Infosec thread thread (?) Drop your thread accounts under this tweet so we can find each other 👇🏽

How to start with security analysis of embedded device firmwares (debugging and emulation) (With examples using D-Link routers and CVE-2022-1262) Excellent blog post by GreyNoise greynoise.io/blog/debugging… #cybersecurity #embedded

Excellent research work by Moshe Kol on exploiting a spinlock use-after-free. Android Binder (CVE-2022-20421) Paper: 0xkol.github.io/assets/files/R… OffensiveCon 23 slides: 0xkol.github.io/assets/files/O… #android #Linux #kernel #exploit

Self-driving cars cause a traffic jam in Austin, Texas. Shocking footage from Austin showed around 20 Cruise-operated Chevrolet Bolts causing traffic mayhem. "Are you telling me they have no way to get out of this?" a man shouts in the video. 😂😂

A lot neat 🍎-bugs patched in macOS 14.1: support.apple.com/en-us/HT213984 ...but especially intrigued by CVE-2023-41989 (credit: Jewel Lambert): "An attacker may be able to execute arbitrary code as root from the Lock Screen" ...via Emoji!? Ha 🤔😈

15 years ago, I helped design Google Maps. I still use it everyday. Last week, the team dramatically changed the map’s visual design. I don’t love it. It feels colder, less accurate and less human. But more importantly, they missed a key opportunity to

Called it! - classic Facebook move on Thxgiving eve. Unsealed nearly every redaction 233 pages in 40+ state AGs lawsuit alleging FB knowingly harmed children's mental health with addiction for profit. Email me, I'll send to you. Yellow = newly unsealed. 20 tweet summary here. /1

Excellent blog post for learning Linux (Android) kernel exploitation (Analysis and exploitation of CVE-2017-11176) Credits Nils Ole Timm (Blue Frost Security) labs.bluefrostsecurity.de/revisiting-cve… #Linux #android #cybersecurity

Looking for a comprehensive introduction into fuzzing with AFL++? Checkout my new video where I explain how to do it, by fuzzing libwebp with regular AFL++ and AFL++ persistent mode.

Exploiting 0-click Android Bluetooth vulnerability to inject keystrokes without pairing mobile-hacker.com/2024/01/23/exp…

Twitter seems to leak a birthday (confirmed birthday listed on account by user) that is supposed to be hidden on the account here. Consider removing birthday from Twitter to avoid it being accidentally made public (when it's marked as private on the account) from this potential

STRONG RECOMMENDATION - If you are a CISO and you have a 3rd party (Automation, AI, Analytics) that uses Sisense or you SUSPECT uses Sisense INSIST on an impact statement NOW. I can 100% guarantee there are a lot of you with impact. Your data was accessed by a threat actor.

President Trump’s attempt to use the wartime law, Alien Enemies Act of 1798, to deport noncitizens without due process is yet another unlawful and brazen power grab. Read my full statement with Senator Dick Durbin, Sen. Cory Booker, and Senator Peter Welch below:

Signal’s encryption is irrelevant to the discussion. The real problem with sharing Top Secret data over Signal is not the security of the app, it’s the security of the phone. And mobile phones are not secure against state level threat actors.

I see stories misstate protection that Signal's end-to-end encryption offers. E2E encryption only protects texts in transit - not texts stored on your device. If someone hacks your device or gets physical access to it they can read all sent/received texts that are on the device

Tim Miller: "There was a covert CIA operative named in the thread, right?" Jeffrey Goldberg: "Yes, and I withheld her name... I didn't put it in the story because she's under cover. But, I mean, the CIA Director put it into the chat."

Bro, you nearly killed all of them. Just resign.

As a former chair of the House Intelligence Committee, a few things leap out at me in reading the full Signalgate text chain: First, the specificity with which they identify one of their targets. They refer to him as “the top missile guy,” and also reveal that they know where

It gets worse. This Signal situation is just the tip of the iceberg of incompetence in this administration.

We are more vulnerable than ever to a cyber attack. Cybersecurity is national security. We must continue to invest in CISA’s workforce, strengthen our defenses against cyberattacks, and remain the leaders of AI into the future. reuters.com/world/china-pr…