March 24, 2023
![Twitter avatar for @moyix](https://substackcdn.com/image/twitter_name/w_96/moyix.jpg)
Two interesting security examples from the recently-released paper from MSR "Sparks of Artificial General Intelligence: Early experiments with GPT-4". It can solve a simple binary reversing challenge and do a port-scan + ssh bruteforce! arxiv.org/abs/2303.12712
![Image](https://substackcdn.com/image/fetch/w_600,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fpbs.substack.com%2Fmedia%2FFr6V_9WXgAEZMyr.png)
![Image](https://substackcdn.com/image/fetch/w_600,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fpbs.substack.com%2Fmedia%2FFr6WCZKXsAUGX-2.png)
![Image](https://substackcdn.com/image/fetch/w_600,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fpbs.substack.com%2Fmedia%2FFr6WKUWWIAIfaZY.jpg)
-
![Twitter avatar for @stephenfewer](https://substackcdn.com/image/twitter_name/w_96/stephenfewer.jpg)
Our @rapid7 AttackerKB analysis of CVE-2023-27532 in Veeam Backup & Replication has been posted, detailing the vulnerability, plaintext credentials leak and remote code execution:
![](https://substackcdn.com/image/fetch/w_600,h_314,c_fill,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F96eb73bd-869b-48f4-b882-37e2f547c816_1024x512.png)
-
![Twitter avatar for @Lol8ball](https://substackcdn.com/image/twitter_name/w_96/Lol8ball.jpg)
This is just like how several advances in video encoding were made because anime fansubbers were competing with eachother.
![Twitter avatar for @ShitpostGate](https://substackcdn.com/image/twitter_name/w_40/ShitpostGate.jpg)
ShitpostGateway @ShitpostGate
-
![Twitter avatar for @vxunderground](https://substackcdn.com/image/twitter_name/w_96/vxunderground.jpg)
Do Kwon, the co-founder and CEO of singapore-based Terraform labs, has been apprehended by authorities in Montenegro
Do Kwon was wanted by Interpol for his role in the $40 billion collapse of the Terra Luna ecosystem during May 2022.
More info:
![Twitter avatar for @filip_adzic](https://substackcdn.com/image/twitter_name/w_40/filip_adzic.jpg)
Filip Adzic @filip_adzic
-
![Twitter avatar for @LabsSentinel](https://substackcdn.com/image/twitter_name/w_96/LabsSentinel.jpg)
New Research -- "Tainted Love" APT Operation
✴️Targeting Middle East telecom.
✴️ Likely connected to a Chinese groups in the nexus of Gallium and APT41.
Full Report: sentinelone.com/labs/operation…
By @milenkowski @juanandres_gs @JoeyChen @QTrust
![](https://substackcdn.com/image/fetch/w_600,h_314,c_fill,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F81ccb572-a5f8-42c8-a5ab-d8dfcc9ea0f2_1200x628.jpeg)
-
-
HowTo deepfake
-
![Twitter avatar for @julianor](https://substackcdn.com/image/twitter_name/w_96/julianor.jpg)
1/ 🧵Access to valuable resources, like a significant number of @Cloudflare global API keys or password manager infrastructure, allows devastating hacks. However, attackers often seek plausible deniability instead of going on a hacking spree. Let's discuss why.
-
![Twitter avatar for @SpyCollection1](https://substackcdn.com/image/twitter_name/w_96/SpyCollection1.jpg)
Excellent analysis on the (reportedly) #CIA hardware implant (bug) discovered in #Germany in 2018 to spy on a #WikiLeaks activist. Also used to spy on Julian Assange.
It was installed in a #CryptoPhone IP19.
cryptomuseum.com/crypto/gsmk/ip…
#Tradecraft #BlackBagOp
![Twitter avatar for @electrospaces](https://substackcdn.com/image/twitter_name/w_96/electrospaces.jpg)
Interesting analysis by the @cryptomuseum of the sophisticated #bug that was found inside the CryptoPhone that was used by Andy Müller-Maguhn:
cryptomuseum.com/crypto/gsmk/ip…
![Image](https://substackcdn.com/image/fetch/w_600,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fpbs.substack.com%2Fmedia%2FFr6n7s5XwAItRpv.jpg)
https://media.ccc.de/v/rc3-11512-cia_vs_wikileaks
-
-
-
![Twitter avatar for @nemesis_pkg](https://substackcdn.com/image/twitter_name/w_96/nemesis_pkg.jpg)
“This week, we discovered that GitHub.com’s RSA SSH private key was briefly exposed in a public GitHub repository.”
Well then…
github.blog/2023-03-23-we-…
![Eat Pedro Pascal GIF by Liseberg](https://substackcdn.com/video/upload/e_loop,vs_40/lnltjfeyhe1zrzzp3q8r.gif)
-
![Twitter avatar for @TecR0c](https://substackcdn.com/image/twitter_name/w_96/TecR0c.jpg)
🚨 Just disclosed CVE-2023-28760: a critical RCE vulnerability in TP-Link AX1800 Wi-Fi 6 Routers! Update your firmware ASAP!
🔗 Blog post: tecsecurity.io/blog/tp-link_a…
🔗 Exploit code: github.com/TecR0c/exploit…
![](https://substackcdn.com/image/fetch/w_600,h_314,c_fill,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F40643608-59dc-42e2-86ba-ea90d10e4840_1200x630.png)
-
![Twitter avatar for @AndrewMohawk](https://substackcdn.com/image/twitter_name/w_96/AndrewMohawk.jpg)
TL;DR Any valid users on your @Cloudflare tenant have an API key that has the same perms, this key is automatically created for every account, if you think anyone has been phished/compromised at any time you need *them* to specifically change this key at dash.cloudflare.com/profile/api-to…
![Twitter avatar for @tayvano_](https://substackcdn.com/image/twitter_name/w_40/tayvano_.jpg)
Tay 🦊 💖 @tayvano_
-
You have to watch this video…
![Twitter avatar for @vxunderground](https://substackcdn.com/image/twitter_name/w_96/vxunderground.jpg)
RT @_BradleyVX: In 2010, Norton Antivirus released a series of commercials, one of which featured 80's metal band Dokken. In the commercial…
-