June 9, 2022

**and**

                June 9, 2022

            June 9, 2022

            A userland rootkit is pretty weak. There are some easy ways to detect it. The simplest is to just use a staticky linked binary, like busybox, rather than the utilities on the compromised box. Honestly, I thought this was standard practise, so I’m a bit surprised that a userland rootkit can defeat live forensics.
Intezer @IntezerLabsAlongside @BlackBerry we just released joint research detailing a new, undetected Linux threat called #Symbiote 

Different from other Linux malware, the threat infects running processes rather than using a standalone executable file to inflict damage intezer.comSymbiote: A New, Nearly-Impossible-to-Detect Linux ThreatSymbiote is a new Linux® malware we discovered that acts in a parasitic nature, infecting other running processes to inflict damage on machines.12:14 PM ∙ Jun 9, 2022
86Likes48Retweets-
Big SIGINT energy.
“People were asking ‘Well you know, I’m not sure we’re seeing a dip in ransomware, how do you know this; can you show me?' I would just say: how did we know? Really? We’re NSA,” said Joyce, alluding to the agency’s core mission of collecting signals intelligence. “We heard them say they can’t get their money out. We heard them say that they can’t buy infrastructure.

https://www.scmagazine.com/analysis/rsac/nsa-cyber-chief-says-there-has-been-enormous-amount-of-hacking-in-ukraine-war

-
Greg Linares has escaped #RSA @Laughing_Mantis
If you don't have "attackers physically targeting your employees home networks/hardware in order to gain access to their employer" in your game plan, let me tell you:

You should.
6:45 AM ∙ Jun 8, 2022
259Likes59Retweets
-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

-
Matthijs R. Koot @mrkootDueling over Dual_EC_DRBG: The Consequences of Corrupting a Cryptographic Standardization Process (0.6MB .pdf, 8 June 2022, 61 pages) harvardnsj.org/wp-content/upl… re: NIST

By @NadiyaKostyuk & Susan Landau, published in Harvard Law School's NatSec Journal (@harvardnsj).

/c @thegrugq
1:28 PM ∙ Jun 8, 2022
8Likes3Retweets
-
Lukasz Olejnik @lukOlejnik“combatant who conducts defensive cyber operations may be the object of a lethal attack (e.g., an airstrike)”. Defending systems during wartime may have some curious implications. Yes: defending … lieber.westpoint.edu/private-compan…
6:06 AM ∙ Jun 8, 2022
47Likes23Retweets
-
Cataleya (She/Her) @CataleyaVi
Cats be like👀 
9:34 PM ∙ Jun 7, 2022
923Likes122Retweets
-
Erin L. Thompson @artcrimeprof
In 1572, "making his Low Obeisance to Queen Elizabeth [the Earl of Oxford] happened to let a Fart, at which he was so abashed and ashamed that he went to Travell, 7 yeares. On his return, the Queene welcomed him home and says, My Lord, I had forgott the Fart."2:53 PM ∙ Jun 8, 2022
113Likes21Retweets
-
Do yourself a favour and read this thread. It is a wonderful journey.
Christopher W. Jones @cwjones89
Today I am going to tell you about a legal term from real estate transactions in the Middle East dating back 2,800 or more years.

The term is bētu epšu adi gušūrīšu. “A built house along with its beams.” 

Legal conventions have a way of sticking around over time.2:09 PM ∙ Jul 8, 2020
415Likes147Retweets
-
Dr Kate Compton @GalaxyKate
Sure, you could post on Stack Overflow, 

OR

pay 10% of your salary for a 20 person off-broadway production of "cryptodaddy47, You Are Wrong About C Pointers (and Everything Else)"10:18 PM ∙ Jun 8, 2022
1,996Likes323Retweets
-
switched @switch_d
“The program continues to track a cybersecurity vulnerability risk stemming from the F-15EX design, derived from FMS aircraft and, according to the program, not designed to U.S. Air Force cybersecurity requirements” breakingdefense.comGAO finds delays in major weapons programs, broad cybersecurity worries - Breaking DefenseGAO found delays in more than half of the programs it studied. Also, 4-pound birds are a problem.12:48 AM ∙ Jun 9, 2022
3Likes4Retweets
-
The Life Of Sharks @thelifeofsharks
12:03 PM ∙ Jun 8, 2022
7,817Likes1,064Retweets
-
raptor @0xdeaAwesome writeup by @SonarSource 👍

Horde Webmail - Remote Code Execution via Email

blog.sonarsource.com/horde-webmail-…
blog.sonarsource.comHorde Webmail - Remote Code Execution via EmailWe discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email5:54 AM ∙ Jun 9, 2022
35Likes13Retweets
-
Peter C @itspeterc
Disclosing an unfixed Google Cloud Platform (GCP) vulnerability as the 90-day remediation deadline has passed: Cloud Functions or Cloud Run launched from any GCP organization can bypass Google Kubernetes Engine (GKE) Authorized Networks (aka Kubernetes control plane firewalls) 🧵4:06 PM ∙ Jun 7, 2022
4,040Likes882Retweets
-
Highly recommend reading Seriously Risky Business today.
Seriously Risky Business
Srsly Risky Biz: Thursday June 9
Your weekly dose of Seriously Risky Business news is written by Tom Uren, edited by Patrick Gray, and supported by the Cyber Initiative at the Hewlett Foundation, AustCyber, and founding corporate sponsors CyberCX and Proofpoint. Evil Corp's Sanctions Evasion Attempts Fall Flat…
Read more
10 months ago · Tom Uren
-
Mykhailo Fedorov @FedorovMykhailo
Starlink Ukraine received an operator license. Actually it’s #1 in Ukrainian Register of providers of electronic communication networks and services. The representative office of @SpaceX is about to start working in Ukraine! 
8:41 AM ∙ Jun 9, 2022
1,856Likes283Retweets
-
I wouldn’t bet on it. 
Barak Ravid @BarakRavid
Scoop: Israel presses U.S. to remove cyber spying company NSO from blacklist. My story on @axios
axios.comIsraeli officials push U.S. to remove NSO from blacklistReports emerged last year that found NSO’s Pegasus software had become a tool for governments to spy on journalists and critics.8:47 AM ∙ Jun 9, 2022
53Likes31Retweets
-
Wolfie Christl @WolfieChristl
In 2011, FB renamed its 'privacy policy' to 'data policy'. While the extreme depth+scale of its global surveillance machine doesn't change, FB/Meta now announced to rename it back to 'privacy policy'.

The new policy (effective July) is a complete rewrite:
about.fb.comHere’s What You Need to Know About Our Updated Privacy Policy and Terms of Service | MetaWe’ve rewritten and re-designed our Privacy Policy to make it easier to understand and clearer about how we use your information.10:09 AM ∙ May 27, 2022
81Likes46Retweets
-
This is evil and incompetent. \o/
Ki @KibyDesign_
Got a email from my job saying all employees get a $30 gas card to alleviate high gas prices (we are required to drive clients around). Why when I went to sign up it sent me another email saying I was phished by my tech department as a tester and then got assigned training???🥲💔6:04 PM ∙ Jun 8, 2022
119,899Likes8,350Retweets
-
Great stuff in here.
B. A. Friedman @BA_Friedman
My series on reconnaissance-strike tactics and maneuver warfare for the Marine Corps Gazette is available in its entirety online. (Not paywalled) Links in thread. @MCA_Marines2:07 PM ∙ Jun 9, 2022
33Likes6Retweets

Don't miss what's next. Subscribe to the grugq's newsletter: