March 23, 2023
![Twitter avatar for @Aristot73](https://substackcdn.com/image/twitter_name/w_96/Aristot73.jpg)
Open source libraries should stop forcing their way into the code base of billion $ companies. just stop!
![Twitter avatar for @sama](https://substackcdn.com/image/twitter_name/w_40/sama.jpg)
Sam Altman @sama
-
![Twitter avatar for @stephendziedzic](https://substackcdn.com/image/twitter_name/w_96/stephendziedzic.jpg)
Some genuinely staggering foreign interference stories coming out of Canada right now
![Twitter avatar for @scoopercooper](https://substackcdn.com/image/twitter_name/w_40/scoopercooper.jpg)
Sam Cooper @scoopercooper
-
![Twitter avatar for @sjmurdoch](https://substackcdn.com/image/twitter_name/w_96/sjmurdoch.jpg)
I did a little digging to see why Windows Snip and Sketch leaves part of the old image in a file when you crop a screenshot, potentially disclosing sensitive information (Acropalypse). It looks like the new Windows Save File API is defective by design. Why do I say this?🧵 1/9
-
![Twitter avatar for @_MG_](https://substackcdn.com/image/twitter_name/w_96/_MG_.jpg)
I just did some digging into that “USB Bomb” story.
So here is a quick thread on what it looked like, the damage it did, and the pretext.
🧵1/n
bbc.com/news/world-lat…
![](https://substackcdn.com/image/fetch/w_600,h_314,c_fill,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F600a284a-b16e-4f79-bc6e-9f87ef9f4741_1024x576.jpeg)
![Twitter avatar for @_MG_](https://substackcdn.com/image/twitter_name/w_96/_MG_.jpg)
So this looks to be one of the unexploded drives. Which indicates a modified brand name thumb drive.
Note reads:
THE INFORMATION IS GOING TO UNMASK THE CORREISMO.
THINK IT'S USEFUL, WE CAN REACH AN AGREEMENT AND I'LL SEND YOU THE SECOND PART.
🧵2/n
![Image](https://substackcdn.com/image/fetch/w_600,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fpbs.substack.com%2Fmedia%2FFr14EgAaQAYrsgG.jpg)
-
-
![Twitter avatar for @caseyjohnellis](https://substackcdn.com/image/twitter_name/w_96/caseyjohnellis.jpg)
PARCH YO’ SILIC… actually, never mind - Researchers Spot Silicon-Level Hardware Trojans in Chips, Release Their Algorithm for All to Try - Hackster.io
![](https://substackcdn.com/image/fetch/w_600,h_314,c_fill,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2Fde265453-4497-482f-bebb-47976d9da0af_600x450.jpeg)
-
![Twitter avatar for @JohnLyonTweets](https://substackcdn.com/image/twitter_name/w_96/JohnLyonTweets.jpg)
[Casio headquarters, 1975]
CEO: We need to make our calculators more versatile. Give me your ideas.
First executive: Maybe they could also be phones?
Second executive, a smoker who often oversleeps: I have a better idea.
![Image](https://substackcdn.com/image/fetch/w_600,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fpbs.substack.com%2Fmedia%2FFr3Egn0WYAUrsG_.jpg)
-
-
-
![Twitter avatar for @thezdi](https://substackcdn.com/image/twitter_name/w_96/thezdi.jpg)
Success! @testanull of @starlabs_sg was able to execute a 2-bug chain on Microsoft SharePoint. They earn $100,000 and 10 Master of Pwn points. #Pwn2Own #P2OVancouver
![Image](https://substackcdn.com/image/fetch/w_600,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fpbs.substack.com%2Fmedia%2FFr2J3H3acAAm1jp.jpg)
![Image](https://substackcdn.com/image/fetch/w_600,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fpbs.substack.com%2Fmedia%2FFr2J6pjaQAAPTYm.jpg)
-
![Twitter avatar for @attrc](https://substackcdn.com/image/twitter_name/w_96/attrc.jpg)
Malware samples found while investigating targeted attacks often create hidden services to avoid detection on a live system. In our new blog post, we detail two new @volatility 3 plugins that automatically detect these hidden services within memory samples.
#DFIR #infosec
![Twitter avatar for @volatility](https://substackcdn.com/image/twitter_name/w_40/volatility.jpg)
volatility @volatility
-
A look at 55 0days from 2022
https://www.mandiant.com/resources/blog/zero-days-exploited-2022
-