We Luta Security 🌺 are a proud platinum sponsor for the 3rd year in a row of SentinelOne LABScon along with BINARLY🔬
Cisco Talos Intelligence Group GreyNoise The Alperovitch Institute & more

It's coming... #LABScon24
labscon.io

I am beyond excited to continue my villain arc by speaking at SLEUTHCON 2024!

Come watch me speak about the SLOPSEC driving attribution of open-source cloud attack tools.

Stay for the afters to see who wears the Wazawaka wedding suit better: Will or Yours Truly.

Cybersecurity has become a test of a company’s moral fiber.

What we need to accomplish is to get Microsoft to once again see customer security risk as first and foremost a risk to its own business.

Not as something to be taken advantage of to boost revenue to ever more astounding levels.

[fin for now]

Man, Sundar will go down in history as having created the next IBM, not in a good way.

Solid 🧵 and story by Eric Geller on the recent slew of woes with Microsoft's 'security culture'.

Sad to just keep getting handwavy corporate denials in the face of overwhelming catastrophic problems.

wired.com/story/the-us-g…

For the moment, our national cyber posture is disproportionately dependent on the whims of a company that has proven impervious to govt pressure.

As J. A. Guerrero-Saade put it, 'No harm comes from doing nothing, at least not to these companies. And that’s what's going to destroy us.'

Oxford + UNSW Canberra Cyber put out a cybercrime index. The methodology was survey of experts (including some focus groups).

Do I know *anyone* that participated in this survey?

Not against lists on principle, just curious about methodological choices.
journals.plos.org/plosone/articl…

Current state of vuln research:

Appliances appliances appliances appliances

There’s a world of difference between being guileless and being ineffective, and there’s nothing admirable about the latter.

New: House Homeland’s cyber subcommittee, led by Rep. Andrew Garbarino, to get briefed on the CSRB’s new report on Microsoft next week, per a committee staffer.

First of what could be many Congressional briefs on the remarkable review, which blasted the tech giant’s security practices.

On the passing of our dear friend and alumni, Sophia 'quend' d'Antoine (Sophia d’Antoine)

Our team at Volexity has identified a new 0day exploited in the wild. This time we caught a threat actor using an unauthenticated RCE in Palo Alto Networks GlobalProtect. It has been assigned CVE-2024-3400 and is covered in this Palo Alto Networks advisory security.paloaltonetworks.com/CVE-2024-3400

#xzutils What an legendary change.

'suddenly disappeared'

I'm a Microsoft ecosystem guy. But allowing Redmond to boundlessly attempt to leverage its monopolies with Windows client & Active Directory to push customers of those to almost need to adopt ever-greater use of Microsoft cloud stuff has been a major failure of anti-trust policy.

We are delighted to offer the 2nd in our series of Alperovitch Advanced Workshops – Introduction to Arm Assembly & Exploitation, taught by Maria Markstedter (Azeria).

Johns Hopkins SAIS students, apply by Friday, April 12 👇

alperovitch.sais.jhu.edu/alperovitch-ad…

I was on a defense intelligence panel in London recently with a bunch of acquisition professionals from the US, the UK, and NATO. I got asked what the benefits of working with commercial, unclassified sat vendors were, and I said “access to talent that likes to smoke weed.”

OPSEC gaffe(?) aside, the book is a clear-eyed discussion of folding AI into intelligence and military analysis workflows. No skynet nonsense, a lot of ideas around handling bureaucracy, breaking silos, handling fusion between class/unclass networks, sharing intel cross orgs,etc.

#BREAKING #SupremeCourt observes that there are no reasonable grounds to believe that accusations against Shoma Sen in the #BhimaKoregaon case are “prima facie true”.

SC says :

Allegations do not reveal commission of UAPA offences restricting bail.

No prima facie evidence of…