September 16, 2022

                September 16, 2022

            September 16, 2022

            vx-underground @vxunderground
Update: A Threat Actor claims to have completely compromised Uber - they have posted screenshots of their AWS instance, HackerOne administration panel, and more.

They are openly taunting and mocking @Uber. 
2:16 AM ∙ Sep 16, 2022
1,518Likes729Retweets
Persistence is the greatest hacker tool:
Corben Leo @hacker_Apparently there was an internal network share that contained powershell scripts...

"One of the powershell scripts contained the username and password for a admin user in Thycotic (PAM) Using this i was able to extract secrets for all services, DA, DUO, Onelogin, AWS, GSuite" 1:17 AM ∙ Sep 16, 2022
1,135Likes256Retweets-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
ABC News @ABCHISTORIC HANG-UP: Workers remove the last public payphone operating on the streets of New York city. Mass adoption of cellphones have rendered the once-ubiquitous installations obsolete. abcn.ws/3wJMsy6 
12:10 PM ∙ May 24, 2022
577Likes232Retweets
-
Ginny Hogan_ @ginnyhogan_
My boyfriend just sent me six texts, all by accident, all intended for his friend. All six were about how much he loved Nicolas Cage. I would have rather found out he was cheating.10:44 PM ∙ Sep 14, 2022
143,314Likes4,838Retweets
-
Geopolitical cyber incidents in Canada, eh.

https://dandurand.uqam.ca/wp-content/uploads/2022/08/2022-08-22-Rapport-OCM-ENG.pdf

-
An interview with a foreign volunteer who was in Bucharest while it was occupied.
-
Florian Roth ⚡ @cyb3rops
#OffSec devs 🤭 
8:28 PM ∙ Sep 15, 2022
601Likes101Retweets
-
Jesse Walker @notjessewalker
An insurer asked a 60-officer police department to "enact more than a dozen changes focused on reducing violent encounters with the public. When police failed to do so, the risk pool pulled its coverage, and the department disbanded." washingtonpost.comInsurers force change on police departments long resistant to itInsurance companies are successfully dictating reforms in police departments, a movement driven by the large settlements out of use-of-force cases.5:32 PM ∙ Sep 15, 2022
4,765Likes1,123Retweets
-
Aleksandr Morozov @morozov_dev
Developers: it's a simple feature, users will understand it.

Users: 
6:25 PM ∙ Sep 15, 2022
22,444Likes3,740Retweets
-
amy nguyen @amyngyn
COWORKER: we need to find the root cause asap
ME: *takes long drag* the root cause is that our processes are not robust enough to prevent a person from making this mistake
COWORKER: amy please not right now7:38 PM ∙ Dec 11, 2018
12,651Likes3,209Retweets
-
Jeff Vander Stoep @jeffvanderstoep
Agreed. Fuzzing is currently our best tool for finding memory safety bugs. However it's:
- Somewhat effective at discovering spacial safety bugs.
- Much less effective (ineffective, really) at finding temporal safety bugs.

Temporal safety is where we most urgently need solutions 
InsanityBit @InsanityBit"Half of the known exploitable bugs in Chrome are use-after-frees"

kinda makes you question this whole "we solve spatial safety but not temporal safety" thing some languages are selling lately11:15 AM ∙ Sep 15, 2022
94Likes9Retweets
-
Metlstorm @Metlstorm
The more they stay the same https://t.co/aZKucVTUdS 
Metlstorm @Metlstorm
The more things change 😭 https://t.co/lDyDIhyocq https://t.co/PAB9EQKwTq4:42 AM ∙ Sep 16, 2022
18Likes5Retweets
-
Lohitaksh Nandan @NandanLohitaksh30 Search Engines for Cybersecurity Researchers:

1. Dehashed—View leaked credentials.
2. SecurityTrails—Extensive DNS data.
3. DorkSearch—Really fast Google dorking.
4. ExploitDB—Archive of various exploits.

#cybersecurity #infosec #bugbounty4:23 PM ∙ Sep 15, 2022
1,514Likes493Retweets-
Joe Słowik 🌻 @jfslowik
6:59 PM ∙ Sep 14, 2022
353Likes45Retweets
-
**Zombie Ant Farm: Primitives and Offensive Tooling for Playing Hide and Seek with Linux EDRs**

https://github.com/dsnezhkov/zombieant/wiki/Project-Overview

-
Marc Polymeropoulos @Mpolymer
Scenario likely happening overseas: An agent braces his case officer "ok, so you're telling me that the info that I'm giving you all, that can get me killed, can be just taken home by a former president? And your vaunted justice system is tied in knots? This is nuts. I quit."8:57 AM ∙ Sep 16, 2022
1,913Likes471Retweets
-
SᴡᴇᴇᴘTʜᴇLᴇɢ @CobraKeiser
i am not a religious man but i said a quick prayer for my guy 
11:59 PM ∙ Sep 14, 2022
107,610Likes9,958Retweets
-
raptor @0xdea
Windows TCP/IP Remote Code Execution Vulnerability (CVE-2022-34718) 🤨 

msrc.microsoft.com/update-guide/v… 
6:09 AM ∙ Sep 16, 2022
127Likes43Retweets
-
animals going goblin mode @mischiefanimals
8:11 AM ∙ Jul 29, 2022
559,372Likes76,203Retweets
-
Matthijs R. Koot @mrkootU.S. DOD & DOJ join FCC inquiry into internet routing security (Sep 14) justice.gov/opa/pr/departm…

Said FCC inquiry (Feb 28): fcc.gov/document/fcc-l…

FCC solicited comments from netops who participate in @RoutingMANRS: see screenshots (source: FCC-22-18A1, §13).

#RPKI #BGP 
6:37 AM ∙ Sep 16, 2022
10Likes7Retweets
-
Lies. Damn lies. And newspaper headlines.
Prof Pete Etchells @PeteEtchells
Take a look at this headline. This is based on an unpublished conference abstract (being presented today at an endocrinology meeting) of a study on rats. 
5:57 AM ∙ Sep 16, 2022
953Likes271Retweets
Prof Pete Etchells @PeteEtchells
The research finds nothing of the sort. They exposed immature rats to 6/12 hrs of intense blue light. There is nothing remotely relevant to screens or childhood puberty in this study.5:58 AM ∙ Sep 16, 2022
275Likes46Retweets
-
Amjad Masad ⠕ @amasad
I grew up in the golden age of SQL injections but GPT3 injections just hit different  🤣 
2:19 AM ∙ Sep 16, 2022
5,130Likes1,002Retweets

The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

                Don't miss what's next. Subscribe to the grugq's newsletter: