the grugq's newsletter

-

Twitter avatar for @Horizon3Attack
Horizon3 Attack Team @Horizon3Attack
Check out a recent finding by one of our own, Naveen Sunkavally. CVE-2022-28219 is an unauth RCE for ManageEngine ADAudit Plus.

This XXE -> Deserialization chain often leads to host compromise as well as priv'd AD creds. Check out the blog post and POC:

horizon3.aiCVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit PlusCVE-2022-28219 is a unauthenticated remote code execution vulnerability affecting Zoho ManageEngine ADAudit Plus, a compliance tool used by enterprises to monitor changes to Active Directory. The vulnerability comprises several issues: untrusted Java deserialization, path traversal, and a blind XML…
1:24 PM ∙ Jun 29, 2022
210Retweets

-

Twitter avatar for @adschina
Adam Segal @adschina
More attribution from Global Times and private security firm:

Exclusive: US plants Trojan horse programs in hundreds of important Chinese information systems; new cyber weapon targets China, Russia

globaltimes.cnExclusive: US plants Trojan horse programs in hundreds of important Chinese information systems; new cyber weapon targets China, RussiaOn Wednesday China’s official virus emergency response office and leading cybersecurity company disclosed a new vulnerability attack weapon platform deployed by the US National Security Agency (NSA), which cybersecurity experts believe is the main equipment of the NSA’s computer network hacking oper…
4:35 PM ∙ Jun 29, 2022
1Retweet

Technical write up (Chinese):

https://www.cverc.org.cn/head/zhaiyao/news20220629-FoxAcid.htm

English here

https://www.cverc.org.cn/head/zhaiyao/FOXACID.pdf

-

Twitter avatar for @zachsdorfman
Zach Dorfman @zachsdorfman
“Minions: The Rise of GRU” sounds very much like a book I’d like to read on a subject quite different than the movie
5:44 PM ∙ Jun 29, 2022
94Retweets

-

-

Twitter avatar for @josephfcox
Joseph Cox @josephfcox
New: police arrested a man called "Paul K" in the Caribbean, suspected of being behind the encrypted phone firm Encrochat. Police previously hacked and arrested thousands of Encrochat users

We can now add that Paul K is Paul Krusky, based on emails, more

vice.comCops Investigating ‘WhatsApp for Gangsters’ Arrest Key Suspect in CaribbeanPaul Krusky played a crucial role in the development of encrypted phone firm EncroChat. Now he has been arrested in the Dominican Republic.
4:36 PM ∙ Jun 29, 2022
34Retweets

-


Cryptographic failures in RF encryption allow stealing robotic devices | Cossack Labs

Stunned by losing their robotic devices, [REDACTED] learnt that they were hijacked by attackers even with communication being encrypted. Having researched its firmware and found numerous cryptographic failures, we've crafted a few demos on how cryptography goes wrong in real life.

-

FBI warning about deepfakes being used to mask ppl applying for jobs.

https://www.theregister.com/2022/06/29/fbi_deepfake_job_applicant_warning/

-

Twitter avatar for @theintercept
The Intercept @theintercept
Cryptocurrency titan Coinbase providing “geo tracking data” to ICE interc.pt/3byTLlg by @samfbiddle
interc.ptCryptocurrency Titan Coinbase Providing “Geo Tracking Data” to ICEICE is now able to track transactions made through nearly a dozen different digital currencies, including Bitcoin, Ether, and Tether.
9:02 PM ∙ Jun 29, 2022
291Retweets

-

Twitter avatar for @Byron_Wan
Byron Wan @Byron_Wan
🇨🇳 PLA is placing orders for AI chips designed by US companies and manufactured in Taiwan and South Korea. Of the 97 individual AI chips identified in public PLA purchase records, nearly all were designed by Nvidia, Xilinx (now AMD), Intel, or Microsemi. cset.georgetown.edu/publication/si…
cset.georgetown.eduSilicon Twist - Center for Security and Emerging TechnologyThe Chinese military’s progress in artificial intelligence largely depends on continued access to high-end semiconductors. By analyzing thousands of purchasing records, this policy brief offers a detailed look at how China’s military comes to access these devices. The authors find that most computer…
10:44 PM ∙ Jun 29, 2022
20Retweets

-

The Kaliningrad trouble, that is a European country blocking Russia’s access because of sanctions, is also an issue in Scandinavia. Yay!

Russia is a signatory of the Spitsbergen treaty from 1920 that makes Svalbard part of Norway, but guarantees some rights for residents of the Svalbard archipelago (way up in the arctic.) Now the Russians are upset about the way that Norway is apply sanctions.

Twitter avatar for @SwitHak
SwitHak (👁) @SwitHak
🇷🇺💥🇳🇴 Svalbard (Spitsbergen is the old name before the 1920 treaty) 🔥 point 1/ ⬇️
1:42 AM ∙ Jun 30, 2022

-

Twitter avatar for @thetimes
The Times @thetimes
A pair of killer whales who have developed a taste for the livers of great white sharks appear to have transformed an ocean ecosystem in South Africa
thetimes.co.ukGreat fright: sharks fleeing hungry orcasA pair of killer whales who have developed a taste for the livers of great white sharks appear to have transformed an ocean ecosystem in South Africa, scientis
8:31 PM ∙ Jun 29, 2022
339Retweets

-

Click me…! The influence of clickbait on user engagement in social media and the role of digital nudging


Click me…! The influence of clickbait on user engagement in social media and the role of digital nudging | PLOS ONE

Clickbait to make people click on a linked article is commonly used on social media. We analyze the impact of clickbait on user interaction on Facebook in the form of liking, sharing and commenting. For this, we use a data set of more than 4,400 Facebook posts from 10 different news sources to analyze how clickbait in post headlines and in post text influences user engagement. The results of our study revealed that certain features (e.g., unusual punctuation and common clickbait phrases) increase user interaction, whereas others decrease engagement with Facebook posts. We further use our results to discuss the potential role of digital nudging in the context of clickbait. Our results contribute to understanding and making use of the effect of different framings in social media.

-

Twitter avatar for @dadamitis
Danny 🌻 @dadamitis
This morning we’re releasing our latest research today on an router campaign we’re calling ZuoRat.
blog.lumen.comZuoRAT Hijacks SOHO Routers to Silently Stalk Networks - LumenBlack Lotus Labs, is currently tracking elements of what appears to be a sophisticated campaign leveraging infected SOHO routers to target predominantly NA and European networks of interest.
2:01 PM ∙ Jun 28, 2022
28Retweets

-

Twitter avatar for @francisxwolf
francis wolf @francisxwolf
someone forgot to google
Image
12:28 AM ∙ Jun 29, 2022
1,402Retweets

-

Twitter avatar for @0xdea
raptor @0xdea
Golang code review notes: Quick summary of some of the bug classes in Go

elttam.comGolang code review noteselttam is an independent security company providing research-driven security assessment services. We combine pragmatism and deep technical insight to help our customers secure their most important assets.
5:54 AM ∙ Jun 30, 2022
9Retweets

-

Twitter avatar for @cushbomb
matt christman @cushbomb
The American version of finding a Roman bath while digging up a Tesco car park. https://t.co/JOvAMOaMXN
Twitter avatar for @RealJezebelley
Jeze3D.exe v2.2.1 @RealJezebelley
A fully intact vintage Burger King was found behind a wall at the Concord Mall in Wilmington, DE. This photo was snapped by Jonathon Pruitt April of 2022. https://t.co/G3V3SnJM3J
5:27 PM ∙ Jun 28, 2022
12,767Retweets

-

Twitter avatar for @ellx_tt
elliott @ellx_tt
oh no :(
Image
12:13 PM ∙ Jun 28, 2022
86,055Retweets

-

Twitter avatar for @Doctrine_Man
Doctrine Man @Doctrine_Man
"Join Space Force!" they said. "It'll be the adventure of a lifetime."
Image
9:20 PM ∙ Jun 29, 2022
63Retweets

-

Twitter avatar for @kieransofar
kie @kieransofar
woah apple, spoilers
Image
1:25 PM ∙ Jun 29, 2022
464Retweets

-

First time an officer of 8200 has spoken to the public that was not an announcement for a startup!

VIDEO — it was here but has been made private.

I’m wondering what it means to have 70% of your force under 23yr old. Firstly, it means that they’re all 22.95. But what does it mean to have cyber without deep experience? Maybe that’s good for a high friction environment where new techniques are needed constantly. Idk, I’m biased towards old age and treachery.

-

Twitter avatar for @Metlstorm
Metlstorm @Metlstorm
The more things change 😭 https://t.co/lDyDIhyocq
Image
Image
Twitter avatar for @Metlstorm
Metlstorm @Metlstorm
Jeez the @kawaiiconnz hackers may be all cutesy-wutesey but they still have no mercy .... a unrinal. Who hacks a urinal? URINALS WITH CAMERAS AND TEAMVIEWER!?

And I thought last year was a dystopian hellscape. Save us #kawaiicon #purplecon SAVE US HECKING PLZ https://t.co/CMhkCFsEXI

7:41 AM ∙ Jun 30, 2022
30Retweets

Don't miss what's next. Subscribe to the grugq's newsletter:
Find the grugq's newsletter elsewhere: Twitter