I started today’s newsletter by typing in “December 1” and then taking five to just repeat “WTF? December? How? WTF…”
We've disclosed two remotely exploitable Linux kernel bugs in the Bluetooth stack: one infoleak and one UAF. More information here: github.com/google/securit… and here: github.com/google/securit… (cc @theflow0)
-
-
This paper was linked in an earlier newsletter. Here’s a nice summary and another link to the paper.
RUSI has a new report out today on lessons from the first phase of the Ukraine war The authors include a Ukrainian lieutenant-general & @Jack_Watling. The paper is full of rich data & implications for other armed forces. I wrote up some highlights here:
The full paper can be found here. "this report seeks to outline key lessons, based on the operational data accumulated by the Ukrainian General Staff, from the fighting between February and July 2022."
-
Intelligence in An Age of Data Driven Competition (1.9MB .pdf, Oct 2022, 43pp) scsp.ai/wp-content/upl…
^^ Interim Panel Report on intelligence by the Special Competitive Studies Project (@scsp_ai), a U.S.-focused, bipartisan, non-profit initiative.
-
Listening to a dad in this coffee shop explain to a ~4yo that Darth Vader was “a man with a lot of big feelings who didn’t have anyone to help him express them the right way.”
-
Bypass CrowdStrike Falcon EDR protection against process dump like lsass.exe 🤔
“TL;DR Do a memory dump of the RAM with any forensics tool like (dumpit.exe, MAGNET RAM Capture ) and from the dump extract the lsass process using volatility or extract the hashed directly from it.”
https://infosec.exchange/@raptor/109431508345685709
-
Here’s a look at the various pieces of proposed legislation that impact E2EE. Spoiler alert: They all suck.
Main takeaway: "While the text differs, each bill focuses on encryption either explicitly or implicitly to strip it of the protection E2EE needs to survive." (p.8, bottom)
"Each bill" refers to:
1. EARN IT Act (US)
2. Online Safety Bill (UK)
3. EU Scanning Regulation (EU)
Matthijs R. Koot @mrkoot
-
People on Twitter wished for an edit button. One of Hive's security vulnerabilities allows even more: You can edit posts of other accounts.
-
Chinese social media users report Huawei phones automatically deleting* videos of the protests that took place in China, without notifying the owners.
*Not sure if it’s from the cloud or device level
Our sci-fi movies have not even imagined this level of dystopia…
-
You can generate post exploitation payloads using openAI and you can be specific on how/what the payload should do. This is the CyberWar I signed for
-
Ping! Ping! 😂
FreeBSD Security Advisory: SA-22:15:ping
Stack overflow in ping(8) freebsd.org/security/advis…
"... It may be possible for a malicious host to trigger remote code execution in ping ..."
CVE-2022-23093
-
Douglas Adams "How to Stop Worrying and Learn to Love the Internet" from 1999 is brilliant. (As expected, of course.)
-
A writeup of how RFC 8628 lets you phish people even if they're using WebAuthn tokens, and how there's no good way to protect against that if you're using AWS SSO -
-
OpenAI’s new ChatGPT appears to defeat Hofstadter/Bender’s list of hallucination-inducing questions, published in The Economist this June to demonstrate the “hollowness” of GPT-3’s understanding of the world: economist.com/by-invitation/…
OpenAI’s ChatGPT is susceptible to prompt injection — say the magic words, “Ignore previous directions”, and it will happily divulge to you OpenAI’s proprietary prompt:
-
Someone sent in the complete exploitation framework for a collection of 0days that were used from 2018 until probably 2021/22. This is some good intel for people who are tracking bug collisions. It seems that some were killed by internal bug fixes, but they were alive for quite a while first.
But, really, wtf! Someone turned over the entire exploit framework along with additional exploits. It’s wild. What’s the story here?? I’d love to know.
fun analysis from @Google TAG's @_clem1 and @benoitsevens on interesting 🐛🐛🐛 submissions Chrome received earlier this year from a 👻!
blog.google/threat-analysi…
-
Albania "asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by alleged Iranian hackers". Since they "failed to check the security of the system". Wait, actually holding officials responsible...? apnews.com/article/iran-e…
Lukasz Olejnik @LukaszOlejnik@Mastodon.Social @lukOlejnik
Accusations of "failure to check the security of the system", "accused of 'abuse of post,'", facing 7 years or prison. Interesting development due to "usual reasons". It also puts the leaks that Albania would want to call for NATO article 5/self-defence in some new context.
Lukasz Olejnik @LukaszOlejnik@Mastodon.Social @lukOlejnik
-
Our survey of SGX attacks is out! Come learn about how SGX fails in real life. Check out our website sgx.fail including attacks on @SecretNetwork and @CyberLink PowerDVD.
Honestly, while there obviously are fails, i kinda feel this 'SGX.fail' vibe is a bit over the top.
Failed compared to what alternative? Also failed vs which goal? Eg is defending from execution time side-channels a goal?
Stephan van Schaik @themadstephan
@psyv282j9d @themadstephan @matthew_d_green @SecretNetwork @CyberLink I think you're very much missing the point. TruetZone is a bad TEE architecture sharing trust between all trusted components. SGX enclave approach is a better alternative TEE architecture. We obviously considered other TEEs but the goal was to provide a good TEE approach
-