timb_machine, Interesting links of the week:
Strategy:
- https://freedomnews.org.uk/2024/01/20/david-cameron-advised-continuing-arms-exports-to-israel/ - insufficient bombing detected
- https://www.performance.gov/cyber/ - keeping score on US federal agencies
- https://www.gov.uk/government/news/business-leaders-urged-to-toughen-up-cyber-attack-protections - y0, patch your shit, yells HMG
- https://www.ncsc.gov.uk/blog-post/landing-at-the-ncsc-glad-i-brought-my-towel - @ollie_whitehouse and his first 60 days keeping us safe and what he wants by way of new capability
- https://therecord.media/katie-moussouris-vulnerability-disclosure-china-european-union - @k8em0 talks disclosure
Standards:
- https://niccstandards.org.uk/publications/ - how UK telco plc plans to address the rigour of TSAs
Threats:
- https://arstechnica.com/security/2024/01/hackers-can-id-unique-apple-airdrop-users-chinese-authorities-claim-to-do-just-that/ - .cn in your Mac, AirDropping your ID
- https://pbom.dev/ - s/january24/february25/g and other tall tales
- https://www.jamf.com/blog/jtl-malware-pirated-applications/ - as if OS X wasn't terrible enough
Detection:
- https://www.microsoft.com/en-us/security/blog/2023/12/05/microsoft-incident-response-lessons-on-preventing-cloud-identity-compromise/ - hardening the cloud
- https://www.mandiant.com/sites/default/files/2022-06/wp-proactive-prep-and-hardening-wp.pdf - turn about is fair play, if Microsoft wants to defend the cloud, Google wants to defend AD
- https://www.honeycomb.io/blog/alerts-are-fundamentally-messy - alerts are hard, let's go shopping!
Exploitation:
- https://alecmuffett.com/article/108789 - @alecm gives us a history lesson
Bugs:
- https://blog.trailofbits.com/2024/01/16/leftoverlocals-listening-to-llm-responses-through-leaked-gpu-local-memory/ - @trailofbits demonstrate why it's important to make sure you regularly purge your robot's short term memory
- https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-one/ - popping X11
- https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes - Outlook not quite so sunny
- https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz - can't find the page you want, here's one I made earlier
- https://security.humanativaspa.it/nothing-new-under-the-sun/ - more bugz, @raptor plz
Hard hacks:
- https://privatedrop.github.io/ - the original AirDrop privacy report
- https://kirbah.github.io/apc-ups/Smart-protocol/ - speak to the source of power
Nerd:
- https://blog.emfcamp.org/2024/01/21/emf-2024-ticket-sales/ - EMFCamp 2024 on the horizon