August 18, 2022

                August 18, 2022

            August 18, 2022

weird medieval guys @WeirdMedieval
jesus (and a cat), germany, 15th century 
12:14 PM ∙ Aug 17, 2022
12,362Likes1,365Retweets
-
Ryan Naraine @ryanaraineZDI is ramping up the pressure on software vendors that consistently ship faulty, incomplete security patches

I talked to @dustin_childs about "disturbing trends" in patch quality problems from all the major tech vendors 

Read: securityweek.comVulnerability Broker Applies Pressure on Software Vendors Shipping Faulty, Incomplete Patches | SecurityWeek.ComTrend Micro’s Zero Day Initiative is ramping up the pressure on software vendors that consistently ship faulty, problematic security patches.2:47 PM ∙ Aug 17, 2022
17Likes8Retweets-
Crypto, fraud, scams. Researchers looked and found evidence of insider trader by crypto markets. Shocking, I know.
We find evidence of systematic insider trading in cryptocurrency markets, where individuals use private information to buy coins prior to exchange listing announcements. Our analysis shows significant price run-ups before official listing announcements, similar to prosecuted cases of insider trading in stock markets. Leveraging blockchain data, we identify the specific transactions and wallets (individuals) that consistently trade before announcements, ruling out alternative explanations. We estimate that insider trading occurs in 10-25% of cryptocurrency listings and as a lower bound, insiders earned $1.5 million in trading profits. Our findings identify cases that are yet to be prosecuted.  

https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4184367

-
Matthijs R. Koot @mrkootU.S. DOD Instruction 5400.17 "Official Use of Social Media for Public Affairs Purposes" highlights threat of imposter accounts fedscoop.com/new-dod-social…

On p.20/21:
(1) Reporting Fake or Imposter [..] Accounts.
(2) Indications or Common Identifiers Associated w/Imposter Accounts. 
6:34 PM ∙ Aug 17, 2022
3Likes4Retweets
-
An interesting thread. 
Ashley Sweetman @AshleySweetmanMy book “Cyber and the City” has now been published!

So, to mark the occasion, here’s a short thread on the history and origins of cyber security in the UK financial sector.

Book available here and elsewhere:
amzn.eu/d/hvG6MNZ

(1/12) 
3:01 PM ∙ Aug 17, 2022
57Likes15Retweets-

https://pubs.geoscienceworld.org/ssa/srl/article-abstract/89/2A/577/525827/Do-Large-Magnitude-8-Global-Earthquakes-Occur-on

-
Ryan Naraine @ryanaraine
Two new fresh iOS/macOS zero-days "actively exploited" in the wild 
6:12 PM ∙ Aug 17, 2022
154Likes91Retweets
-
Follow up on the other day’s UK water hack

https://www.bloomberg.com/news/articles/2022-08-17/uk-water-supplier-hit-by-extremely-concerning-cyberattack

-
Lorenzo Franceschi-Bicchierai @lorenzofb
NEW: Last week, hackers targeted 1,900 Signal users, specifically going after three of them.

I was one of those three, and the hackers were able to take over my Signal account for 13 hours. Here's how we responded to this incident. 

vice.comHow a Third-Party SMS Service Was Used to Take Over Signal AccountsUnknown attackers targeted Signal users after they broke into the systems of communications services company Twilio.7:36 PM ∙ Aug 17, 2022
1,244Likes639Retweets
-
Systems Papers Minus Context @sysminuscontext
"The techniques for handling this catastrophe are beyond the scope of this paper." 
10:32 PM ∙ Aug 17, 2022
44Likes13Retweets
-
Tony "Abolish ICE" Arcieri 🦀🌹 @bascule
“The House passed a defense spending bill saying you can’t sell software to the DoD” FTFY https://t.co/JK7PjiVgqT
Jerry Gamblin @JGamblinThe House passed a defense spending bill saying you can't sell software to the DoD that has *any* known CVEs in it.    

https://t.co/6zO2pPgdwq https://t.co/FTzHwHbPP32:58 AM ∙ Aug 18, 2022
61Likes15Retweets
-
Chris Long @Centurion
Never gets old 
10:30 PM ∙ Aug 15, 2022
1,867Likes184Retweets
-
Steve Asbell @steveasbell
Sometimes I just feel invisible. 
3:56 AM ∙ Aug 16, 2022
28,733Likes3,574Retweets
-
GonzoHacker @GonzoHacker
I'm really good at jumping into a situation I know nothing about and figuring it out as I go along because of my lifetime of experience in not preparing for anything12:49 AM ∙ Aug 18, 2022
63Likes16Retweets
-
Xander Bouwman @xbouwmanGreat paper by @BushraAlAhmadi at @USENIXSecurity about alert fatigue in the SOC, noting that we should be more careful to distinguish between false positives and 'benign triggers'.
usenix.org/conference/use… 
9:13 PM ∙ Aug 11, 2022
15Likes3Retweets
Xander Bouwman @xbouwman
An example the researchers found of a benign trigger: everytime a user would search for a foldable table online (a 'drop table') an alert would be fired in the organization's SOC for SQL injection ('DROP TABLE'). And it couldn't be turned off – those poor analysts.9:24 PM ∙ Aug 11, 2022
47Likes15Retweets
-
den @DennisCode
Kubernetes. 
1:43 AM ∙ Aug 18, 2022
2,418Likes653Retweets
-
Jake Hanrahan @Jake_Hanrahan
Interesting read on a Russian soldier's disillusionment whilst fighting Ukraine in the Donbas. 
ChrisO @ChrisO_wiki
1/ A 34-year-old former Russian paratrooper, Pavel Filatyev, has published a remarkable in-depth account of his experiences of the Ukraine war. He served with the Feodosia-based 56th Guards Air Assault Regiment and fought in southern Ukraine for two months. A 🧵 follows. https://t.co/upGQAejb1212:06 PM ∙ Aug 18, 2022
87Likes17Retweets
-

                Don't miss what's next. Subscribe to the grugq's newsletter: