Discover and read the best of Twitter Threads about #cve

Most recents (24)

Top 10 exploited vulnerabilities in 2022.


#bugbounty #infosec #cybersecurity #CVE #hacking
1. Follina (CVE-2022-30190)
2. Log4Shell (CVE-2021-44228)
3. Spring4Shell (CVE-2022-22965)
4. F5 BIG-IP (CVE-2022-1388)
5. Google Chrome zero-day (CVE-2022-0609)
6. Old but not forgotten - Microsoft Office bug (CVE-2017-11882)
Read 5 tweets
#ESETResearch discovered and reported to the manufacturer 3 vulnerabilities in the #UEFI firmware of several Lenovo Notebooks. The vulnerabilities allow disabling UEFI Secure Boot or restoring factory default Secure Boot databases (incl. dbx): all simply from an OS. @smolar_m 1/9
Reported vulnerabilities – #CVE-2022-3430, #CVE-2022-3431, and #CVE-2022-3432 – affect various Lenovo Yoga, IdeaPad and ThinkBook devices. All affected devices with an active development support have been fixed after we reported them to the manufacturer. 2/9
While disabling UEFI Secure Boot allows direct execution of unsigned UEFI apps, restoring factory default dbx enables the use of known vulnerable bootloaders (e.g., #CVE-2022-34301 found by @eclypsium) to bypass Secure Boot, while keeping it enabled.… 3/9
Read 9 tweets
#WestAfrica: THREAD - "Militarized Border Security Will Not Stop the Spread of Extremism into Coastal States."
My latest with @lmcsanders and Jordon Moss for @PolicyCenterNS where we provide some suggestions to avoid/limit the spread to #Benin #Togo #IvoryCoast and #Ghana 1/
#WestAfrica: Border strategies must enable trade, communication, and travel. Increasing the burden
of legitimate behaviors will make communities more vulnerable, alienate essential allies, and
lead people to see border officers as the enemy. 2/
#WestAfrica: Border security must serve & engage border communities and their leaders. Those who
live in border zones understand local dynamics better than external forces. They have critical information of what is changing, and have the most to lose from extremist influence. 3/
Read 13 tweets
A Critical Unauth RCE through arbitrary file upload was found in management console of following WSO2 products by @orange_8361
🔴 API Manager
🔴 Identity Server
🔴 Enterprise Integrator
The vulnerability has CVSSv3 9.8 score assigned with CVE-2022-29464 & WSO2 Security Advisory WSO2-2021-1738
WSO2 has released security updates and mitigation guides…
Read 8 tweets
Dr Anne (Azza) Aly, Aussie politician

Anne actively supports the Countering Violent Extremism (CVE) narrative & has a background in "counter-terrorism" & "counter-radicalization". Anne isn't part of the solution rather she is a Trojan horse within our faith community ... #1
Why certain personalities within the daw'aah, charity & academic spheres ignore this speaks volumes!

The "fruits" of Anne's support of Obama's CVE "initiative" are laid bare below 👇… #2
Read 4 tweets
Spent some time today at work playing with @msftsecurity Windows InstallerFileTakeOver LPE (CVE-2021-41379 bypass -…) and managed to create some detections on it.

Detection will be based on Sysmon/SIEM, here we go... 1/n #threathunting #detection #dfir
The exploit requires the user to overwrite elevation_service.exe with a compromised one (in this case with InstallerFileTakeOver.exe).
We can monitor this using #Sysmon event ID 11 - File Creation events:
event_id:11 AND event_data.TargetFilename:*\\elevation_service.exe
Read 14 tweets
mshtml.dll was loaded into winword process, when Microsoft MSHTML used? I guess, it will be nice for #threathunting perspective
based on sample:…
possible another suspicious loads: ExplorerFrame.dll, ieproxy.dll

#CVE-2021-40444 #DFIR #BlueTeam query on prod enviroment, last 30 days - 0 FPs hists. via (MDATP) @MSThreatProtect
Read 3 tweets
#RaisinaEdit offers a selection of commentaries that unpack, interpret, and problematise contemporary global developments corresponding to the Raisina Dialogue thematic pillars of 2021.

Curated by Harsh Pant and @WarjriLaetitia


Read ➡
#RaisinaEdit | If “Data is the New Oil” then our individual data has intrinsic value and, thus, the monetisation of the collective data of millions of our citizens is the proverbial gold mine, says Abdul Hakeem Ajijola:
Economic interdependence, imperatives of political geography, and Beijing’s successful elite capture in many societies have made it difficult for many in Asia to contest the unfolding Chinese dominance over the region, points out @MohanCRaja #RaisinaEdit:
Read 17 tweets
When the dust clears, folks will inevitably start talking about "countering violent extremism" #CVE aimed at the types of folks who stormed the capitol today. Here are a few things to think about.
What is CVE? Well, its a lot of diff things, lets go through them:
➡️ trying to ID potentially violent folks, very hard to do, where do you even start when you can't focus your resources on an identifiable minority as #CVE has done so far. No evidence it works at all.
➡️ community outreach to build relations with "affected communities" in the hope they will tell you what's going on. Generally cops/DHS/FBI have mtgs with ppl they identify as community leaders. Not clear how this translates when you can't really identify a "community."
Read 9 tweets
A hashtag appeared on panel asking for public hangings of rapists. I did initial data comparison of people who participated in this hashtag and various other hashtags. I found that
1) 27% users who were propagating "a woman shouldn't travel without a Mehram escorting her"
demanded public hangings of rapists.
2) 13% of "Travel with Mehram" advocates used abusive word "Randi" in their recent tweets while addressing some women on social media.
3) Out of users of "Randi" word in their recent tweets, 13% asked for public hangings
4) 12% users who contributed to a hashtag glorifying Khalid's act of killing a person in the court, demanded public hangings of rapists.
5) 8% users who labelled #AuratMarch2020 as Fahashi and Aurat Barbadi march, now asked for public hangings of rapists
Read 7 tweets
Here's a digest of my understanding of #CVE-2020-1472 for the Microsoft Netlogon secure channel vulnerability and what you need to do to protect yourself. Thread. ⬇️
Firstly, what's the issue? Well it seems an attacker could essentially become a domain admin, without needing to authenticate to the DC. They just need line-of-site. Yikes.
What is netlogon? Domain-joined systems use the Netlogon Remote Protocol (MS-NRPC) for secure communications between a client machine and a DC for things such as DC discovery, authentication, password changes, etc. Is is also used for trusts between forests.
Read 18 tweets
As a Romanian Jew, let me clear this up - Codreanu was to Romania what Hitler was to Germany and Mussolini was to Italy. ANY #CVE "deradicalization" expert who calls Codreanu "a Saint in my book" & rages about a (((parasite class))) is not a "former" neo-Nazi but an active one.
Check this out - a "former" neo-Nazi working in CVE & proclaiming expertise in reforming extremists is openly praising the Romanian Iron Guard. @FFRAFAction @JoeMulhall_ @MichaelEHayden @letsgomathias @jaredlholt @egavactip @hopenothate @AmarAmarasingam @MackLamoureux @Hatewatch
TIP: if you're an anti-racist group led by former neo-Nazis who claim expertise in deradicalizing extremists - having a spokesman who worships the Iron Guard, praises David Irving's "valuable insight" & lauds "degeneracy" laws that "threw homosexuals in jail" is a bad look. #CVE
Read 3 tweets
It's a total grift. I put 3 white supremacists leaders in jail solely on my testimony, helped shut down a hate group, turned 30 affidavits to police re guns/crime and lived in poverty & hiding for yrs. And unlike those who risked nothing, I wasn't offered a book, movie or TV deal
The CVE field is rampant w/ grifters & profiteers. After being groomed & exploited by neo-Nazis as a teen girl, I was exploited by @CBC, who took my life from headlines & made a movie that attributed it to another woman - a "former" who stole my story and marketed it as her own.
As I lived in hiding & dumpster-dived for food to stay alive, @CBC & @onemooreliz were making money & publicity from my life story. I made a difference - and others tried to steal it from me, knowing I wasn't well-connected & didn't have $$ to hire lawyers…
Read 18 tweets
In non-impeachment news, @ewarren just put out a plan to fight white nationalist violence. Thread on why it's really pretty good.…
