- The Grugq's Newsletter
- Posts
- March 22, 2023
March 22, 2023
holy FUCK.
Windows Snipping Tool is vulnerable to Acropalypse too.
An entirely unrelated codebase.
The same exploit script works with minor changes (the pixel format is RGBA not RGB)
Tested myself on Windows 11
— David Buchanan (@David3141593)
4:54 PM • Mar 21, 2023
-
Their lifelong dream of not getting bitten by a sloth had been ruined.
— Norm Charlatan (@normcharlatan)
11:52 AM • Mar 16, 2023
-
-
A lot of y'all who said I couldn't fit this whole starfish in my mouth are real quiet these days.
— U.S. Fish and Wildlife Service (@USFWS)
2:58 PM • Mar 21, 2023
-
"The explosive device looked like a USB drive. He plugged it into his computer and it detonated."
Holy crap. That's a new attack vector.
Just in case you needed another reason not to plug in strange/untrusted USB drives.
— Deth Veggie (@DethVeggie)
5:25 PM • Mar 21, 2023
-
I dont know if this is known or not but I can't find a single tweet linking them so I'm putting it out there:
The Dec 2021 @BadgerDAO Hack
and
The Feb 2020 @iota Trinity Wallet Hack via @moonpayare *literally* identical.
cc @Mandiant@DavidSonstebo@Cloudflare@hascj
— Tay 🦊 💖 (@tayvano_)
2:08 PM • Apr 18, 2022
-
This is crazy and absolutely surreal!
I trained an AI on Steve Jobs’ voice…
…and then connected it to the chatGPT API 🤯
…and finally, connected it all to Facebook Messenger to allow for 2-way voice conversations with Steve Jobs about anything! 🤖
Final product (sound… twitter.com/i/web/status/1…
— John H. Meyer 🚀 (@BEASTMODE)
12:35 AM • Mar 20, 2023
-
Deutsche Telekom reached a secret deal with Huawei to blunt the impact of US sanctions against the Chinese firm, according to @handelsblatt. Many parallels between the Nord Stream 2 fiasco and Berlin’s handling of the 5G question. Current government will need to rectify
— Noah Barkin (@noahbarkin)
6:13 AM • Mar 22, 2023
-
Another entertaining #BinDiff and #exploit development adventure
Producing a #PoC for CVE-2022-42475 (#Fortinet#RCE)
// by @plopz0r
— [email protected] (@0xdea)
11:28 AM • Mar 22, 2023
-
This is scary.
ChatGPT has caught up with human intelligence.
If you ask it to list 20 great things about Ohio, it struggles and just mentions "it's affordable."
— Chris Bakke (@ChrisJBakke)
11:33 PM • Mar 21, 2023
-
Bard thinks that Google will shut it down within the next one to two years. 😂 twitter.com/i/web/status/1…
— Killed by Google (@killedbygoogle)
10:45 PM • Mar 21, 2023
-
New blogpost by @FuzzySec and I! Patch Tuesday -> Exploit Wednesday: Pwning Windows afd.sys in 24 Hours. We reverse engineer a bug + write an exploit using a cool new primitive. We also find out that it's been exploited in the wild (previously unknown). htt
— chompie (@chompie1337)
5:22 PM • Mar 21, 2023
-
The IPCO "reviewed a sample of statements drafted by analysts at GCHQ to justify the selection for examination of content obtained through bulk interception. We found that 41% of the statements sampled failed to address either necessity or proportionality".
— Dr. Dan Lomas (@Sandbagger_01)
7:21 AM • Mar 22, 2023
-
Outstanding work by @Doyensec as usual 👏
#Windows Installer EOP (CVE-2023-21800)
blog.doyensec.com//2023/03/21/wi…
— [email protected] (@0xdea)
8:43 AM • Mar 22, 2023
-
This looks interesting! #APT:
Приказ Минфина ДНР № 176. zip (Order of the Ministry of Finance of the DPR No. 176. zip)
c7d979437e828156c6c0000b9fbbddeb
1de44e8da621cdeb62825d367693c75eThe zip files contain an lnk and a decoy pdf file.
— Jazi (@h2jazi)
1:51 PM • Sep 23, 2022
seems to have first identified #BadMagic back in Sep 2022 which was just published by Kaspersky
— Brian Bartholomew (@Mao_Ware)
6:08 PM • Mar 21, 2023
Magic is here! We have discovered a previously unknown #APT that has been attacking organizations in the area affected by the conflict between Russia and Ukraine. Observed victims were compromised with previously unknown implants that we dubbed #PowerMagic and #CommonMagic. [1/4]
— Leonid Bezvershenko (@bzvr_)
8:04 AM • Mar 21, 2023
@bzvr_ Well me and my team did a comprehensive research on this but for some reasons (mainly because of attribution sensitivity) we have decided to hold it off from publishing.
— Jazi (@h2jazi)
3:03 PM • Mar 21, 2023
-
If you wish to honor @[email protected]'s memory, please donate to NARAL (https://prochoiceamerica.org), The Trevor Project (https://thetrevorproject.org), Envision Freedom Fund (https://envisionfreedom.org), and/or MrBallen Foundation (https://mrballen.foundation), charities which were meaningful to her.
-
-
Forget A TikTok Ban, We Need To Regulate Data Brokers And Pass A Real Privacy Law https://www.techdirt.com/2023/03/21/forget-a-tiktok-ban-we-need-to-regulate-data-brokers-and-pass-a-real-privacy-law/
We’ve noted for a while now how the great TikTok moral panic of 2023 is largely a distraction. It’s a distraction from the fact we’ve refused to meaningfully regulate dodgy data b…
-
just read the Economic Report of the President, pp 237-272, the crypto chapter.
it uh is *strident*. as you'd expect just after a huge disaster.
it's a great chapter, very clear and readable, and crypto is extremely upset.
“This chapter primarily examines crypto assets, whose proponents have been relearning the lessons from previous financial crises the hard way.”
“The risks presented by crypto assets stem from excessive speculation, high leverage, run risk, environmental harm from crypto asset mining, and fraudulent activities that harm retail investors and corporations.”
“This raises the question of the role of regulation in protecting consumers, investors, and the rest of the financial system from panics, crashes, and fraud related to crypto assets.”
it reads like someone has been very pissed off for a while and this was their chance to say something
also quotes James Mickens, lol
-
Reply