March 23, 2023

Open source libraries should stop forcing their way into the code base of billion $ companies. just stop!

Sam Altman @sama
-

Some genuinely staggering foreign interference stories coming out of Canada right now

Sam Cooper @scoopercooper
-

I did a little digging to see why Windows Snip and Sketch leaves part of the old image in a file when you crop a screenshot, potentially disclosing sensitive information (Acropalypse). It looks like the new Windows Save File API is defective by design. Why do I say this?🧵 1/9
-

I just did some digging into that “USB Bomb” story.
So here is a quick thread on what it looked like, the damage it did, and the pretext.
🧵1/n
bbc.com/news/world-lat…


So this looks to be one of the unexploded drives. Which indicates a modified brand name thumb drive.
Note reads:
THE INFORMATION IS GOING TO UNMASK THE CORREISMO.
THINK IT'S USEFUL, WE CAN REACH AN AGREEMENT AND I'LL SEND YOU THE SECOND PART.
🧵2/n

-
-

PARCH YO’ SILIC… actually, never mind - Researchers Spot Silicon-Level Hardware Trojans in Chips, Release Their Algorithm for All to Try - Hackster.io

-

[Casio headquarters, 1975]
CEO: We need to make our calculators more versatile. Give me your ideas.
First executive: Maybe they could also be phones?
Second executive, a smoker who often oversleeps: I have a better idea.

-
-
-

Success! @testanull of @starlabs_sg was able to execute a 2-bug chain on Microsoft SharePoint. They earn $100,000 and 10 Master of Pwn points. #Pwn2Own #P2OVancouver


-

Malware samples found while investigating targeted attacks often create hidden services to avoid detection on a live system. In our new blog post, we detail two new @volatility 3 plugins that automatically detect these hidden services within memory samples.
#DFIR #infosec

volatility @volatility
-
A look at 55 0days from 2022
https://www.mandiant.com/resources/blog/zero-days-exploited-2022
-