This sucks. I think I will have to actively seek a solution because this is no fun.

-

Interesting writeup on a logic bug (pathed back in feb. 2022) in readline which could allow lateral movement (credits @trailofbits) https://blog.trailofbits.com/2023/02/16/suid-logic-bug-linux-readline/

https://twitter.com/0xor0ne/status/1645509461254045700

-

Listening to @lawfarepodcast with Rob Joyce @RGB_Lights, Director of the Cybersecurity Directorate at @NSACyber (Skip to 2:40)

https://shows.acast.com/lawfare/episodes/rob-joyce-nsa-director-of-cybersecurity

https://twitter.com/swiftonsecurity/status/1644455265389932552

-

The most important and underexamined thing happening in U.S. Internet law right now is the emergence of various "child safety" laws that effectively regulate content on platforms, but don't say so. 1/

https://twitter.com/daphnehk/status/1645444955601772545

https://twitter.com/daphnehk/status/1645449688827715584

-

What’s brewing could be worst mass leak since Snowden 10 years ago. “leaked docs appear to go well beyond highly classified material on Ukraine… increasing trove also includes sensitive briefing slides on China, Indo-Pacific, the Middle East & terrorism.”

https://www.nytimes.com/2023/04/07/us/politics/classified-documents-leak.html

https://twitter.com/shashj/status/1644585822472097793

-

UA hacker group identified Serhiy Morgachev, one of the prominent hackers in Russia. Morgachev is Lt. Colonel of the GRU, wanted by the US for a number of cyber crimes. He is the informal leader of the APT 28 (Fancy Bear, Pawn Storm), which hacked the DNC servers in 2016

https://twitter.com/revishvilig/status/1645335714459009024

-

Some guy tried a romance scam on me and I went along to counter scam him. He finally asks for money, so I say "all my money is in Switzerland in a trustfund but to get it I need money for a plane ticket" he replies "that sounds like a scam"

https://twitter.com/lexialex/status/1645219448507498496

-

Declassified layout of the global UK Defense communications network (~1970) that consisted of a mix of cable, HF links and radio relay, and satellite communications.

https://twitter.com/aaronbateman22/status/1645410912071761920

-

Debtors give multiple examples of irresponsible key storage. Keys to >$100M stored in unencrypted plaintext, for example, or in tools unsuitable for the job. Keys were often accessible by many employees with no auditing. Keys were poorly labeled, with names like "use this".

https://twitter.com/molly0xfff/status/1645217786698903559

-

Annual P&L for a very large cybercrime org. Customer acquisition is the expensive bit (70% of revenue just for affiliate fees) but EBITDA still ends up at ~28%. It’s hypothetical but indicative & pieced together by

@TrendMicro

from leaked data & estimates https://trendmicro.com/en_us/research/23/d/unpacking-the-structure-of-modern-cybercrime-organizations--.html

https://twitter.com/lehtior2/status/1645492181665284097

-

A short detailing a Kerberos LPE I discovered while working with @tiraniddo on our BlackHat research. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21817… (CVE-2023-21817) This was fixed in Feb, but I think some will find the vulnerability & exploitation interesting.

https://twitter.com/monoxgas/status/1645565092229189632

-

#SVR dropped a new (second) issue of their official journal "#Razvedchik". With confident Sergey "We haven't had any illusions for a long time" Lavrov on the cover, it promises powerful content. Let's dig in. Long

https://twitter.com/inteltakes/status/1645265042953101314

-

Anne Keast-Butler to be first female director at GCHQ

https://www.bbc.com/news/uk-65240759

-