Guido Marilli
@guidomarilli
SOC Team Lead @sentinelone • Fitness enthusiast • Cinephile • My Credly: https://www.credly.com/users/guido-marilli
You might like
#ENISA has just released #EUVD (European Union Vulnerability Database) - enisa.europa.eu/news/consult-t… It is accessible here: euvd.enisa.europa.eu #cve #vulnerability
📺 On @Bloomberg: Our CISO Alex Stamos weighs in on DeepSeek, highlighting the IP and data security risks and the complexities of AI model training and usage: “Now there are some great breakthroughs here [in both training costs and inference costs] … [B]ut there's a lot of…
Zeek 7 passive open-source network traffic analyzer debuts with comprehensive updates in scripting, telemetry, & analyzer configurations. linuxiac.com/zeek-7-network…
Via "Windows Downdate" it is possible to leverage Windows Update so to downgrade key OS components and gain control of a host. #windows #downdate #downgradeattack csoonline.com/article/348462…
csoonline.com
Back to the future: Windows Update is now a trojan horse for hackers
A newly discovered vulnerability can make a fully patched Windows machine susceptible to thousands of past vulnerabilities.
Japan sets the new World record for Internet speed, at 420 Tb/s! That would allow to download about 12,500 movies in a second. readwrite.com/japanese-resea…
readwrite.com
Japanese researchers set new world record internet speed
Japanese researchers at the National Institute of Information and Communications Technology have set a new world record internet speed
Open source #AI, licenses, and data! Freedom, #security, and safety! Sound interesting? Read our latest blog, "Why trust open source #AI?" We focus on "how the IBM Granite model is open source and why an open source model is inherently more trustworthy. red.ht/45ITAM1
#CISA has recently further developed the concept of #Security by Design, and at Red Hat, we are embracing it in our products and #cloud services. Learn more in the blog, "Exploring security by design and loosening guides." red.ht/4euj18e
As the scope of responsibilities of CISOs are expanding, it might by the case to split such role, but what could be the pros and cons of doing so exactly? edt.csoonline.com/c/15VStvo3Px8M…
"YARA is dead, long live YARA-X!" 🎉 After 15 years, YARA gets a full rewrite in Rust, bringing enhanced performance, security, and user experience. Dive into the details in latest blog post by @plusvic : blog.virustotal.com/2024/05/yara-i…
I still manually review, test and add new repositories to YARA Forge + 5 additions since the release by @cod3nym @craiu @WithSecure @harfanglab new repos github.com/YARAHQ/yara-fo… custom scoring (to reduce FPs) github.com/YARAHQ/yara-fo… main page yarahq.github.io
A day the open source community will never forget! Check out Red Hat's collaborative response to the XZ security incident after Andres Freund disclosed his findings: red.ht/3xZdFkz #linux #security #vulnerability response #collaboration #open source communities
Among all of the Red Hat certifications that I have obtained so far, as a Cyber Security professional this has been the most fun. #EX415 #Linux #hardening #audit #SELinux #RedHat @RedHat credly.com/badges/bfd1d86…
Check out Part 2 of our latest series: "What does Red Hat Product Security do?" We support our customers with the necessary tools and guidance to implement and achieve sensitive computing requirements compliance and IT systems security. red.ht/3TRwXzC
Xzbot : Notes, honeypot, and exploit demo for the xz backdoor : github.com/amlweems/xzbot Timeline of the xz open source attack : research.swtch.com/xz-timeline The xz attack shell script : research.swtch.com/xz-script
Want to play around with the xz backdoor? We have a quick blog post detailing how to make a vulnerable Kali install and validate if your system is or is not vulnerable. kali.org/blog/xz-backdo…
Interesting take. #xz #xzbackdoor
![pyotam2's tweet image. The #xz/#liblzma backdoor is the ONLY package out of 245,032 malicious packages identified in 2023 (see report below) that was assigned a CVE (CVE-2024-3094, with the corresponding CWE-506 - Embedded Malicious Code).
But should a malicious package be assigned a CVE?
A 🧵 [1/6]](https://pbs.twimg.com/media/GKAl44ZWoAAApX2.jpg)
Samples of the liblzma / xz backdoor have already been detected on VirusTotal, thanks to @cyb3rops ' YARA rules and Kaspersky's signatures
‼ Rilevata la distribuzione di pacchetti XZ Utils contenenti codice malevolo 🔗csirt.gov.it/contenuti/rile… 👉 Azioni di mitigazione disponibili
The insertion of a backdoor into code used by most Linux distributions was discovered and fixed “before it posed a significant risk to the broader Linux community,” says @RedHat’s @vdanen. @RedHatSecurity bit.ly/3TFgNcp
United States Trends
- 1. Epstein 934K posts
- 2. Steam Machine 50.7K posts
- 3. Virginia Giuffre 54.6K posts
- 4. Bradley Beal 4,804 posts
- 5. Valve 34.4K posts
- 6. Jake Paul 3,801 posts
- 7. Boebert 41.6K posts
- 8. Xbox 62.5K posts
- 9. Rep. Adelita Grijalva 20.4K posts
- 10. Dana Williamson 7,391 posts
- 11. Clinton 104K posts
- 12. Anthony Joshua 2,844 posts
- 13. GabeCube 3,519 posts
- 14. Scott Boras 1,160 posts
- 15. NCAA 11.9K posts
- 16. #dispatch 54.8K posts
- 17. Dirty Donald 19.5K posts
- 18. H-1B 109K posts
- 19. Michigan State 9,733 posts
- 20. Rosalina 79.2K posts
You might like
-
Matt Hicks
@matthicksj -
Chris Wright
@kernelcdub -
Ashesh Badani
@asheshbadani -
Kevin Dubois
@kevindubois -
Christian Hernandez
@christianh814 -
James Read
@JamesReadTweets -
Natale Vinto ☮️ | @[email protected]
@natalevinto -
Andrew Block
@sabre1041 -
Alessandro Rossi | @[email protected]
@_kubealex -
Shaaf Syed
@shaaf_dev
Something went wrong.
Something went wrong.