July 17, 2022

                July 17, 2022

            July 17, 2022

            Good analysis on problems with the phrase “zero trust.” It’s not the best for getting buy in from end users, and why that matters.

            'Zero Trust' security is a poor choice of words
            Consider the user's perspective when naming a security initiative

The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

-
Dagger-4 Seasons Total Landscaping @dagger0621
“We got hired to make a cover for All Quiet on the Western Front.  Anyone here read the book and want to tackle it?”

“I’ve read the title”
“Good enough” 
6:13 PM ∙ Jul 15, 2022
100,267Likes9,977Retweets-

            Collections: Logistics, How Did They Do It, Part I: The Problem – A Collection of Unmitigated Pedantry
            In this three-part series (I, II, III) we’re going to be bowing to reader demand and taking a close look at the nuts and bolts of maintaining an army in the field.  In our last series, after all, w…

-
Shivam Bhatt @elektrotal
5:49 PM ∙ Jul 15, 2022
15,900Likes2,706Retweets
-
BedlamDaughterOfLoki @BedlamLoki
"""

>deploy new BGP configuration
>leave for lunch
>get free cheesesteak because payment system down
"""
7:05 AM ∙ Jul 15, 2022
633Likes101Retweets
-
While compromising SOHO routers as an access vector to gain access to an adjacent LAN is not a novel technique, it has seldom been reported," Black Lotus Labs researchers wrote. "Similarly, reports of person-in-the-middle style attacks, such as DNS and HTTP hijacking, are even rarer and a mark of a complex and targeted operation. The use of these two techniques congruently demonstrated a high level of sophistication by a threat actor, indicating that this campaign was possibly performed by a state-sponsored organization  
Brazil has had extremely sophisticated router hacking attacks for the better part of a decade. I’ll grant that they’re not state level sophisticated, but it is false to claim that this methodology is rare.

            A wide range of routers are under attack by new, unusually sophisticated malware | Ars Technica
            Router-stalking ZuoRAT is likely the work of a sophisticated nation-state, researchers say.

Original:

            ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks - Lumen
            Executive Summary The rapid shift to remote work in spring of 2020 presented a fresh opportunity for threat actors to subvert traditional defense-in-depth protections by targeting the weakest points of the new network perimeter -- devices which are routinely purchased by consumers but rarely monitored or patched -- small office/home office (SOHO) routers. Actors can

-
Mobile Security @mobilesecurity_
Lock Screen Bypass Exploit of Android Devices (CVE-2022–20006) 
#MobileSecurity #AndroidSecurity by Joshua Nearchos 
link.medium.comLock Screen Bypass Exploit of Android Devices (CVE-2022–20006)Background on Lock Screen Bypass Exploits12:28 PM ∙ Jul 17, 2022
14Likes10Retweets
-
The dogs face is blurred! lol
Christo Grozev @christogrozev
This is Gen. Andrey Ilchenko, a senior GRU officer in charge of 8 years of creating fakes about MH17, including attempts to tail, hack and discredit independent researchers like @bellingcat. Still not sanctioned by any Western country. 
10:47 AM ∙ Jul 17, 2022
2,835Likes788Retweets
-
WILL AI STEAL SUBMARINES’ STEALTH?
Better detection will make the oceans transparent—and perhaps doom mutually assured destruction

            Will AI Steal Submarines’ Stealth? - IEEE Spectrum
            That may bode ill for nuclear deterrence and the peace of the world

-
Jerry Gamblin @JGamblin
Spent some time today playing with Micorosfts SBOM tool, and it is a good first start.   github.comGitHub - microsoft/sbom-tool: The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any vari…The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts. - GitHub - microsoft/sbom-tool: The SBOM tool is a highly scalable and...9:34 PM ∙ Jul 16, 2022
36Likes12Retweets
-

-
Rey Bango 🇺🇦🌻 @reybango
Google Play hides app permissions in favor of developer-written descriptions 

“You alone are responsible for making complete and accurate declarations in your app’s store listing on Google Play.” 😜 arstechnica.com/gadgets/2022/0…
arstechnica.comGoogle Play hides app permissions in favor of developer-written descriptionsLet’s hope nobody lies about what permissions their app uses.
7:24 PM ∙ Jul 16, 2022
48Likes29Retweets-
Exploring the XBAND Video Game Modem and Executing Arbitrary Code Over a Phone Line in 2022

            Exploring the XBAND Video Game Modem and Executing Arbitrary Code Over a Phone Line in 2022 | fresh-eggs.github.io
            computers

-

-
The technology involved in making a scary surveillance filled future is quite impressive.

            Detroit's new personalized flight information board is straight out of a sci-fi novel - The Points Guy
            You can now access innovative technology customized for your traveling needs.

-
raptor @0xdea
Great article as usual by @SonarSource: Remote Code Execution via Prototype Pollution in Blitz.js

blog.sonarsource.com/blitzjs-protot… 
11:49 AM ∙ Jul 17, 2022
13Likes5Retweets