October 6, 2022
Big news is that the Uber CISO who lied to investigators has been found guilty of lying to investigators.
Sullivan kept in-house counsel in the dark about breach while they negotiated with FTC to close investigation of company. “did he mention there was another incident that may be relevant to FTC's investigation?” Dawson asked.
Ross answered, “No.” courthousenews.com/2016-data-brea…
Hey CISO! Is your company under investigation and under obligation to turn over responsive documentation related to security practices? No? Then this doesn’t affect you.
Yes? Don’t lie. Be truthful in your documentation and work closely with in house counsel on everything.
Joseph Meany @josephmenn
Agreed, though I do have questions about why the feds decided to go after Joe Sullivan alone. Seems to me there could have been at least three potential defendants, but Sullivan was the only person indicted.
Whitney Merrill @wbm312
-
-
original NYT review of Mein Kampf: this is great, man, we just have one little note nytimes.com/1996/10/06/boo…
-
Here's a fork of Rubeus with the 'askrc4' command. github.com/tyranid/Rubeus… it's not remotely suitable for a PR as I'm just using Rubeus as a surrogate Kerberos client. Knock yourselves out.
James Forshaw @tiraniddo
-
Cybersecurity Awareness Month Tip #4
As seen this summer, the advanced attacker appears to be habituated to humans and does not respond to loud noises.
Visitors should move camp if the attacker does not respond to initial deterrence methods and properly store data at all times.
-
New version of WinDbg just released, update now! This is a big release that we're very proud of. Lots of new features and bug fixes, including support for editing data in the memory window!
More notes on changes in the UI below.
-
Somebody's having fun spamming the zcash blockchain and tripling its size to over 100 GB. Rough estimate is that this attack is costing them ~$10 a day in transaction fees.
-
DOD Releases List of People's Republic of China (PRC) Military Companies in Accordance With Section 1260H of the National Defense Authorization Act for Fiscal Year 2021
https://www.defense.gov/News/Releases/Release/Article/3180636/dod-releases-list-of-peoples-republic-of-china-prc-military-companies-in-accord/List here:
https://media.defense.gov/2022/Oct/05/2003091659/-1/-1/0/1260H%20COMPANIES.PDF-
Never seen one of these actually being used before. That’s quite cool. I wonder if it’s a great idea to summon a drone carrying a grenade, for example, directly to you. Seems like this could have some issues that could be exploited
-
A frankly embarrassing story. Albania admits that they were thinking about invoking article 5 when they got hacked. Fortunately there was someone who told them to “stfu and chill out”
https://www.politico.com/news/2022/10/05/why-albania-chose-not-to-pull-the-nato-trigger-after-cyberattack-00060347-
srslyriskybiz.substack.com/p/the-cia-is-t…
-
📢 We’re incredibly excited to share that @Arm is licensing Corellium’s virtualization technology as part of its Arm Virtual Hardware (AVH) offering, enabling high-performance virtualization of IoT devices for faster R&D!
corellium.com/blog/announcin…
-
Europe is starting to make a lot of noise about commercial cyber capabilities. Things might be happening.
Worth read op-ed by @SophieintVeld
"The use of mercenary spyware in the European Union is Europe’s Watergate."
"We know that 14 EU member states had bought Pegasus, and it is likely all member states are using one or another brand of spyware"
More;
-
Don't miss what's next. Subscribe to the grugq's newsletter:
Start the conversation: