March 24, 2023

Two interesting security examples from the recently-released paper from MSR "Sparks of Artificial General Intelligence: Early experiments with GPT-4". It can solve a simple binary reversing challenge and do a port-scan + ssh bruteforce! arxiv.org/abs/2303.12712

— Brendan Dolan-Gavitt (@moyix)
2:35 PM • Mar 23, 2023

Our @rapid7 AttackerKB analysis of CVE-2023-27532 in Veeam Backup & Replication has been posted, detailing the vulnerability, plaintext credentials leak and remote code execution: http

— Stephen Fewer (@stephenfewer)
2:21 PM • Mar 23, 2023

— ShitpostGateway (@ShitpostGate)
7:48 PM • Mar 21, 2023

This is just like how several advances in video encoding were made because anime fansubbers were competing with eachother.

— Cone (@Lol8ball)
11:32 AM • Mar 22, 2023

Do Kwon, the co-founder and CEO of singapore-based Terraform labs, has been apprehended by authorities in Montenegro

Do Kwon was wanted by Interpol for his role in the $40 billion collapse of the Terra Luna ecosystem during May 2022.

More info:

— vx-underground (@vxunderground)
2:09 PM • Mar 23, 2023

New Research -- "Tainted Love" APT Operation

✴️Targeting Middle East telecom.
✴️ Likely connected to a Chinese groups in the nexus of Gallium and APT41.

Full Report:

By @milenkowski@juanandres_gs@JoeyChen@QTrust

— SentinelLabs (@LabsSentinel)
2:27 PM • Mar 23, 2023

1/ 🧵Access to valuable resources, like a significant number of @Cloudflare global API keys or password manager infrastructure, allows devastating hacks. However, attackers often seek plausible deniability instead of going on a hacking spree. Let's discuss why.

— Juliano Rizzo (@julianor)
1:08 PM • Mar 23, 2023

Excellent analysis on the (reportedly) #CIA hardware implant (bug) discovered in #Germany in 2018 to spy on a #WikiLeaks activist. Also used to spy on Julian Assange.

It was installed in a #CryptoPhone IP19.

#Tradecraft#BlackBagOp

— Spy Collection (@SpyCollection1)
5:51 AM • Mar 24, 2023

Interesting analysis by the @cryptomuseum of the sophisticated #bug that was found inside the CryptoPhone that was used by Andy Müller-Maguhn:
cryptomuseum.com/crypto/gsmk/ip…

— Electrospaces (@electrospaces)
3:55 PM • Mar 23, 2023

ChatGPT and all the other AI tech can’t be that bad if you’re using this simple test

— Justin Elze (@HackingLZ)
12:36 PM • Mar 23, 2023

Buried on page 15 in a footnote:

Have fun, Internet.

— Suhail (@Suhail)
11:00 PM • Mar 20, 2023

“This week, we discovered that GitHub.com’s RSA SSH private key was briefly exposed in a public GitHub repository.”

Well then…

github.blog/2023-03-23-we-…

— nemesis (@nemesis_pkg)
6:29 AM • Mar 24, 2023

🚨 Just disclosed CVE-2023-28760: a critical RCE vulnerability in TP-Link AX1800 Wi-Fi 6 Routers! Update your firmware ASAP!

🔗 Blog post:
🔗 Exploit code: github.com/TecR0c/exploit…

— Rocco Calvi (@TecR0c)
5:09 AM • Mar 24, 2023

TL;DR Any valid users on your @Cloudflare tenant have an API key that has the same perms, this key is automatically created for every account, if you think anyone has been phished/compromised at any time you need *them* to specifically change this key at dash.cloudflare.com/profile/api-to…

— AndrewMohawkᴵ'ᵐ ᶠᶦⁿᵉ ᵗʰᵃⁿᵏˢ, ᴬⁿᵈʳᵉʷˀ (@AndrewMohawk)
4:53 AM • Mar 24, 2023

RT @_BradleyVX: In 2010, Norton Antivirus released a series of commercials, one of which featured 80's metal band Dokken. In the commercial…

— vx-underground (@vxunderground)
8:38 AM • Mar 24, 2023

This new multi-arch #assembly REPL and emulator by @netspooky is awesome 💚

github.com/netspooky/scare

— [email protected] (@0xdea)
11:38 AM • Mar 24, 2023