Maddie Stone

@[email protected]
7K Followers
41 Following
34 Posts
Security Researcher at Google Project Zero | 0-days exploited in-the-wild |
Twitterhttps://twitter.com/maddiestone
Websitehttps://ragingrock.com
Maddie StoneNov 17, 2023

🪲 New blog from me, Clem, and Kristen on the Zimbra in-the-wild 0-day, CVE-2023-37580, discovered by TAG in the summer. We discovered 4 different campaigns using the bug against organizations in Greece, Moldova, Tunisia, Vietnam, and Pakistan.

https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/

Zimbra 0-day used to target international government organizations

TAG’s discovery of a 0-day exploit used to steal email data from international government organizations.

Google
Maddie StoneOct 11, 2023

🔮NEW RCA!! A few hours after it was patched, TAG found an ITW exploit sample for CVE-2023-36802. @benoitsevens analyzed it in detail ✨

https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2023/CVE-2023-36802.html

CVE-2023-36802: Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

Information about 0-days exploited in-the-wild!

0-days In-the-Wild
Show threadMaddie StoneOct 11, 2023
@jo3rg There will be! I don't know when exactly it'll be up though :)
Maddie StoneOct 11, 2023
Joe SchmetzerSep 28, 2023

"Hi, I'm Maddie, and I really really like zero day exploits"

@maddiestone from Google Threat Analysis Group (TAG) kicking off the Friday keynote at #BSides #BSidesAU #BSidesCbr2023

Maddie StoneOct 11, 2023
🧑‍💻🐴 Sep 28, 2023

The legendary and amazing @maddiestone    doing a keynote @bsidescbr. Such an amazing talk! super stoked to hear her in person.

Thank you @maddiestone for sharing with us your wisdom!  

Maddie StoneSep 7, 2023

North Korean actors 🇰🇵​ are targeting security researchers again including the use of at least one 0-day. IOCs in blog ⬇️​ If you've been in contact, please reach out

https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/

Active North Korean campaign targeting security researchers

Threat Analysis Group shares findings on a new campaign by North Korean actors targeting security researchers.

Google
Show threadMaddie StoneJul 27, 2023
@dave_aitel hahaha yep and did I answer my thoughts on the question? :)
Maddie StoneJul 27, 2023

@pheonix Not a you problem :) We're working on it

https://bugzilla.mozilla.org/show_bug.cgi?id=1845775

1845775 - Google blog page loads very slowly and often fails to fully load

NEW (nobody) in Core - JavaScript Engine. Last updated 2023-07-27.

Maddie StoneJul 27, 2023
@pheonix I'm not sure what to say? The link is loading for me when I click. Maybe the non-direct link works? security.googleblog.com
Maddie StoneJul 27, 2023

Google's 2022 Year in Review of in-the-wild 0-days is out! 4 key takeaways:
🤖 N-days function like 0-days on Android
⚡️ 0-clicks and new browser mitigations drive down browser 0-days
👯 Over 40% of itw 0-days are variants
💥 Bug collisions are high

#itw0days

https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html

The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022

Maddie Stone, Security Researcher, Threat Analysis Group (TAG) This is Google’s fourth annual year-in-review of 0-days exploited in-the-wild...