🚨 WE URGE ALL USERS TO UPDATE THEIR KEYBOARD APPS IMMEDIATELY 🚨
🆕 New @citizenlab report finds vulnerabilities in the security of cloud-based #pinyin#keyboard apps from vendors Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi that could be exploited to reveal…
If LLMs can create exploits given enough vulnerability information, will the new "responsible disclosure" be measured as one that doesn't have enough details that the current state of the art LLM can write an exploit?
I will be hosting a live chat this morning at 10:30 ET with Veracode's new CEO Brian Roche! We will be discussing extremely cool things going on at Veracode now including AI code remediation & combining appsec and production risk management with Longbow. youtube.com/live/OpctuCNjY…
You can find my analysis of this paper here. TLDR it appears as if GPT4 is using public exploits for most of these CVEs. But until they publish their code, data and results we cannot be sure. Regardless there is likely no emergent AI capability here.
struct.github.io/auto_agents_1_…
You can find my analysis of this paper here. TLDR it appears as if GPT4 is using public exploits for most of these CVEs. But until they publish their code, data and results we cannot be sure. Regardless there is likely no emergent AI capability here.
struct.github.io/auto_agents_1_…
One of my favorite chapters to collaborate on in ‘Building Secure and Reliable Systems’ (O’Reilly 2020) was how we build a culture of security and reliability at Google. Dropping a quick reminder that it’s now open-sourced: google.github.io/building-secur…
Chinese government-linked hackers have burrowed into U.S. critical infrastructure and are waiting "for just the right moment to deal a devastating blow," FBI Director Christopher Wray said on Thursday. reuters.com/technology/cyb…
New “Founders Helping Founders” podcast!
Chris Wysopal (@WeldPond) is the founder of Veracode (@Veracode), a $2.5 billion cybersecurity company
He is one of the first hackers turned founders who turned his curiosity in computing into a creative force as an entrepreneur
As a…
The Summercon community is heartbroken over the loss of Sophia d'Antoine. An inspiring speaker and cherished friend, @Calaquendi44's contributions to Summercon and the infosec community were immeasurable. We offer our heartfelt condolences to her family and all who loved her.
Removing access to SaaS apps without SSO remains a perennial challenge for businesses.
"Cano had access to the accounts in his capacity as Orlando’s asst & continued to have access despite no longer being Orlando’s asst or working at Benessere" wired.com/story/truth-so…
Excerpt from Walter Scheirer's "A History of Fake Things on the Internet" where he talks about the early days of internet and pre-internet information distributed by early net and pre-net denizens like @L0phtHeavyIndlithub.com/unlocking-digi…
Recon has been on my "must go" list for a long time and in 2024 I will finally get to participate for the first time in this great conference. Come to Montreal in June!
I will be on @criscifuentes decompilation panel. #ilovebinaries
Recon has been on my "must go" list for a long time and in 2024 I will finally get to participate for the first time in this great conference. Come to Montreal in June!
I will be on @criscifuentes decompilation panel. #ilovebinaries
Auth logic is often complex & requires manual code review
"An error in the account handler lets an attacker skip the PIN verification entirely and create a privileged user profile"
What will happen in 10 yrs? Will IoT still get security updates? #abandonware…
206K Followers 6K FollowingFounder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better place
31K Followers 7K FollowingStrawberry Tempest. Weird security voyeur. Vibe merchant. CISO of your heart. Official USPS fan account. 🎉 Host of THE Microsoft Threat Intelligence Podcast.
26K Followers 571 FollowingConsultant for InfoSec Innovations | @SANSInstitute Principal Instructor | @IANS_Security Faculty | I like information security. How about you?
15K Followers 2K FollowingX-Force, Team Hashcat, Bishop of the Church of Wifi, Uber Badge Collector. Views != Employers. Not a Ph.D, Recycled Memes. Multi User Dungeon Shenanigator.
8K Followers 3K FollowingHerr Doktor Professor Deth Vegetable -- CULT OF THE DEAD COW -- .ooM
Hacker / Archaeologist / Gadabout / Professional Something-or-Other.
45K Followers 2K FollowingI will light the way by the bridges I burn.
Retired Senior SANS Instructor
IANS Faculty
Black Hills Information Security
Active Countermeasures
62K Followers 3K FollowingStoryteller, wanderer, comic, historian, world’s oldest millennial. I used to do stuff, now I do other stuff. @[email protected]
1K Followers 931 Followingqueer cubano | improviser with @dads_garage | Head of Security at Elpha Secure | voice actor | magical girl | He/They
@roobots.bsky.social
9K Followers 3K FollowingSenior Community Manager @GreyNoiseIO.
Podcaster @CannaBuzzApp. Tweets about @blink182. Formerly @ Google Chrome, Bugcrowd, Microsoft, EA + a bunch of others
30 Followers 200 FollowingFrench n00b hacker.
This is my "kinda stealthy pro account", whatever that means...
Images are from Mr Robot awesome cybersec serie.
13 Followers 44 FollowingPassionate newcomer to the cybersecurity world 🛡️ | Dedicated to protecting digital assets and privacy | Lifelong exploring the intricacies of infosec.
206K Followers 6K FollowingFounder @Binary_Defense @TrustedSec Co-Owner https://t.co/HQC75WhdJh. @WeHackHealth Podcast. Fam First/Hacker/CSO/USMC/Intel/Fitness. Motto: Make world a better place
95K Followers 3K FollowingJournalist - cyber/national security. Author - COUNTDOWN TO ZERO DAY: Stuxnet and the Launch of the World's First Digital Weapon. https://t.co/334DzfSL1f
8K Followers 3K FollowingHerr Doktor Professor Deth Vegetable -- CULT OF THE DEAD COW -- .ooM
Hacker / Archaeologist / Gadabout / Professional Something-or-Other.
67K Followers 343 FollowingMake a dent in the universe. Find something that needs improvement: go there and fix things. If not you, then who? {he/they}
62K Followers 3K FollowingStoryteller, wanderer, comic, historian, world’s oldest millennial. I used to do stuff, now I do other stuff. @[email protected]
54K Followers 3K FollowingDirector of Intel at @redcanary. SANS Certified Instructor for FOR578: CTI. Senior Fellow at @CyberStatecraft. She/her. Mastodon: @[email protected]
62K Followers 294 FollowingPresident SANS Technology Institute College. SANS Fellow. Pen Tests & Inc Handling. Founder & CEO @CounterHackSec. Board of @manasquanbank and @fpatheatre.com
17K Followers 3K FollowingInformation Security - People Person - BBQ and general food Amateur - Kindness scales! - Ubukhulu Abubangwa - Building Security You Love
27K Followers 2K FollowingHelping Secure the Internet | Long Island elder emo surviving in ATX | Expect: infosec current events, DFIR, appsec & cloudsec - and me!
28K Followers 7K FollowingHead of Chaos at Veilid. Thot Leader. Sinfluencer. Destroyer of data capitalism. Shitposting, not technical tweets. https://t.co/Yjh1uJRlFP https://t.co/109laOiTlz
292 Followers 1K FollowingI like to break things in creative ways, preferably adding functionality in the process that the original creator never imagined.
37K Followers 283 FollowingAuthor, Engineer, Sharpshooter, part-time Daemon Prince of Tzeentch. Not a cat.
If you see hell everywhere you look, then perhaps hell is inside your eyes.
11K Followers 6K FollowingFather, UTA repped Film Director, AI art, Featured on Forbes, The Hollywood Reporter, Adage, NBC, No Film School. IG: https://t.co/aVtAQYmjnG
339K Followers 2K FollowingInvestigative journalism that questions, explains & changes our world. Watch us on @PBS, Tuesdays at 10/9c or stream at any time.
6K Followers 659 FollowingAppSec Expert with over 15 yrs of experience | Author of 2 books and Black Hat Trainer | Building the world's best Security Training Platform, @AppSecEngineer
814K Followers 963 FollowingMenswear writer. Editor at @putthison. Creator of @RLGoesHard. Bylines at The New York Times, The Washington Post, The Financial Times, Esquire, and Mr. Porter
5K Followers 1K FollowingPronounced: “Vay-lid”. An official CULT OF THE DEAD COW projekt. Social Media shouldn’t be monetized. Users are not a commodity. Privacy Matters.
20K Followers 54 FollowingInfoSec on the Edge | #BHMEA24 Organised by @TahalufGlobal & @SAFCSP In Association with @BlackHatEvents | 26-28 Nov 2024 | Malham, Saudi Arabia
119K Followers 412 FollowingPrinceton CS prof. Director @PrincetonCITP. I write about the societal impact of AI, tech ethics, & social media platforms.
BOOK: AI Snake Oil. Views mine.