The hard part is persistence.
FBI and CISA say an old Signal Backup Recovery Key can still be used even if the victim creates a new Signal account on the same phone number.
Changing accounts does not automatically kill the stolen key.
Took some time to improve a few things on WinDiff (added permalinks, filtered out empty results) and added a Claude skill to use WinDiff to produce quick security-oriented diff analyses between binary/OS versions. Feel free to try!
https://t.co/PGZn1TcN1I
So, reading the latest GRU compromised all the home routers (I'm being a bit dramatic), I stumbled across the point that some DNS spoofing may have been conducted....
so I built a quick lab to replicate this!
The objective, steal M365 (exchange online) credentials and/or OAUTH tokens.....
I was able to do this but in very specific conditions:
1) webmail access using EDGE worked (I don't understand why HSTS did not block this) - I had to click past certificate warnings!
2) chrome webmail access - HSTS Blocked this!
3) Outlook classic: certificate warnings, no way for the user to click past this
4) outlook modern: I was able to click past security warnings and my OAUTH tokens were stolen
I was running Windows 11 PRO (ARM) (latest build)... I used DNS spoofing and a reverse proxy (HTTPS) using self signed certificates.
Based on my testing, mother is still very much reasonably safe when using her iPhone in Starbucks on public wifi!
Lots of thoughts about this but I'm hungry and this subject is not going away. MITM is subject to so many variables, compromising thousands (or hundreds of thousands of routers) is significantly better than trying to catch a specific person via public wifi etc. (IMHO)
#Cyber #Security #Research #MITM #WIFI #DNS #Spoofing #APT
Critical vulnerability in OpenClaw AI systems!
CVE-2026-25253 enables attackers to steal authentication tokens through malicious links.
https://t.co/aoXUgLRnao
@three_cube@DI0256@IamSmouk@co11ateral
R.I.P few-shot prompting.
Meta AI researchers discovered a technique that makes LLMs 94% more accurate without any examples.
It's called "Chain-of-Verification" (CoVe) and it completely destroys everything we thought we knew about prompting.
Here's the breakthrough (and why this changes everything): 👇
If you feel like you're bad at your job and it's making you depressed, just consider that, as the investigation of the recent heist revealed, the password to access the Louvre's videosurveillance system was "Louvre".
I've been researching the Microsoft cloud for almost 7 years now. A few months ago that research resulted in the most impactful vulnerability I will probably ever find: a token validation flaw allowing me to get Global Admin in any Entra ID tenant. Blog: https://t.co/jD6EaGtsn3
Microsoft Threat Intelligence has uncovered a cyberespionage campaign by the Russian state actor we track as Secret Blizzard targeting embassies in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware. https://t.co/VbI9M73D9m
Wow, this article was a fun rabbit hole:
https://t.co/HmJCf2cF40
In viewing https://t.co/PVxK1rgyrv, I then saw a reference to a https://t.co/RjUU0G47CC scanned document named Chasebank_statement_feb.zip.
Inside, I found a simple LNK. What to?
🧵 (1/15)
January 12th, Microsoft discloses that they were compromised by APT29 a/k/a/ Midnight Blizzard and state the group got access to emails for corporate leadership, cyber security personnel, and legal.
January 24th, Hewlett-Packard discloses that they were compromised by APT29 a/k/a/ Midnight Blizzard and state the group got access to emails for cyber security personnel, 'go-to-market', business segments (?), and more
Microsoft believes they were compromised roughly November, 2023
Hewlett-Packard believes they were compromised roughly May, 2023
Coincidence? ¯\_(ツ)_/¯
In the 1600s, medieval monks in Bavaria were given strict orders to not eat solid food during Lent.
Instead of just drinking water, the monks decided to create a batch of extremely potent beer that was packed with carbohydrates and nutrients. They then named the drink, sankt-vater-bier, which roughly translates to "Holy Father beer."
In 2011, a journalist by the name of J. Wilson contacted a local brewery in an effort to recreate this beer. He went on to drink it for 46 days during Lent and did not consume any solid food. His diet consisted of drinking four glasses of beer each day during the weekdays and five glasses of beer each day on the weekends.
Wilson noticed that during the first few days of his experiment that he would get quite hungry, however, his body quickly learned to adjust. "My body... switched gears, replaced hunger with focus, and I found myself operating in a tunnel of clarity unlike anything I'd ever experienced."
In the end, Wilson lost 25 pounds.
It’s seems to be handling texts inside your image generations too. Handy.
Prompt
“A vintage travel poster for Venus in portrait orientation. The scene portrays the thick, yellowish clouds of Venus with a silhouette of a vintage rocket ship approaching. Mysterious shapes hint at mountains and valleys below the clouds. The bottom text reads, 'Explore Venus: Beauty Behind the Mist'. The color scheme consists of golds, yellows, and soft oranges, evoking a sense of wonder.”
Let's talk about ransomware for a second.
Ransomware Threat Actors are opportunity driven. They do not have specific targets in mind. If you've got a dollar, they want it.
The reality of the matter, in the ransomware ecosystem, is initial access brokering is cheap and affordable, it is a worthwhile investment for ransomware affiliates to establish a good relationship with an initial access broker.
There is an initial access broker who will sell you roughly 1,000,000 misconfigured VPN's for $1,500. These 'misconfigured' VPNs typically will be companies which have accidentally set a VPN user login to something like 'test' as the username AND password. Although this may sound absurd, or unlikely, these are extremely common as companies may simply overlook small errors. However, these misconfigured VPNs are not curated. Ransomware affiliates might have to spend weeks, or months, sorting through the list determing which companies discovered have:
1. Money
2. Do not violate the rules of the ransomware group
3. Have insufficient security posture
4. Are outside with CIS (ex-soviet countries).
This is often how ransomware groups collide with each other. Two different initial access brokers may have identified (or gotten access) to the exact same organization and then sold this identified vulnerable organization, or access, to two different ransomware groups. There have been stories where ransomware affiliates gain access, only to discover upon entry the organization has already been ransomed!
Companies that have correctly configured EDRs (a detected blue team), a SOC, and have good policy and/or asset control will defeat most ransomware affiliates. More often than not, if an affiliate encounters a company that has a good EDR, or hardened machines, they may simply abandon the target all together (or sell it to a different ransomware operator) because it may not be worth their time. Metaphorically speaking, time is money to the Ransomware Threat Actor.
Regarding targets, there is another aspect often overlooked. Ransomware operators residing outside NATO often do not understand the culture or targets they have identified. For example, we have witnessed ransomware groups target public school systems, failing to understand how the United States allocates money for schools. They mistakenly believe tax-funded schools are ripe with cash and simply do not believe negotiators when they say the victim doesn't have the money. They rely on publicly available information (often wrong information) from places like Wikipedia or ZoomInfo. They see big numbers and believe that this is the profit margins.
tl;dr if you very seriously want to defeat ransomware, security companies need to understand the financial limitations many organizations face. They do not have the money, or man power, larger companies have to combat an ever evolving threat landscape.
NOTE: There are some caveats to this rant. Every ransomware affiliate will seek different avenues of gaining access. Blah, blah, blah.
Thanks for reading. Have a goodnight (or morning).