It focuses on white nationalist VIOLENCE, rather than speech or ideology thus avoiding slippage between speech and action that we have seen in other contexts (e.g., targeting Muslims for terrorism based on their religious beliefs rather than their actions).
It correctly notes that the problem is that FBI hasn't traditionally given priority to white nationalist violence & this has to change.
Read 9 tweets
Recent @UN Security Council report @UN_CTED the current state of ISIL, Al-Qaeda, and associated individuals and entities.… Grab a fresh cup of coffee and follow along as I highlight some key points that stood out to me......
@UN @UN_CTED 1. “ISIL, however, remains much stronger than AQ in terms of finances, media profile and current combat experience and terrorist expertise and remains the more immediate threat to global security.” There there's the death of Hamza bin Ladin.… @dbyman
@UN @UN_CTED @dbyman 2. @azelin‘s has documented how AQ has “survived drones, uprisings, and the Islamic State.” Read more about the group’s survival mechanisms in this @WashInstitute Policy Focus.…
Read 35 tweets
THREAD: here is some expansion on what I discussed on @MSNBC @KasieDC RE: what could be done yesterday to elevate our Federal #DomesticTerrorism prevention efforts, h/t to @tribelaw for the thread prompt and @SeamusHughes for his insight 1/
My former office, @DHSgov Ofc of Targeted Violence and Terrorism Prevention once had a budget of $22 mil now $2.7-3 mil and once 40 FTEs now 7-10 FTEs, the #Trump Admin actively atrophied the office w/ specific focus on #DomesticTerrorism prevention programming 2/
This systematic atrophy included the pulling back of announced grant funding for programs specific to #DomesticTerrorism (DT) prevention, grant award were pulled back from #LifeAfterHate bc the org was critical of #Trump for example (evidence in FOIA req) 3/
Read 14 tweets
ICCT Project Manager/Research Fellow @reinierbergema kicks off Day Two of #ICCTConf by introducing this morning’s panelists, @clairevandyck, @DrDPrabhat, and @lauravanwaas! @TMCAsser Image
@BristolUni’s @DrDPrabhat uses the recent case of #ShamimaBegum to illustrate how statelessness is the foremost concern when the deprivation of citizenship is used for #counterterrorism purposes #ICCTConf Image
Next up @lauravanwaas, cofounder of @institute_si, explains how denial of nationality is used as a way to strip people or communities of rights - and how it is one of the most challenging human rights issues we face today. #ICCTConf Image
Read 13 tweets
@DrRumyanavanArk is opening the conference with a welcoming remark @TMCAsser @ICCT_TheHague #ICCTConf Image
@IDuyvesteyn is giving a keynote speech on ‘What is Terrorism? What is Extremism? - Lessons from the Past’. She argues that there is no clear cut answer for what is an effective #CT strategy @TMCAsser #ICCTConf Image
@IDuyvesteyn explains about the theory and effectiveness of three models in #CT: criminal justice model, war model and intelligence model @TMCAsser #ICCTConf
Read 9 tweets
1. What can we learn about ISIS supporters based on the many different subtitled language translations that have appeared online since the emergence of a new video showing Abu Bakr Al Baghdadi? Some insights to follow, would welcome other thoughts (Image- Portuguese translation)
2. Ever since the video release on April 29, supporters of ISIS have rallied around their Emir, the caliph of the now caliphateless caliphate to strengthen their resolve and reaffirm their online resilience- something they refer to as 'media jihad' in 'Wilayat Internet'
3. Online, ISIS created a "sense of virtual community to which those who otherwise felt adrift and detached from their real communities were drawn" writes @jgeltzer in an excellent piece for @TheAtlantic…
Read 12 tweets
#Breaking: At least 160 killed and hundreds more injured in coordinated #Islamic suicide bomb attacks. Six serial explosions rocked Catholic Churches, 5 stars hotels in #SriLanka as Christians began Easter Sunday celebrations. #lka #CVE
1/1 Thowheed Jamaath is already a cancer in #TamilNadu. They have strong influence in Vellore, Ambur, Vaniyambadi & Gudiyatham; Keezhakarai, Nagapattinam, Ramanathapuram areas. Their branches in UAE, Qatar, Saudi Arabia, Kuwait, Malaysia, UK, France, USA, and Australia #CVE
1/2 #UPDATE The seventh attack hit a hotel in the southern Colombo suburb of Dehiwala, after a string of explosions at churches and hotels in #SriLanka's capital. #lka #CVE
Read 37 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!