October 6, 2022

                October 6, 2022

            October 6, 2022

            Big news is that the Uber CISO who lied to investigators has been found guilty of lying to investigators. 
Kim Zetter @KimZetterSullivan kept in-house counsel in the dark about breach while they negotiated with FTC to close investigation of company. “did he mention there was another incident that may be relevant to FTC's investigation?” Dawson asked.

Ross answered, “No.” courthousenews.com/2016-data-brea…
1:21 AM ∙ Oct 6, 2022
28Likes21Retweets
Whitney Merrill @wbm312
Hey CISO! Is your company under investigation and under obligation to turn over responsive documentation related to security practices? No? Then this doesn’t affect you. 

Yes? Don’t lie. Be truthful in your documentation and work closely with in house counsel on everything. 
Joseph Meany @josephmenn
Our updated story quotes stunned security pros who had already thought their jobs were nerve-wracking without the threat of prosecution. https://t.co/hAjMu3MsUk1:25 AM ∙ Oct 6, 2022
31Likes12Retweets
Marcia Hofmann @marciahofmann
Agreed, though I do have questions about why the feds decided to go after Joe Sullivan alone. Seems to me there could have been at least three potential defendants, but Sullivan was the only person indicted. 
Whitney Merrill @wbm312
A lot of people are conflating legal issues when discussing the Joe Sullivan/Uber - be careful of the red herrings. It’s not about breach notification, it’s not about bug bounties—it’s about lying to a regulator about information responsive to an open investigation and subpoena.1:48 AM ∙ Oct 6, 2022
24Likes6Retweets
-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

-
Tim Barker @_TimBarkeroriginal NYT review of Mein Kampf: this is great, man, we just have one little note nytimes.com/1996/10/06/boo… 
12:49 AM ∙ Oct 5, 2022
10,440Likes1,759Retweets
-
James Forshaw @tiraniddoHere's a fork of Rubeus with the 'askrc4' command. github.com/tyranid/Rubeus… it's not remotely suitable for a PR as I'm just using Rubeus as a surrogate Kerberos client. Knock yourselves out. 
James Forshaw @tiraniddo
With a little bit of CTRL+K CTRL+C it works. This is why I write my own tooling though 😁 https://t.co/8YgzEBgiXR
7:05 PM ∙ Oct 4, 2022
114Likes54Retweets
-
Kelly Shortridge @swagitda_
Cybersecurity Awareness Month Tip #4

As seen this summer, the advanced attacker appears to be habituated to humans and does not respond to loud noises.

Visitors should move camp if the attacker does not respond to initial deterrence methods and properly store data at all times.6:05 PM ∙ Oct 5, 2022
26Likes6Retweets
-
Tim Misiak @timmisiakNew version of WinDbg just released, update now! This is a big release that we're very proud of. Lots of new features and bug fixes, including support for editing data in the memory window!

More notes on changes in the UI below.

apps.microsoft.comGet $WinDbg Preview from the Microsoft StoreWe’ve updated WinDbg to have more modern visuals, faster windows, a full-fledged scripting experience, and Time Travel Debugging, all with the easily extensible debugger data model front and center. WinDbg Preview is using the same underlying engine as WinDbg today, so all the commands, extensions,…5:48 PM ∙ Oct 5, 2022
229Likes74Retweets-
Jameson Lopp @lopp
Somebody's having fun spamming the zcash blockchain and tripling its size to over 100 GB. Rough estimate is that this attack is costing them ~$10 a day in transaction fees. 
5:51 PM ∙ Oct 5, 2022
1,733Likes248Retweets
-
DOD Releases List of People's Republic of China (PRC) Military Companies in Accordance With Section 1260H of the National Defense Authorization Act for Fiscal Year 2021

https://www.defense.gov/News/Releases/Release/Article/3180636/dod-releases-list-of-peoples-republic-of-china-prc-military-companies-in-accord/

List here:

https://media.defense.gov/2022/Oct/05/2003091659/-1/-1/0/1260H%20COMPANIES.PDF

-
Never seen one of these actually being used before. That’s quite cool. I wonder if it’s a great idea to summon a drone carrying a grenade, for example, directly to you. Seems like this could have some issues that could be exploited
Rob Lee @RALee85Video of Ukrainian troops capturing a DJI UAV with a EDM4S C-UAS gun. 
t.me/The3rdForceUA/… 
6:24 PM ∙ Oct 5, 2022
1,636Likes245Retweets
-
A frankly embarrassing story. Albania admits that they were thinking about invoking article 5 when they got hacked. Fortunately there was someone who told them to “stfu and chill out”

https://www.politico.com/news/2022/10/05/why-albania-chose-not-to-pull-the-nato-trigger-after-cyberattack-00060347

-
Tom Uren @tomatospy
This week's Seriously Risky Business:
- The CIA is too stupid to know its stupid
- North Korea's smartphone hacking scene
- Ransomware rewards bear fruit
and more!

srslyriskybiz.substack.com/p/the-cia-is-t… 
2:27 AM ∙ Oct 6, 2022
19Likes8Retweets
-
Corellium @CorelliumHQ📢  We’re incredibly excited to share that @Arm is licensing Corellium’s virtualization technology as part of its Arm Virtual Hardware (AVH) offering, enabling high-performance virtualization of IoT devices for faster R&D!

corellium.com/blog/announcin… 
6:00 PM ∙ Oct 5, 2022
166Likes36Retweets
-
Europe is starting to make a lot of noise about commercial cyber capabilities. Things might be happening.
Ersin Çahmutoğlu @ersincmt
Worth read op-ed by @SophieintVeld 

"The use of mercenary spyware in the European Union is Europe’s Watergate."

"We know that 14 EU member states had bought Pegasus, and it is likely all member states are using one or another brand of spyware"

More;
eteron.orgEurope’s Watergate - ETERONMercenary spyware is a key tool in the toolkit of governments for monitoring. This is our Watergate moment.11:26 AM ∙ Oct 6, 2022
6Likes6Retweets
-
Juan Moreno-Cruz 🇨🇴 🇨🇦 @jmorenocruz
Rebranding linear algebra “principles of machine learning” to increase uptake. 😎12:37 PM ∙ Oct 5, 2022
3,295Likes238Retweets

                Don't miss what's next. Subscribe to the grugq's newsletter: