February 19, 2023

                            February 19, 2023

                February 19, 2023

Trail of Bits @trailofbits
An appsec engineer was fawning over a sudo bug, leading him to research and discovery of a separate logic bug in Linux. Bottom line: Don't use readline in your SUID applications blog.trailofbits.comReadline crime: exploiting a SUID logic bugBy roddux // Rory M I discovered a logic bug in the readline dependency partially reveals file information when parsing the file specified in the INPUTRC environment variable. This could allow atta…1:00 PM ∙ Feb 16, 2023
56Likes9Retweets
-
raptor@infosec.exchange @0xdeaServer-Side Prototype Pollution

A primer by @yeswehack 
blog.yeswehack.com/talent-develop…

Black-box detection without the DoS by @garethheyes 
portswigger.net/research/serve…

Scanner (Burp Extension)
portswigger.net/bappstore/c1d4…

Client-side prototype pollution labs
portswigger.netWhat is prototype pollution? | Web Security AcademyPrototype pollution is a JavaScript vulnerability that enables an attacker to add arbitrary properties to global object prototypes, which may then be ...5:35 PM ∙ Feb 18, 2023
54Likes16Retweets
-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

-
CyberKnow @Cyberknow20
Another new pro-Russian hacktivist group, Russian Clay is now joining the ongoing targeting of #NATO sites

#cybersecurity #infosec #RussiaUkraineWar #UkraineRussiaWar 
10:54 PM ∙ Feb 17, 2023
16Likes4Retweets
-
Uncle Duke @UncleDuke1969
I open the door slowly, slipping inside. I keep a measured pace, breathing evenly, keeping my heartbeat low. Five steps, ten steps; I begin to relax. A voice calls from behind me, ”Sir?” I ignore it. “Sir, what’s that in your pants?” I walk faster. “Someone stop that man!” I run. 
2:34 PM ∙ Feb 17, 2023
878Likes203Retweets
-
Matthijs R. Koot @mrkootNL expels some ten Russian embassy personnel over espionage, orders closure of Russian trade office in A'dam (Feb 18) reuters.com/article/ukrain…

MFA: "Russia keeps trying to secretly get intelligence agents into [NL] under cover of diplomacy. We cannot and shall not allow that."
reuters.comNetherlands orders Russian embassy to downsize, Moscow says it will respondThe Dutch government on Saturday said it would close its consulate in Saint Petersburg, Russia, and that it would limit the number of Russian diplomats allowed at the Russian embassy in The Hague.5:48 PM ∙ Feb 18, 2023
2Likes2Retweets
-
Matthijs R. Koot @mrkootOverview by @TNO_Research (see pic) positions 5 attacks against ML on top of ETSI's 2020 five-phase ML model:

- poisoning
- backdoor
- input/evasion
- inference
- model stealing

Source: "Adversarial AI in het cyberdomein" (.pdf, 2023, 14pp, in Dutch): publications.tno.nl/publication/34…  
Matthijs R. Koot @mrkootNew brochure from the NCSA of the General Intelligence and Security Service (@AIVD):

AI-systems: develop them securely (Feb 2023) https://t.co/83Ll13qsBu

Provides an overview of ways AI systems can be attacked and how you can defend against that. https://t.co/eUvzHErjAe12:46 PM ∙ Feb 18, 2023-
umer abbas @uabas
Situation in DHA-2 Islamabad 
2:47 PM ∙ Feb 16, 2023
511Likes200Retweets
Wahid Zia. @OmniscientXo
Leopard attacked a pedestrian in DHA 2,
luckily he didn't suffer any life threatening injury. Just couple of days back a leopard was sighted in Bahria Enclave Islamabad aswell, please stop occupying their lands. STOP DEFORESTATION. https://t.co/pN5orkQ7k9 
4:49 PM ∙ Feb 16, 2023
489Likes175Retweets

https://www.dailyo.in/news/a-leopard-terrorised-islamabad-for-half-a-day-it-turned-out-to-be-a-retired-generals-pet-38947

-
Adam Cerious @Browtweaten
centaur: I broke my arm

doctor: it's okay I can fix it

centaur: and my leg

doctor: *cocks rifle*
12:52 AM ∙ Feb 18, 2023
68,523Likes4,649Retweets
-
Christopher Glyer @cglyer
In my experience - there are three classes of actors that use WMI for persistence
-Apex threat actors
-Red teamer’s emulating apex threat actor
-Coin miners

It’s a highly threat dense/low volume data source for blue teamer’s to perform hunting

#HuntingTipOfTheDay #DFIR 
Samir @SBousseadenthis sample contains so many TTPs (not limited to):

- Normal.dotm (persistence)
- Run key to launch Normal.dotm via PS (persistence) by winword
- Task scheduler to launch PS by winword
- WMI Persistence

ae1123c24bb52dce5ec0f0a6c947785012702dc7c3339188baee917721351ff5 #maldoc https://t.co/O2Ndfksmeb12:24 AM ∙ Aug 24, 2021
163Likes56Retweets
-
Mike Sec @sudoinitzero
A lot of great take aways from this article, including this (edited for length): “We thus have a dichotomy: cyber operations are very difficult to integrate into conventional military operations…., yet continue to function as a weapon of terror…against civilian populations.” 
Joe Słowik 🌻 @jfslowikNearly a year after the latest phase in #Russia's invasion of #Ukraine, some thoughts on the #cyber component, what this means for #infosec and #cyberwarfare, and related observations from me:
https://t.co/kY0RNu5Wiu11:22 PM ∙ Feb 18, 2023
4Likes2Retweets
-
POPULAR FRONT @PopularFront_#Pakistan: Militants from the Pakistani Taliban (TTP) carried out an attack on a police headquarters in Karachi yesterday, leading to the death of at least seven. 

apnews.com/article/crime-… https://t.co/2tNseOTvv7 
6:39 AM ∙ Feb 19, 2023
44Likes11Retweets
-
Ollie Whitehouse @ollieatnowhereCyber-Attacks must be reported to authorities in France within 72-Hours to benefit from Insurance coverage from April 24th 2023 due to changes in the 🇫🇷 Insurance Code 

Likely a good thing.. 

But expect 'we didn't classify as an incident until..'

orrick.com/en/Insights/20…
orrick.comFrance Cybersecurity Update: Cyber-Attacks Must Be Reported to Authorities Within 72-Hours to Benefit from Insurance CoverageFrance now requires cyber-attack complaints to be filed within 72-hours if victims want to obtain reimbursement from their cyber insurance policy.&nbsp;8:23 AM ∙ Feb 19, 2023
19Likes9Retweets
-
Piotr Konieczny @Konieczny@infosec.exchange 😈 @konieczny@travisgoodspeed @thegrugq We have mentioned this in 2014 here: niebezpiecznik.pl/post/plazowe-p… - wojtek, the author, knows more, and can be reached here: 
facebook.comUpdate Your Browser | Facebook11:33 AM ∙ Feb 19, 2023

                            Don't miss what's next. Subscribe to the grugq's newsletter: