November 17, 2022

                            November 17, 2022

                November 17, 2022

Donie O'Sullivan @donie
NEW: Facebook sent a memo to its fact-checkers this afternoon telling them if Trump announces he's running for president tonight they can no longer fact-check anything he says. 
cnn.comFacebook fact-checkers will stop checking Trump after presidential bid announcement | CNN PoliticsFacebook’s fact-checkers will need to stop fact-checking former President Donald Trump following the announcement that he is running for president, according to a company memo obtained by CNN.11:04 PM ∙ Nov 15, 2022
18,232Likes8,007Retweets
-
Kim Zetter @KimZetter
DHS has stalled research grants to study domestic terrorism/violence. Sources say privacy concerns around the data collection are the reason, but others say it’s politics and that DHS is concerned about criticism over the studies and what they might show
washingtonpost.comDHS blocked vital research on domestic threats, say terrorism expertsHomeland Security commissioned $10 million worth of research on targeted violence. Two years later, the work hasn’t started because of a fight over privacy protocols.4:22 PM ∙ Nov 16, 2022
94Likes66Retweets
-
subscribe to the info op.

Nathan @nathantempey
Okay, I give up. How's the NYPD paying $2M to a company registered to some guy's Brooklyn apartment when the guy says he's never heard of the company and is broke 
2:28 PM ∙ Nov 16, 2022
24,012Likes4,163Retweets
-
Burp Suite @Burp_Suite
Don't forget, if you solve the complete #burpchallenge, you can win a free Burp Suite Certified Practitioner exam credit - giving you a novel opportunity to demonstrate your skills with the most widely used web application security testing toolkit… portswigger.netBurp challenge | Web Security AcademyChallenges and incentives to test your vulnerability knowledge and your Burp Suite skills.3:30 PM ∙ Nov 16, 2022
28Likes10Retweets
-
Dan Luu @danluu
One of the things that I think is sad about the decimation of Twitter eng is that Twitter was doing a lot of interesting (and high ROI) engineering work that, at younger companies, is mostly outsourced to "the cloud" or open source projects

A few examples off the top of my head: Dan Luu @danluuThe value of in-house expertise

https://t.co/GIRVXf3xs6 https://t.co/gbxDwoYvfW6:59 AM ∙ Nov 16, 2022
2,109Likes561Retweets-
China has crazy quad track unmanned vehicles that are amphibious. Death robots from the sea…

https://www.thedrive.com/the-war-zone/chinas-quad-tracked-amphibious-unmanned-vehicle-is-fascinating

-
NSA Cyber @NSACyber
Our partners @CISAgov and @FBI detail in a new Cybersecurity Advisory how suspected Iranian state-sponsored actors compromised a federal network through an unpatched VMware Horizon server. Read the advisory to learn how to detect and prevent related compromises. 
Cybersecurity and Infrastructure Security Agency @CISAgov
We published an advisory with our partners @FBI that provides #IOCs and #TTPs on Iranian government-sponsored #APT actors malicious activity to compromise a federal agency network. Read the advisory: https://t.co/3NJPHPzIan https://t.co/5glNy4XLPY3:57 PM ∙ Nov 16, 2022
90Likes47Retweets
-
Larry Madowo @LarryMadowo
An African student who was imprisoned in Moscow has been killed during battle in Ukraine fighting for Russia. 

The Zambian foreign ministry says it has urgent questions for Moscow about how the 23yo nuclear engineering student ended up fighting for Russia.4:21 PM ∙ Nov 14, 2022
37,130Likes10,562Retweets-
Lots of bots and such available for sale.

https://news.cybersixgill.com/twitter-has-a-massive-dark-web-problem/

-
Formal monkey linguistics
Do monkeys have language? Sort of. Maybe. They can modify one call with another call. So there’s a sort of proto grammar.

https://www.degruyter.com/document/doi/10.1515/tl-2016-0001/html

-
Mattathias Schwartz @Schwartzesque
For a few hours yesterday, the consensus seemed to be that Russian missiles had likely struck a member of the NATO alliance.

That incendiary allegation hung on the word of a single, anonymous "senior intelligence official."
2:32 PM ∙ Nov 16, 2022
1,014Likes79Retweets
Caroline Orr Bueno, Ph.D @RVAwonk
My colleagues and I recently wrote/presented a paper on this very topic (I will share it when it's published), and one of our findings was that Twitter actually shapes the course and outcome of crises. It can literally mean the difference between life and death. 10/ 
3:48 AM ∙ Nov 15, 2022
2,066Likes283Retweets
-
tariq panja @tariqpanja
“Sometimes, I feel very unlucky to be Nepali.”

Nepal sent more workers to Qatar than almost any nation, their people built the World Cup. More than 2,000 returned in coffins. I went to Nepal to see just how unfettered ambition collides with dire poverty

nytimes.comThe World Cup’s Forgotten TeamHundreds of thousands of Nepalis were part of an army of migrant workers who remade Qatar for its World Cup moment. But in chasing desperately needed paychecks abroad, many pay a heavy price.10:04 AM ∙ Nov 16, 2022
4,888Likes1,945Retweets
-
Electrospaces @electrospaces
An official US Army app had Russian code and may have harvested user data: c4isrnet.comOfficial US Army app had Russian code, may have harvested user dataAt least 1,000 people downloaded the app, which delivered updates for troops at the National Training Center.8:00 AM ∙ Nov 17, 2022
18Likes12Retweets
-
David Erschler @David_Erschler
Prof. et al. still going strong 
7:26 PM ∙ Nov 14, 2022
8,748Likes1,406Retweets
-
Justin Wyne @wyne
I asked my friend at Twitter how he’s doing. He said he can’t complain.5:04 AM ∙ Nov 17, 2022
2,923Likes292Retweets
-
Matthijs R. Koot @mrkootU.S. DOJ: Two Russian Nationals Charged with Running Massive E-Book Piracy Website (Nov 16) justice.gov/usao-edny/pr/t…

Defendants are allegedly responsible for operating Z-Library. Arrested in Argentina on 3 Nov 2022.

Indictment (.pdf, 8 pages) justice.gov/usao-edny/pres…
11:15 AM ∙ Nov 17, 2022
14Likes16Retweets
-
Jack Halon @jack_halon
Today I am releasing part 2 of my 3-part browser exploitation series on Chrome! 

In part 2, we take a deep dive into the V8 compiler pipeline by understanding what happens under the hood in Ignition, Sparkplug, and TurboFan!

Enjoy!

jhalon.github.ioChrome Browser Exploitation, Part 2: Introduction to Ignition, Sparkplug and JIT Compilation via TurboFanIn my previous post “Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals”, we took our first deep dive into the world of browser exploitation by covering a few complex topics that were necessary for fundamental knowledge. We mainly covered topics on how JavaScript and V8…8:44 PM ∙ Nov 16, 2022
408Likes115Retweets
-
Emilio Escobar @eaescob
Super excited for this project! I love the fact that the team focuses on building things that can be used broadly with the primary attention to safety for all: securitylabs.datadoghq.comFinding malicious PyPI packages through static code analysis: Meet GuardDog | Datadog Security LabsGuardDog is an open-source tool to identify malicious PyPI packages through source code and metadata analysis4:37 PM ∙ Nov 15, 2022
9Likes6Retweets
-
Alberto Acerbi @acerbialberto
Step aside Eskimo words for snow. 
Terrible Maps @TerribleMaps
All the words in Italy for female genitalia https://t.co/ZIDUeL3B4k10:29 PM ∙ Nov 14, 2022
39Likes6Retweets
Terrible Maps @TerribleMaps
All the words in Italy for female genitalia 
7:23 PM ∙ Nov 14, 2022
44,692Likes3,679Retweets
-

                            Don't miss what's next. Subscribe to the grugq's newsletter: