April 12, 2023
Biden is visiting Norther Ireland and the locals have put up welcome signs.
-
Microsoft just patched a Critical vulnerability we found in the Message Queuing (MSMQ) service that can lead to ๐จ๐ป๐ฎ๐๐๐ต๐ผ๐ฟ๐ถ๐๐ฒ๐ฑ ๐ฅ๐ฒ๐บ๐ผ๐๐ฒ ๐๐ผ๐ฑ๐ฒ ๐๐ ๐ฒ๐ฐ๐๐๐ถ๐ผ๐ป with just a single packet!
Great finding by @HaifeiLi! #QueueJumper
https://twitter.com/megabeets_/status/1645837113567346688
-
China regulating generative AI. "Content generated by generative artificial intelligence should embody core socialist values and must not contain any content that subverts state power". Providers become legally liable for generated content. http://cac.gov.cn/2023-04/11/c_1682854275475410.htm
https://twitter.com/lukolejnik/status/1645850472287293450
-
Microsoft and Citizen Lab have outed more activity from Israeli spyware firm and NSO competitor QuaDream, finding evidence that at least five civil society actors had their iPhones compromised by the company's software. (with @Bing_Chris)
https://twitter.com/razhael/status/1645833843675365378
-
Bellingcatโs @AricToler spoke to the @lawfarepodcast about how he tracked down leaked US intelligence documents to a little known Discord server named "Thug Shaker Central". Listen here:
https://www.lawfareblog.com/lawfare-podcast-rid-and-toler-latest-megaleak
-
Announcing the general release of the Binarly Transparency Platform, delivering unprecedented transparency for device supply chains enabling device manufacturers and endpoint protection products to comprehensively analyze both firmware and hardware.
https://twitter.com/binarly_io/status/1645881411973558273
-
>>If the signal is suppressed at 100% between 20-30 km, how does the drone manage to come so close? Ukraine designed and built a drone using different frequencies that was systems engineered with faraday cage style providing passive resistance to R330-ZH jamming signals. 1/2 https://twitter.com/PStyle0ne1/status/1645863182345424915โฆ
https://twitter.com/trenttelenko/status/1645870216813989888
-
Just published details of 5x SMM vulnerabilities in Insyde Software. The bugs span several SMI handlers including a fun parsing bug when performing a BIOS Guard Update.
https://research.nccgroup.com/2023/04/11/stepping-insyde-system-management-mode/
https://twitter.com/uffeux/status/1645789486289424391
-
Russian hackers โtarget security cameras inside Ukraine coffee shopsโ
-
โLetโs schedule this meeting for after the layoffs and we can discuss it if weโre both still hereโ - a sentence I never expected to be uttering multiple times a week
https://twitter.com/carnage4life/status/1645769263775612930
(Life at Meta)
-
If you're interested in Java Deserialization Exploitation with recent JDKs, feel free to check out https://codewhitesec.blogspot.com/2023/04/java-exploitation-restrictions-in.html by our very own @frycos. We'll not publish tooling but maybe this blog post pushes research(ers) into new and interesting directions...
https://twitter.com/codewhitesec/status/1645779857375150081
-
Remember the story about the alleged hacking of water systems? Itโฆ never happened. โthe employee, โbanging on his keyboard,โ accidentally caused the increased lye concentrationโ. Also, there was never any danger. But it helped in cybersecurity budgeting. https://tampabay.com/news/pinellas/2023/04/11/oldsmar-cyberattack-water-supply-poisoning-fbi-update/
https://twitter.com/lukolejnik/status/1646048223419588608
-
Elite hackers have gotten gpt4all to run on a ti-84 calculator. AP calculus exams will never be the same again.
https://twitter.com/andriy_mulyar/status/1644191124217536514