May 25, 2022

                May 25, 2022

            May 25, 2022

            An airline in India is suffering a ransomware attack. The interesting thing is that passengers trapped on planes that cant take off are tweeting from the runway. They are directly engaging and putting pressure on the company. This is an interesting dynamic that hasnt been explored in cyber extortion. It opens new perspectives on possible ways to force a company to pay a ransom.
thaddeus e. grugq 🌻 @thegrugq
There’s an entire CONOP here to explore. Using impacted regular people as a lever to pressure a victim… compellence via public outcry, it works for other situations. https://t.co/uG6Kx9yOxv
HostileSpectrum @HostileSpectrum
It is highly likely that .in SpiceJet ransomware incident will spark copycat attempts against larger aviation sector entities. Leverage of frustrated passengers stranded by disrupted flight ops much magnifies extortion demands, breaking through media noise better than hack & leak11:29 AM ∙ May 25, 2022
12Likes5Retweets
-
Bugs. 
Pietro Borrello @borrello_pietroJoin me and @0xhilbert as we will present the first CPU *architectural* bug, from one of the major vendors, able to leak data without even using a side channel or any transient execution attack! ✨

blackhat.com/us-22/briefing…

🧵 2/4 
6:47 AM ∙ May 20, 2022
91Likes23Retweets
-
Security mitigation turns out to be not so useful.
grsecurity @grsecurity
Tetragone: A Lesson in Security Fundamentals
grsecurity.netgrsecurity - Tetragone: A Lesson in Security FundamentalsIn this blog post, we take the reader on a journey through a bypass of a new eBPF-based observability and mitigation tool named Tetragon, developed in the two hours after the tool was first set up, as a hopefully instructive lesson on the importance of security fundamentals.12:00 PM ∙ May 24, 2022
230Likes82Retweets
-
This is an… thing, I guess.
stacksmashing @ghidraninjaSymbian is open-source again!

github.comSymbian Source CodeFinal repositories from the defunct Symbian Foundation - Symbian Source Code2:32 PM ∙ May 24, 2022
134Likes36Retweets-
XMPP smuggling in Zoom leads to RCE — fixed since May 18.

https://bugs.chromium.org/p/project-zero/issues/detail?id=2254

-
More cool research.
Synacktiv @Synacktiv
Following the talk from @abu_y0ussef, @netsecurity1 and @cleptho in Vancouver at @CanSecWest 2022, you can find here the material behind their research:

Blogpost: synacktiv.com/en/publication…
Slides: synacktiv.com/sites/default/…
Github: 
github.comGitHub - synacktiv/canon-mf644Contribute to synacktiv/canon-mf644 development by creating an account on GitHub.9:50 AM ∙ May 25, 2022
46Likes23Retweets
-
Crypto. Fraud. Scam. Hilarity
More Butter 🧈 @morebuttertvSeth Green’s Bored Ape NFT, which was set to star in its own animated show, was stolen through a phishing scam.

Green no longer owns the commercial rights to the NFT and thus the show cannot move forward.

🔗: buzzfeednews.com/article/sarahe… 
5:26 PM ∙ May 24, 2022
77,895Likes7,952Retweets-
Charlie W. @beelze_BUBBLES
@morebuttertv 
5:51 PM ∙ May 24, 2022
28,477Likes2,029Retweets
-
You want to know more about the limits of modern artillery. You read this article. 

https://www.fieldartillery.org/news/no-more-paris-guns-the-end-of-cannon-artillery

-
Old news but interesting use of deception. Something I always find fascinating.

https://apnews.com/article/middle-east-israel-lebanon-hezbollah-b1510235f6c84854b5a09685041925dc

-
I am become Life. @MikePerryavatar
I'm paraphrasing, but there was a line in Mark Bowden's book Black Hawk Down like "Mogadishu was a city that looked as if everything that could be accomplished by men with guns had already been accomplished." I heart that so much.5:39 AM ∙ May 25, 2022
480Likes53Retweets
-
Prof Bent Flyvbjerg @BentFlyvbjerg
MORE ON POWER #BIAS

There is a tension between #power and #rationality in any #organization. Power doesn't want to be limited by rationality, but will encourage rationality that serves its purposes ...

Read more here: 
linkedin.comProf. Bent Flyvbjerg on LinkedIn: MORE ABOUT POWER BIAS There is a tension between power and rationality | 13 commentsMORE ABOUT POWER BIAS There is a tension between power and rationality in any organization. Power generally does not want to be limited by rationality... 13 comments on LinkedIn7:50 PM ∙ May 4, 2022
11Likes3Retweets
-
Great points.
Randy Marchany @randymarchanyI've been asked why I have a different approach to cyber defense. Here's one of the reasons why. I blame Spaf (@TheRealSpaf)   😀 cerias.purdue.edu/site/blog/post…

@educause @SANSDefense
cerias.purdue.eduSolving some of the Wrong ProblemsThe Center for Education and Research in Information Assurance and Security (CERIAS) is currently viewed as one of the world’s leading centers for research and education in areas of information and cyber security that are crucial to the protection of critical computing and communication infrastructu…11:18 PM ∙ May 24, 2022
9Likes2Retweets
-
The cost of false positives is higher than defense system designers realise.
Karsten Hahn @struppigel
Detection technology research papers consistently misunderstand how much more impact a false positive has compared to false negatives.

They often get equal weight.
Sometimes false positives are even ignored.7:35 AM ∙ May 25, 2022
86Likes23Retweets

                Don't miss what's next. Subscribe to the grugq's newsletter: