Do you realize:

someone listening to you, rolling up their sleeves and fixing things

is a really rare occurance, outside open source, once you are through puberty?💁🏻‍♂️

CapLoader 1.9.7 Released!
🆔 Community ID's for flows
🔁 Retransmission ratios
👾 Detection of malware C2 protocols
🐣 Decapsulation of Teredo, GTP-U and more...

h/t Lenny Hansson, @naranek and @ckreibich
https://netresec.com/?b=2499359

The 2024 Verizon Data Breach Investigations Report (#DBIR) is out this morning, and I make sense of it in my new post: https://kellyshortridge.com/blog/posts/shortridge-makes-sense-of-verizon-dbir-2024/

I focused on what felt like the most notable points, from #ransomware to MOVEit to web app pwnage to #GenAI and more.

I have insights, quibbles, and hot takes as always — but the fact remains it’s our best source of empirical data on cyberattack impacts. If you’re a #cybersecurity vendor, please consider contributing data to it.

Today we got what must be the most alarming first line in a newly file sec issue to #curl:

"To replicate the issue, I have searched in the Bard about this vulnerability"

... followed by a complete AI hallucination where Bard has dreamed up a new issue by combining snippets from several past flaws. Creative, but hardly productive.

Closed as bogus.

me: I finished the first draft! maybe it's actually ok

me, three minutes later:

I just learned that my Threat Modeling Designing for Security is on a one-day sale for $4.99 for the Kindle edition. This is the lowest price I've ever seen it.

(Boosts appreciated.)

https://www.amazon.com/Threat-Modeling-Designing-Adam-Shostack-ebook/dp/B00IG71FAS

Getting JTAG on the iPhone 15

https://www.youtube.com/watch?v=D8UGlvBubkA