Jan 15, 2023

Portugal Bank Note Affair

                January 15, 2023

            Jan 15, 2023

-
Clément Canonne (@ccanonne@mathstodon.xyz) @ccanonne_
I'm trying to understand memory accesses in C. Any pointers?4:17 AM ∙ Jan 13, 2023
1,366Likes71Retweets
-
@shitmgmtsays@mstdn.social @ShitMgmtSays
Important to highlight that Excel’s row limit brought down Charlie Javice

cc: @ryxcommar 
7:10 PM ∙ Jan 14, 2023
5,250Likes630Retweets
-
NFT God @NFT_GOD
Last night my entire digital livelihood was violated. 

Every account connected to me both personally and professionally was hacked and used to hurt others. 

Less importantly, I lost a life changing amount of my net worth1:59 AM ∙ Jan 15, 2023
4,312Likes876Retweets
-
NFT God @NFT_GOD
Yesterday afternoon I went to download OBS onto my personal desktop computer. 

OBS is industry standard video streaming software. I was excited to live stream some video games for the first time in  my life.

What I didn't realize was I clicked the sponsored link on google1:59 AM ∙ Jan 15, 2023
566Likes44Retweets
NFT God @NFT_GOD
Now I'm highly technical, but after not setting up a Ledger for 2 years I screwed up.

I entered my seed phrase in a way that no longer kept it cold

I knew I made a critical mistake

To this point, I haven't bought an NFT for months and wasn't planning on doing it anytime soon1:59 AM ∙ Jan 15, 2023
385Likes8Retweets
NFT God @NFT_GODI didn't sign anything with my wallet. I didn't execute a bad mint. A critical mistake on one technology led to my downfall on another.

The file I downloaded from the ODS sponsored link was obviously malware. The first sponsored link I've ever clicked will certainly be my last1:59 AM ∙ Jan 15, 2023
379Likes15RetweetsThis, btw, is why compartmentation is so critical. Not just having a ledger for funds, but having a “crypto computer” and then everything else. In this case though, with gaming and community management and crypto and streaming all on the same box, having a separation of concerns would make sense. Have sensitive stuff for work - crypto, social media, etc - on a work device. Have fun stuff on a gaming device. The one that is dedicated to doing stuff that is potentially risky, like installing shit off the internet.
It’s always easy to have sound advice in hindsight, but compartmentation is a critical part of security.
-
The Portugal Bank Note Affair
During his time in jail, Reis conceived of what became known as the Portugal Bank Note Affair. It consisted of forging a contract in the name of Banco de Portugal (Bank of Portugal)—the central bank, responsible for issuing banknotes and partly private at the time—authorizing him to print banknotes in return for an alleged loan from a consortium to develop Angola. His plan was to use the contract to convince a legitimate banknote printing contractor to make the notes, thereby obtaining notes that would be indistinguishable from those legitimately authorized by the bank.

https://en.m.wikipedia.org/wiki/Alves_dos_Reis#Banco_de_Portugal_plot

-
raptor@infosec.exchange @0xdea
For those interested in @Google's #Software #Engineering #SWE book, here's a PDF version:

github.com/abseil/abseil.…

HTML is here:
abseil.ioabseil / Software Engineering at GoogleBattle-tested, Mom-approved8:55 AM ∙ Jan 15, 2023
17Likes7Retweets
-
Huib Modderkolk @huibmodderkolk
Jarenlang functioneerde het Nationaal Cyber Security Centrum niet goed. Directeur De Vries werd niet gehoord, moest soms de wet overtreden, stond bij hacks aan de zijlijn. In 2022 werd het eindelijk beter. Een portret aan de hand van drie gesprekken: 

volkskrant.nlZo bescherm je Nederland tegen online dreigingNationaal cybercentrum NCSC waarschuwt instanties die het slachtoffer dreigen te worden van digitale gevaren. Althans, dat is de bedoeling. Directeur Hans de Vries strijdt al vier jaar voor meer bevoegdheden om effectief zijn werk te kunnen doen. Nu zit er eindelijk schot in de zaak. Waar ging het m…8:00 AM ∙ Jan 14, 2023
39Likes14Retweets
-
Alex @xaitax𝗢𝗳𝗳𝗹𝗶𝗻𝗲 𝗖𝗜𝗦𝗔 𝗞𝗻𝗼𝘄𝗻 𝗘𝘅𝗽𝗹𝗼𝗶𝘁𝗲𝗱 𝗩𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗖𝗮𝘁𝗮𝗹𝗼𝗴
Search through the CISA Catalog database offline for specific products or vendors, and then displays detailed information about vulnerabilities.
github.com/xaitax/cisa-ca…
github.comGitHub - xaitax/cisa-catalog-known-vulnerabilitiesContribute to xaitax/cisa-catalog-known-vulnerabilities development by creating an account on GitHub.9:17 PM ∙ Jan 14, 2023
10Likes4Retweets
-
Adam Sculthorpe @AdamSculthorpe
Oops, a Cellebrite and MSAB leak happened

- 1.7 TB+
- phone forensics software
- documentation

#CyberSecurity #Infosec 
5:39 AM ∙ Jan 14, 2023
386Likes126Retweets
Mikael Thalen @MikaelThalen
Data from Cellebrite & MSAB, two companies that provide phone hacking tools to governments, has just been published online.

The leak includes actual software as well as documentation.

The tools have been used against journalists, activists, & dissidents across the globe. 
2:18 AM ∙ Jan 14, 2023
642Likes285Retweets
Will @BushidoToken
@MikaelThalen To me, you’re overhyping the severity of this “leak”. Firstly, there’s no mobile OS exploits (that would be 🔥). It’s not cracked (need a $$$ license). These tools aren’t actually secret or hard to acquire if you know where to look. Please explain 🤔1:44 PM ∙ Jan 14, 2023
37Likes1Retweet
-
Max Granger @_maxgranger
cops defending coal mine get stuck in mud #Luetzerath 
2:32 AM ∙ Jan 15, 2023
20,648Likes4,103Retweets
-
Alh4zr3d @Alh4zr3dRed Teamers: can't tell you how many times I've gotten wins just by plundering shares for sensitive files. Share drives can be huge, so automate.

Try scavenger (github.com/SpiderLabs/sca…):

scavenger.py smb -t <tgt_ip> -u <username> -p <passwd> -d test.local
#redteam11:22 PM ∙ Jan 14, 2023
471Likes120Retweets-
Pro-Russia hackers use Telegram, GitHub to attack Czech presidential election - The Record
“The most interesting part was a combination of the long term persistence of the group, and the DDoS collaborator payment program,” Tom Hegel, senior threat researcher at SentinelOne, told The Record. Through that model, people are paid in exchange for launching DDoS attacks.    

https://therecord.media/pro-russia-hackers-use-telegram-github-to-attack-czech-presidential-election/

-

Don't miss what's next. Subscribe to the grugq's newsletter: