPhones earlier this year played a role in this decision? It seems like it would. (Ref: Russia says US hacked thousands of Apple phones in spy plot)
China reportedly bans iPhones from more government offices
https://www.theregister.com/2023/09/07/china_government_reportedly_bans_iphones/in bidens america it’s becoming illegal for men to have hobbies https://t.co/CfV7vY2cW2
— pudding person (@JUNlPER) September 7, 2023
Starting to get really busy at this year's Camouflage Festival pic.twitter.com/RvfEcWzxSv
— Dreadnought Holiday (@TheDreadShips) September 8, 2023
Regrading the NSO and ImageIO, I have to say last year I just spent a days to reverse ImageIO and spotted new supported image file formats (which means low hanging fruits), I fuzzed them for an hour via @ifsecure’s fuzzer, and got 7 Vulnerabilities. https://t.co/2VYBhGoiex
— Meysam (@R00tkitSMM) September 8, 2023
Start the conversation: