August 11, 2022

A total of 187 security incidents occurred in the first half of 2022, with a loss of US$1.976 billion - 74.6% of the money laundered in security incidents went to Tornado.

                August 11, 2022

            August 11, 2022

            A really excellent look at the air war in Ukraine. The Ukrainians are developing a sort of guerrilla air warfare. 

-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Duffel Blog @DuffelBlog
NEW: Senile old man in Kabul killed by senile old man in Washington duffelblog.comSenile old man in Kabul killed by senile old man in WashingtonGot him2:00 PM ∙ Aug 10, 2022
39Likes7Retweets
-
Ukraine is winning the propaganda war. 
Defense of Ukraine @DefenceU
Unless they want an unpleasantly hot summer break, we advise our valued russian guests not to visit Ukrainian Crimea.

Because no amount of sunscreen will protect them from the hazardous effects of smoking in unauthorised areas.
🎶Bananarama 
6:56 AM ∙ Aug 11, 2022
31,079Likes7,278Retweets
-
Defense of Ukraine @DefenceU
The Ministry of Defense of Ukraine would like to remind everyone that the presence of occupying troops on the territory of Ukrainian Crimea is not compatible with the high tourist season. 
5:49 PM ∙ Aug 9, 2022
50,758Likes8,289Retweets
-
Taz Wake @tazwake
This.

We constantly hear "AV is useless" but my experience is the same. Nearly every incident I deal with has an overlooked AV alert early on.

It won't stop ninja APT but it nearly always sees them. 
Florian Roth ⚡ @cyb3rops@alexjbutcher Antivirus logs are often neglected. In about 80% of the incident response cases that I've been involved in, the AV logs contained entries that indicated the compromise weeks/months ago. 

Cred dumpers, webshells, ...
They had the status "successfully removed" and so, no one cared11:58 AM ∙ Aug 10, 2022
163Likes39Retweets
-
Subreption LLC @subreptionBIRDWATCH program: Ghost in the Orlan: demystifying a military drone platform. Read the full report at subreption.com/press-releases… (code at github.com/subreption/bir…) First publicly documented exploit against a military drone platform! Technical unbiased research > Marketing op eds
github.comGitHub - subreption/birdwatch-report-1-repo: Ghost in the Orlan: demystifying a military drone platformGhost in the Orlan: demystifying a military drone platform - GitHub - subreption/birdwatch-report-1-repo: Ghost in the Orlan: demystifying a military drone platform6:03 PM ∙ Aug 9, 2022
56Likes25Retweets
-
Project Zero Bugs @ProjectZeroBugs
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I) googleprojectzero.blogspot.comThe quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)A deep dive into an in-the-wild Android exploit Guest Post by Xingyu Jin, Android Security Research This is part one of a two-part guest...11:01 PM ∙ Aug 10, 2022
112Likes31Retweets
-
Nat @Hatalie
I’ve been playing this “what would you do” type game with @BrianGurien from 1986 and WHAT was wrong with that decade 
3:12 AM ∙ Aug 11, 2022
43Likes10Retweets
-
Daniel Cid @danielcidGreat details on how Cisco got hacked. 

1- Personal Google account of an employee gets compromised - it has password synced enabled. 

2- Got all the employee's passwords, including their Cisco VPN credentials.

3- Phishing to accept 2FA

4- They are in

blog.talosintelligence.com/2022/08/recent…
1:55 AM ∙ Aug 11, 2022
1,041Likes355Retweets
Costin Raiu @craiu
Kudos to #Cisco for publishing details of their security breach by initial access broker (IAB) with ties to #UNC2447, #Lapsus$ and #Yanluowang. There are so many lessons to be drawn from this highlighted part about the initial access: 
7:28 AM ∙ Aug 11, 2022
97Likes47Retweets
This was pretty prescient. 
Steve Elovitz @SElovitz
Seeing an increasing amount of abuse of MFA prompt "push" notifications. Attackers are simply spamming it until the users approve. Suggest disabling push in favor of pin, or something like @Yubico for simplicity. In the meantime, alert on volume of push attempts per account.3:44 PM ∙ Feb 26, 2022
355Likes110Retweets
-
CyberSecurity@TUDelft @CyberSecTUDelft
Today @USENIXSecurity (at 1.30PM EST), Alejandro Cuevas (CMU) and Fieke Miedema (TUD) will present our work entitled "Measurement by Proxy: On the Accuracy of Online Marketplace Measurements."
Joint work with @SoskaKyle @nc2y @RolfvanWegberg 
Short 🧵below 
8:09 AM ∙ Aug 11, 2022
9Likes3Retweets
-
The Volatile Mermaid @OhNoSheTwitnt
ARE YOU WEARING A WIRE? 
1:22 AM ∙ Aug 11, 2022
5,878Likes723Retweets
-
SlowMist first half of 2022 blockchain security and anti-money laundering analysis report 
SlowMist first half of 2022 report - this report is in Chinese, but gives an a fascinating insight: A total of 187 security incidents occurred in the first half of 2022, with a loss of US$1.976 billion - 74.6% of the money laundered in security incidents went to Tornado.
Via Ollie’s Pulsing Purple Substack.

-
Manas @ManasH4rsh
This is a trilogy here and it is very cool to learn SAML attacks:)

epi052.gitlab.ioHow to Hunt Bugs in SAML; a Methodology - Part I -The first in a series of three posts about a methodology for hunting bugs in SAML. This post covers background information about SAML, laying the groundwork to understand SAML vulnerabilities and attacks.12:40 PM ∙ Aug 10, 2022
182Likes59Retweets
-
Matthew Garrett @mjg59
Debugging is the art of slowly teaching yourself that your problems are a result of your own poor choices9:15 AM ∙ Aug 11, 2022
394Likes142Retweets
-
Pedro Justo @itanium_guy
Finally the curtain has been pulled for Chameleon Binaries (don't mind the marketing name: Arm64X).  This is how most user-mode DLLs are build in Arm64 Windows and that is why they can be loaded both by Arm64 and Arm64EC(x64) processes.

docs.microsoft.comArm64X PE FilesArm64X are a type of PE file in the Windows 11 SDK used for x64 compatibility on Arm64. Arm64X may be a good solution for developers of middleware or plugins, where code could get loaded into x64 or Arm64 processes.2:30 AM ∙ Aug 11, 2022
43Likes23Retweets
-
Joe Kassabian @jkass99
My taxi driver apologized for breaking a traffic law. My man, what do you think our business arrangement was.9:22 AM ∙ Aug 11, 2022
148Likes2Retweets
-
Jokin Rokin Rokin Tolkien 🗡️🏹🪓 @joshcarlosjosh
I'm no Sauron fan, but here's why forming a fellowship to raid Mount Doom and destroy the One Ring is going to enrage his base6:27 PM ∙ Aug 9, 2022
65,615Likes9,859Retweets
-
Bart @bartandsoul
Cop: “Why are you driving so fast?”

Me: “I hate to keep your mom waiting.”

*tasing sounds ensue2:05 PM ∙ Feb 18, 2021
1,066Likes406Retweets
-
Uncle Duke @UncleDuke1969
“Just ask him, Harry.”
“I don’t think-“
“Just ask him.”
“Excuse me, sir? I’m trying to find the Holiday Inn Express.” 
3:44 AM ∙ Nov 6, 2020
1,167Likes272Retweets
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Don't miss what's next. Subscribe to the grugq's newsletter: