This is officially the first new newsletter after the change i announced last week, and as you may have noticed, it’s a lot shorter then before and now include a “tags” line which should make things a lot easier to search for in the future, further changes may happen in the future as well depending on what i see may be good idea to change, add or remove.
I was kinda planning for the first newsletter to actually start off with a bit more content, but life is full of surprises with things that keep causing you to always be short on time, so that plan went down the drain. Anyway, I got an appointment to keep so off i go, so have a nice read:)
~Kazu
NEWS OF INTEREST:
MIT researchers uncover ‘unpatchable’ flaw in Apple M1 chips
https://techcrunch.com/2022/06/10/apple-m1-unpatchable-flaw
Kazu: Apparently some researchers have managed to uncover a vulnerability in Apple's M1 chips which is exploited at hardware level which makes it pretty much impossible to fix except redesign and change the chip itself which make this vulnerability very much impossible to just patch via a update.
However, this flaw is only exploitable if you can bypass the other security features as well, so it's more something that can be used to get further access more then something that can be used alone it would seem.
Tags: Apple, M1, vulnerability, research, Security
EVERYTHING ELSE:
Vytal: A Location and User Agent spoofing tool
https://github.com/z0ccc/Vytal
Kazu: Came across this project which tries to spoof location data to match with your VPN which i found interesting, it can also apparently spoof your user agent as well, it's available on the chrome store as a plugin but i have no idea about the actually quality or security of this one as i have not tested it myself, but it seems to have decent documentation, so effort was put in the very least.
It is written in JS and React and is only available for chrome due to firefox limitations.
Tags: GitHub, VPN, Spoofing, Projects, Javascript, React, Privacy
Museum Restores 21 Rare Videos from Legendary 1976 Computing Conference
Kazu: Computers have been around for not a long time in terms of the bigger timescale, but it have certainly been around for a lot longer than some people may have realized and even as far back as 1976, there was Conference dedicated to computers and people traveled from afar to attend and the talks was even recorded on video, even back then, but until now, many of the videos have been lost.
However, Silicon Valley's Computer History Museum have now announced 21 videos they have managed to restore of the talks that went on at the conference and if you are someone who has an interest in history or wants to catch a glimpse on what they talked about back in 1976, then it's definitely worth checking out.
Tags: History, Video, Conference, Restoration, Archive
The myth of "soft skills": Why intelligence teams need strong communicators
https://redcanary.com/blog/strong-communicators/
Kazu: Figured i throw this in as yet another reminder that while "hard skills" are fine and everything, they only get you so far, and without any "soft skills" you will quickly run into problems and making your and others life more challenging than it has to be.
Tags: Communication, Blog, RedCanary
BeatRev Version 2: POC for frustrating/defeating Malware Analysts
Kazu: Found this (POC) project interesting which tries to find ways to challenge malware analysts by using the targets environmental data when encrypting it's payload and then when it tries to run again later it tries to decrypt the payload before executing it, and if it fails to decrypt/run it, it will try to delete itself.
Basically, only it's executed on the victim, it's apparently impossible to move it elsewhere without making decryption of the payload impossible.
Also, since there's a chance actual attackers will find this in the near future as well, i figured i may as well mentioned it so others are aware it existed.
Tags: Malware, RE, POC, Tool, Research, GitHub