December 28-29, 2022

                            December 30, 2022

                December 28-29, 2022

Matthijs R. Koot @mrkootEspionage by Europeans 2010–2021. A Preliminary Review of Court Cases (May 2022) foi.se/en/foi/news-an…

Direct link to report (1.2MB .pdf, 80pp) foi.se/rest-api/repor…

Commissioned by the Swedish Security Service and Swedish Armed Forces. Study covers 42 individuals. 
6:45 PM ∙ Dec 28, 2022
97Likes38Retweets
-
pudding person @JUNlPER
this website is so incredible sometimes 
2:14 PM ∙ Dec 29, 2022
20,813Likes1,876Retweets
-
Matthijs R. Koot @mrkootOperational Feasibility of Adversarial Attacks Against Artificial Intelligence (Dec 2022) rand.org/pubs/research_… < RAND Research Report RR-A866-1.

Direct link to report (2.2MB .pdf, 28pp): rand.org/content/dam/ra… 
7:45 AM ∙ Dec 28, 2022
10Likes10Retweets
-
Matthijs R. Koot @mrkootThe Roles of Science in National Security Policymaking: A Case Study on Nuclear EMP (1.6MB .pdf, Nov 2022, 57pp) cgsr.llnl.gov/content/assets…

"Scientific advice is rarely as profound as scientists wish or as decisive as policymakers desire."

Report by LLNL / @Livermore_Lab. #NatSec 
7:49 AM ∙ Dec 28, 2022
11Likes5Retweets-
U.S. DOJ Inspector General Audit of the FBI's National Security Undercover Operations

https://oig.justice.gov/sites/default/files/reports/23-012.pdf

-
Matthijs R. Koot @mrkootImproving the U.S. Intelligence Community's Leveraging of the Full Science & Tech (S&T) Ecosystem (2022) doi.org/10.17226/26544 

88-page report from @theNASEM.

Key recommendation: elevate priority of S&T by clearly designating an individual to strengthen these IC capabilities. 
4:25 PM ∙ Dec 28, 2022
5Likes3Retweets
-
Runa Sandvik @runasandStumbled upon this Pegasus Project article about a Hungarian intelligence officer who may have infected himself with the spyware and was later contacted by journalists working for @direkt36. direkt36.hu/en/kemszoftver… 
6:38 PM ∙ Dec 28, 2022
44Likes17Retweets
-
John Ismay @johnismay
One American, a former Marine intelligence specialist confirmed that data on the device was likely his. He asked that his biometric file be deleted nytimes.comFor Sale on eBay: A Military Database of Fingerprints and Iris ScansGerman security researchers studying biometric capture devices popular with the U.S. military got more than they expected for $68 on eBay.12:49 PM ∙ Dec 27, 2022
97Likes62Retweets
-
tracyweber @tracyweber
This could be the best use of public records laws I've seen. @BrettMmurphy stumbled upon a fmr small town cop sowing his own junk science into justice system. So he tracked him thru his email chats w/prosecutors & cops nationwide. Damning and so bonkers.
propublica.orgThey Called 911 for Help. Police and Prosecutors Used a New Junk Science to Decide They Were Liars.Tracing the fallacy of 911 call analysis through the justice system, from Quantico to the courtroom.1:52 PM ∙ Dec 28, 2022
1,932Likes827Retweets
-
brendan @bscarvell
For those that missed it, part 1 of the netcomm hacking series can be found here: youtube.comHacking Netcomm NF20MESH - Part 1 of (n)9:48 AM ∙ Dec 29, 2022
17Likes6Retweets
-
Daniel Cuthbert @dcuthbert
Ok, I get calc.exe but COMICS SANS??

Won't someone think of, frankly everyone???

CVE-2022-46689 being exploited to set iOS font

github.comGitHub - zhuowei/WDBFontOverwrite: Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689. - GitHub - zhuowei/WDBFontOverwrite: Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.1:06 PM ∙ Dec 29, 2022
20Likes5Retweets
-
Cat Graffam @catgraffamI recreated Goya's "Saturn Devouring his Son" in Mario Paint for the SNES youtu.be/jJSx7q-Mt0c 
12:30 AM ∙ Dec 29, 2022
18,050Likes2,567Retweets
-
Matt Suiche @msuiche💡Interesting. How does one confirm a FORCEDENTRY infection? 

The lack of any public samples makes it very challenging so I just published a new rust tool called ELEGANTBOUNCER to generate a POC and scan PDF files for FORCEDENTRY 🚀
magnetforensics.com/blog/researchi… 
Runa Sandvik @runasand
A few months ago, St. Maarten-based casino owner Francesco Corallo filed a suit against both NSO Group and Apple under the CFAA. According to the complaint, forensic analysis confirmed Pegasus infection using the FORCEDENTRY exploit. https://t.co/Egy6PRViJP https://t.co/sLjagfCbxI
9:59 PM ∙ Dec 19, 2022
80Likes26Retweets
-
Electrospaces @electrospaces
The Russian agent (not: "double agent") inside the German foreign intelligence service #BND was apparently arrested after a Western partner agency discovered that Russian intelligence possessed internal BND documents:
spiegel.de(S+) BND: Warum ein mutmaßlicher Spion Zugang zu brisanten Informationen hatteEin Agentenskandal erschüttert den Bundesnachrichtendienst. Ausgerechnet in einer für den Ukrainekrieg extrem wichtigen Abteilung soll ein mutmaßlicher Spion Putins ans Werk gegangen sein. Er hatte Zugang zu brisanten Informationen. Die Rekonstruktion.2:34 PM ∙ Dec 29, 2022
18Likes16Retweets
-
Mobile Security @mobilesecurity_
Turning Google smart speakers into wiretaps for $100k
#MobileSecurity #IoTSecurity 
downrightnifty.meTurning Google smart speakers into wiretaps for $100kI was recently rewarded a total of $107,500 by Google for responsibly disclosing security issues in the Google Home smart speaker that allowed an attacker within wireless proximity to install a “backdoor” account on the device, enabling them to send commands to it remotely over the Internet, access…4:22 PM ∙ Dec 29, 2022
33Likes12Retweets
-
Declassified UK @declassifiedUK🇬🇧 Britain’s sectarian army.

The Ulster Defence Regiment, the largest in the British army, fueled the conflict in Northern Ireland and was a sectarian weapon in the UK's counter-insurgency strategy, declassified files show. ICYMI

declassifieduk.org/britains-secta…
declassifieduk.orgBritain’s sectarian armyThe Ulster Defence Regiment fueled the conflict in Northern Ireland and was a sectarian weapon in Britain’s counter-insurgency strategy, a new book shows.3:00 PM ∙ Dec 29, 2022
286Likes151Retweets

                            Don't miss what's next. Subscribe to the grugq's newsletter: