April 21, 2022

                        April 21, 2022

            April 21, 2022

vx-underground @vxunderground
You may not like it, but this is what cyber warfare looks like 
The Moscow Times @MoscowTimesThe American rights owner of mainstay fonts Times New Roman and Arial has restricted access to Russian users, the latest consequence for Moscow’s invasion of Ukraine, the Vedomosti business daily reported Thursday
https://t.co/yqHRvbRYpk2:02 PM ∙ Apr 17, 2022
302Likes75Retweets

Some OPSEC lessons to be learned. 
Taylor Lorenz @TaylorLorenz.@libsoftiktok has become a powerful cross-platform social media influencer, spreading anti-LGBTQ+ sentiment and fueling the right wing media's outrage machine. 

I wrote abt the account, the woman behind it, and why it matters 🧵washingtonpost.com/technology/202…
washingtonpost.comMeet the woman behind Libs of TikTok, secretly fueling the right’s outrage machineIn just one year, the Twitter account has helped steer the outrage machine at the center of right-wing messaging and legislation.12:53 PM ∙ Apr 19, 2022
13,412Likes2,743Retweets

The resistance movement in Ukraine, behind the Russian lines, is rolling hard. They’ve gunned down collaborators in front of their homes, and killed over 70 soldiers. Some by knife — now, it’s speculation, but the knives might be by women. What’s one good way to a soldier alone and off guard at night? 
Canadian Ukrainian Volunteer 🇺🇦🇨🇦✊🏻 @CanadianUkrain1A new type of ad started appearing all around #Kherson.

"Russian occupiers and everyone who supports them. We are close, already operating in Kherson. Death awaits you all! Kherson is #Ukraine!"

✊🏻🇺🇦 7:13 PM ∙ Apr 20, 2022
6,390Likes1,131Retweets
This is really really interesting. I hope we can learn more details. 
SpaceX shut down a Russian electromagnetic warfare attack in Ukraine last month — and the Pentagon is taking notes 

https://www.c4isrnet.com/air/2022/04/20/spacex-shut-down-a-russian-electromagnetic-warfare-attack-in-ukraine-last-month-and-the-pentagon-is-taking-notes/

Crypto Bros Taking Ls @CoinersTakingLs
13 seconds and stole $80m 
2:48 PM ∙ Apr 21, 2022
3,896Likes452Retweets
This seems to be very cyber relevant.
Chris Hladczuk @chrishlad
"How will you do electronic book signings?

We won't."

When Bezos starts selling books online he never tried to copy a physical bookstore.

He found what the new medium could do that the old couldn't.

Avoid copying the past when creating the future.

(2007)
2:34 PM ∙ Mar 27, 2022
787Likes65Retweets

Josh dubnau @joshdubnau
Here is my short thread about how to read scientific papers:

Step 1: print papers (double sided)

Step 2: staple the top left corner

Step 3: put them in my carry bag

Step 4: carry them back and forth between work and home for weeks.10:44 AM ∙ Apr 20, 2022
5,750Likes486Retweets

Sometimes OPSEC is about just not looking like an idiot. 
Weiner 白毛控 @Weiner__ivansia
Please remember to change the desktop background before a presentation 
9:15 PM ∙ Apr 19, 2022
411,336Likes58,983Retweets

Hackathon for hackers. I guess?
Silas @silascutler
Not sure what to make of this.--

A hackathon organization where participants are expected to develop new ideas, techniques, projects about the specified areas and turn these ideas into working prototypes for 48 hours.
malwarearena.comMALWARE ARENA1:11 AM ∙ Apr 21, 2022
14Likes3Retweets

Germany’s new Ribbentrop-lite agreement has a lot of downsides for, like, NATO and stuff. 
Michael Weiss 🌻🇺🇸🇮🇪 @michaeldweissOr the role that this chap continues to play in German cybersecurity commentary in spite of his being a quite obvious Russian agent of influence: thedailybeast.com/cybersecurity-…
12:06 AM ∙ Apr 21, 2022
279Likes83Retweets

pwn2own keeps going. There have been some impressive things done against systems but I don’t know when the detail will be available publicly.
Zero Day Initiative @thezdi
Wow - confirmed! With one of the more interesting bugs we've seen at #Pwn2Own, @daankeuper and @xnyhps from @sector7_nl bypassed the trusted application check on the OPC Foundation OPC UA .NET Standard. The earn $40,000 and 40 Master of Pwn points. #P2OMiami 
6:21 PM ∙ Apr 20, 2022
100Likes21Retweets

A tale about crypto, and scams…but, I repeat myself.
Matt Suiche @msuiche
Great video by @coffeebreak_YT on #safemoon token which had a remove liquidity function in their contract. youtu.beI UNCOVERED A BILLION DOLLAR FRAUDI’ve been investigating Safemoon for almost a year now, and finally we’re ready to reveal our findings. Safemoon is, in my belief, a massive fraud created by...8:51 AM ∙ Apr 21, 2022
8Likes1Retweet

Extradition for Assange. I have opinions, but it’s complicated. I don’t think anyone deserves jail in the US. 
Catalin Cimpanu @campuscodiUK court approves extradition of Julian Assange to US

theguardian.com/media/2022/apr… 
1:05 PM ∙ Apr 21, 2022
70Likes32Retweets

The security for contactless credit cards is based on advanced encryption, smart cards, and secured hardware. And people. You’ll never guess which security layer fails and enables fraud…
Joseph Cox @josephfcox
New: criminals abusing Apple Pay and going on spending sprees. Possible because of bots that call victim and get their 2FA code to add their card to Apple Pay, other contactless systems. Fraudster says Apple Pay is "easiest" way to make money w/ these bots vice.comCriminals Abuse Apple Pay in Spending SpreesApple Pay is the “easiest” way to make money with a recently developed type of underground bot which steals targets’ multi-factor authentication tokens, one fraudster says.1:06 PM ∙ Apr 21, 2022
71Likes53Retweets

The Russian brain drain is locked in, it seems.
Joseph Menn @josephmenn
For a time, it looked like such Russian tech companies Yandex, vKontakte and Kaspersky would help the country’s people get real information and keep talented employees from moving West. That dream has ended. My story at The Post: washingtonpost.comFor Russian tech firms, Putin’s crackdown ended their global ambitionsAn onslaught of laws, regulations and back-channel demands the Kremlin imposed now has reduced once promising tech giants to shadows of what they could have been.2:07 PM ∙ Apr 20, 2022
73Likes46Retweets

Stairwell @InsideStairwell
Learn about the tactics used in GOLDBACKDOOR, the latest in #APT32/InkySquids arsenal used to target South Korean journalists. (cc: @silascutler) 

bit.lyThe ink-stained trail of GOLDBACKDOOR - StairwellBy Silas Cutler, Principal Reverse Engineer Over the past 10 years, the Democratic People’s Republic of Korea (DPRK) has adopted cyber operations as a key means of supporting the regime. While significant attention has been paid to the purported use of these operations as a means of funding DPRK’s m…3:54 PM ∙ Apr 21, 2022
5Likes3Retweets
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

                        Don't miss what's next. Subscribe to the grugq's newsletter:

          Start the conversation:

            Be the first to share your thoughts