March 28, 2023

                            March 28, 2023

                March 28, 2023

Sarah McLaughlin @sarahemclaughI wrote about this issue earlier this year when Twitter complied with India's demands to censor a BBC doc. It laid bare the obvious reasons why Musk's argument that free speech "matches the law" just doesn't make sense, especially on a global platform. thefire.org/news/censorshi… 
Neeraj K. Agrawal @NeerajKAit's just legal compliance. nothing to see here. 

"Twitter blocked 122 accounts belonging to journalists, authors, and politicians in India this week in response to legal requests from the Indian government." https://t.co/PvooGvJ4jp
2:43 PM ∙ Mar 27, 2023
43Likes21Retweets
-

-
Robᵉʳᵗ Graham💰 @erratarob@infosec.exchange @ErrataRob
The infosec community is increasingly becoming the cybersecurity industrial complex.

Team Cymru gets netflow data from ISPs to track malware and hackers. It's now giving that info the FBI so that they can surveille you without a warrant. 
Joseph Cox @josephfcox
New: here is the contract showing the FBI bought access to mass internet data. Netflow can show which server communicated with another, used to trace activity through virtual private networks, etc https://t.co/UND4HL4WA212:30 AM ∙ Mar 28, 2023
136Likes58Retweets
-
John Scott-Railton @jsrailtonBREAKING: Biden White House issues executive order on commercial spyware.

Also confirms over 50+ USG personnel suspected targeted w/#Pegasus

Huge deal, let me break the new #SpywareEO down. 1/ 
4:02 PM ∙ Mar 27, 2023
2,198Likes1,175RetweetsAaron Schaffer @aaronjschaffer
Biden’s spyware executive order gets mostly good reviews. A look at the reactions to the executive order, by @timstarks (w/ @ddimolfetta)
washingtonpost.comAnalysis | Biden’s spyware executive order gets mostly good reviewsSome lawmakers urged the Biden administration to do more to combat the proliferation of spyware.11:09 AM ∙ Mar 28, 2023
5Likes3Retweets

https://www.theregister.com/2023/03/28/biden_spyware_executive_order/

-
Josh Lemon @joshlemon
If you're running the GoAnywhere MFT file-sharing service, you need to start rolling out #IncidentResponse now.

🔍 Check if the Admin Page is publicly exposed
🖥 Check your logs for exploitation
🔐 Rotate passwords and isolate the Admin Page

#DFIR #ransomware #breach 
3:34 AM ∙ Mar 28, 2023
19Likes12Retweets
-
Cathal Malone @cathalmaloneWhy does it sound like the East Belfast UVF have hired Deloitte?!
 m.belfasttelegraph.co.uk/sunday-life/ne… 
7:42 PM ∙ Mar 26, 2023
221Likes44Retweets
-
Classical Studies Memes for Hellenistic Teens @CSMFHT
9:33 AM ∙ Mar 28, 2023
1,876Likes218Retweets
-
Theresa Fallon @TheresaAFallon
Many policymakers were surprised by how far Chinese researchers penetrated research institutions. “In collaborations, China dominates its relationships with academic partners.”

Total share* (vertical axis) and proportion for top eight research collaborators with China @FT 
8:31 AM ∙ Mar 28, 2023
115Likes68Retweets
-
Finding and exploiting 0day for commercial reasons. This is really weird, especially because an N-day (or pool of N-days) would work just fine. No one does timely Android updates. 
At the beginning of this month, multiple Chinese security researchers published articles pointing to an e-commerce giant that had developed and exploited multiple vulnerabilities to escalate privileges and ultimately gain full control over users’ smartphones.
Upon successful privilege escalation, the malicious application could prevent users from uninstalling it, deceive and lure users, collect a wide range of users’ private information, and steal information from competing apps. Its ultimate goal is to significantly increase its installation and activity rates, prompting more conversions and boosting sales.
Nicolas Krassas @Dinosn
Android app from China exploited 0-day CVE-2023-20963 flaw securityonline.infoAndroid app from China exploited 0-day CVE-2023-20963 flawHowever, an e-commerce giant Pinduoduo used CVE-2023-20963 in conjunction with prior vulnerabilities to re-exploit the flaws.12:40 PM ∙ Mar 28, 2023
13Likes6Retweets
-
If only the intelligence was accurate, then the policy makers wouldn’t have been duped into deciding to invade Iraq. 🙃
Glitchy Michael 🌻 @GlitchyMichael
The Iraq War’s Intelligence Failures Are Still Misunderstood warontherocks.comThe Iraq War’s Intelligence Failures Are Still Misunderstood - War on the RocksThe United States Invaded Iraq 20 years ago under false pretenses. Historians and social scientists have spent two decades investigating what went wrong.12:53 PM ∙ Mar 28, 2023
-
switched @switch_d
Belgian man dies by suicide following exchanges with ChatGPT brusselstimes.comThe Brussels Times12:37 PM ∙ Mar 28, 2023
1Like1Retweet
-
Mark Witzke @mkwitzke
China banned Google, YouTube, TikTok, Instagram, Facebook, Netflix, Snapchat, the NBA, Pinterest, Whatsapp, \Twitter, Dropbox, Reddit, Zoom, Steam, foreign movies, Skype, Tumblr, 95% of foreign Media etc but yeah I guess they're an "open market" because iphones are allowed 
3:13 PM ∙ Mar 27, 2023
2,380Likes554Retweets
-
Csaba Fitzl @theevilbit
Some new CVEs from Apple. 🎉 CVE-2023-27952 is not GateKeeper but a full TCC bypass. 
9:16 AM ∙ Mar 28, 2023
53Likes12Retweets
-
निर्भीक चौहान @nirbheek
If someone had told me 10 years ago that all H264 hw decoders are fundamentally broken and vulnerable, I would've said "Yes, and no one wants to find out".

Well, now we've found out: 11:15 AM ∙ Mar 27, 2023
559Likes151Retweets
-
Rory Cormac @RoryCormac
Uncovering a lovely story about how the U.K. created a fake think tank through which to launder intell & expose Soviet activity

West Germany then exploited the UK’s plausible deniability by discreetly claiming credit for the work.

U.K. found it both hilarious and outrageous!11:43 AM ∙ Mar 27, 2023
112Likes7Retweets
-

                            Don't miss what's next. Subscribe to the grugq's newsletter: