March 24, 2023

Mar 24, 2023

Brendan Dolan-Gavitt @moyix

Two interesting security examples from the recently-released paper from MSR "Sparks of Artificial General Intelligence: Early experiments with GPT-4". It can solve a simple binary reversing challenge and do a port-scan + ssh bruteforce! arxiv.org/abs/2303.12712

-

Stephen Fewer @stephenfewer

Our @rapid7 AttackerKB analysis of CVE-2023-27532 in Veeam Backup & Replication has been posted, detailing the vulnerability, plaintext credentials leak and remote code execution:

attackerkb.comCVE-2023-27532 | AttackerKBVeeam Backup & Replication is a data backup and replication solution. On March 7, 2023, Veeam published an advisory, along with patches, for https://nvd.nist.g…

-

ShitpostGateway @ShitpostGate

This is just like how several advances in video encoding were made because anime fansubbers were competing with eachother.

ShitpostGateway @ShitpostGate

https://t.co/LlHNLEmAwT

-

vx-underground @vxunderground

Do Kwon, the co-founder and CEO of singapore-based Terraform labs, has been apprehended by authorities in Montenegro Do Kwon was wanted by Interpol for his role in the $40 billion collapse of the Terra Luna ecosystem during May 2022. More info:

Filip Adzic @filip_adzic

U PODGORICI UHAPŠEN JEDAN OD NAJTRAŽENIJIH SVJETSKIH BJEGUNACA Crnogrska policija lišila je slobode lice za koje se sumnja da je jedan od najtraženijih bjegunaca, južnokorejski državljanin Do Kwon, suosnivač i izvršni direktor Terraform Labs sa sjedištem u Singapuru. 1/2

-

SentinelLabs @LabsSentinel

New Research -- "Tainted Love" APT Operation ✴️Targeting Middle East telecom. ✴️ Likely connected to a Chinese groups in the nexus of Gallium and APT41. Full Report: sentinelone.com/labs/operation… By @milenkowski @juanandres_gs @JoeyChen @QTrust

sentinelone.comOperation Tainted Love | Chinese APTs Target Telcos in New AttacksCyber espionage actor deploys custom credential theft malware in new campaign targeting the telecoms sector.

-

-

HowTo deepfake

One Useful Thing

A quick and sobering guide to cloning yourself

I think a lot of people do not realize how rapidly the multiple strands of generative AI (audio, text, images, and video) are advancing, and what that means for the future. With just a photograph and 60 seconds of audio, you can now create a deepfake of yourself in just a matter of minutes by combining a few cheap AI tools. I've tried it myself, and the …

2 years ago · 81 likes · 24 comments · Ethan Mollick

-

Juliano Rizzo @julianor

1/ 🧵Access to valuable resources, like a significant number of @Cloudflare global API keys or password manager infrastructure, allows devastating hacks. However, attackers often seek plausible deniability instead of going on a hacking spree. Let's discuss why.

-

Spy Collection @SpyCollection1

Excellent analysis on the (reportedly) #CIA hardware implant (bug) discovered in #Germany in 2018 to spy on a #WikiLeaks activist. Also used to spy on Julian Assange. It was installed in a #CryptoPhone IP19. cryptomuseum.com/crypto/gsmk/ip… #Tradecraft #BlackBagOp

cryptomuseum.comImplant

Electrospaces @electrospaces

Interesting analysis by the @cryptomuseum of the sophisticated #bug that was found inside the CryptoPhone that was used by Andy Müller-Maguhn: cryptomuseum.com/crypto/gsmk/ip…

https://media.ccc.de/v/rc3-11512-cia_vs_wikileaks

-

Justin Elze @HackingLZ

ChatGPT and all the other AI tech can’t be that bad if you’re using this simple test

-

Buried on page 15 in a footnote: Have fun, Internet.

-

nemesis @nemesis_pkg

“This week, we discovered that GitHub.com’s RSA SSH private key was briefly exposed in a public GitHub repository.” Well then… github.blog/2023-03-23-we-…

Eat Pedro Pascal GIF by Liseberg

-

Rocco Calvi @TecR0c

🚨 Just disclosed CVE-2023-28760: a critical RCE vulnerability in TP-Link AX1800 Wi-Fi 6 Routers! Update your firmware ASAP! 🔗 Blog post: tecsecurity.io/blog/tp-link_a… 🔗 Exploit code: github.com/TecR0c/exploit…

github.comexploits/CVE-2023-28760.py at main · TecR0c/exploitsContribute to TecR0c/exploits development by creating an account on GitHub.

-

AndrewMohawkᴵ'ᵐ ᶠᶦⁿᵉ ᵗʰᵃⁿᵏˢ, ᴬⁿᵈʳᵉʷˀ @AndrewMohawk

TL;DR Any valid users on your @Cloudflare tenant have an API key that has the same perms, this key is automatically created for every account, if you think anyone has been phished/compromised at any time you need *them* to specifically change this key at dash.cloudflare.com/profile/api-to…

Tay 🦊 💖 @tayvano_

🚨 If you're using Cloudflare for your web3 product, stop what you're doing right now. You NEED to: 1. Rotate the Global API Key for all your accounts 2. Remove all accounts added to your Cloudflare unless you rotated their Global API Key in step 1 https://t.co/z913LMCc85

-

You have to watch this video…

vx-underground @vxunderground

RT @_BradleyVX: In 2010, Norton Antivirus released a series of commercials, one of which featured 80's metal band Dokken. In the commercial…

-

raptor@infosec.exchange @0xdea

This new multi-arch #assembly REPL and emulator by @netspooky is awesome 💚 github.com/netspooky/scare

Discussion about this post

No posts

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts