September 9, 2022

                September 9, 2022

            September 9, 2022

Joe Uchill @JoeUchill
There are a surprising number of fans of cryptocurrency who complain about not being taken seriously as a financial product, but scoff at the idea of being regulated like one.

Jeff Stein @JStein_WaPoNew -- Treasury Dept to warn in 4 reports to White House of dangers of crypto, stress potential financial risks absent new government regulations. 

“Treasury is trying to create the analytical basis for very strong oversight of this sector of finance"

https://t.co/KJIPKi9KtF2:06 PM ∙ Sep 8, 2022
28Likes11Retweets
-
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Jay Healey @Jason_Healey
"Bob Jervis made important contributions to research on cyber conflict because he knew that, although it was fought using new kinds of tools, it was still conflict"

Honored to share reminiscences & contributions from Bob @SIWPSColumbia 

tnsr.orgRemembering Robert Jervis - Texas National Security ReviewIn this roundtable, our contributors look back on the life and work of Robert Jervis. A towering figure in international relations, Jervis made crucial contributions to multiple academic fields as well as the U.S. government. He is remembered for his scholarly work as well as his generosity as a tea…1:34 PM ∙ Sep 6, 2022
27Likes12Retweets
-
Max Smeets @Maxwsmeets
Much praise from the (policy) community with respect to Albania cutting diplomatic ties with Iran over the July cyber attacks.

But there are lot of open questions here regarding scale, response & motive

A thread 🧵12:56 PM ∙ Sep 8, 2022
33Likes11Retweets
-
Dana Schwartz @DanaSchwartzzz
A strange fact from history that highlights the unique reverence ascribed to the monarchy and the its relationship with the press:

King George V (Elizabeth’s grandfather) was euthanized with a lethal dose of morphine so that his death could be reported in the morning papers.4:24 PM ∙ Sep 8, 2022
3,844Likes274Retweets
-
Matthijs R. Koot @mrkootTwo reads in @intl_spectator 57:3 (2022), Open Access:

Contesting Western & Non-Western Approaches to Global Cyber Governance beyond Westlessness doi.org/10.1080/039327…

China’s Approach to Cyber Governance & Its Implications for the Western Model doi.org/10.1080/039327… 
5:00 PM ∙ Sep 8, 2022
4Likes1Retweet
-
Cara Lombardo @CaraRLombardo
.@WSJ scoop: The Twitter whistleblower filed his complaint days after reaching a $7M settlement with the company. 

He is set to testify before a Senate committee Tues — one of the few venues in which he is allowed to discuss the confidential settlement.  wsj.comWSJ News Exclusive | Twitter Agreed to Pay Whistleblower Roughly $7 Million in June SettlementThe settlement with Peiter Zatko, related to lost pay, didn’t prevent him from filing a complaint that is now part of Elon Musk’s case against Twitter.6:29 PM ∙ Sep 8, 2022
37Likes17Retweets
-
Jens Stoltenberg @jensstoltenberg
I strongly condemn the recent cyber attack on #Albania, which Tirana & other Allies have attributed to Iran. #NATO & Allied experts are providing support. NATO is committed to continue raising our guard: to deter, defend against & counter cyber threats. 
bit.lyStatement by the North Atlantic Council concerning the malicious cyber activities against Albania12:22 PM ∙ Sep 8, 2022
746Likes234Retweets
-
Arda Büyükkaya @WhichbufferArdaAccording to investigation made by Microsoft Detection and Response Team (DART), Iranian TAs used Microsoft SharePoint Remote Code Execution Vulnerability (CVE-2019-0604) against the Albanian government.
microsoft.com/security/blog/… 
Kevin Beaumont @GossiTheDog
📢 CVE-2019-0604 is being exploited in the wild 📢 It's a web based remote code execution vuln without need for authentication, plus Microsoft had to reissue the patch later as the first one didn't fix the vulnerability - so lots of places are exposed. https://t.co/qBDxwyJWi4
7:21 PM ∙ Sep 8, 2022
28Likes12Retweets
-
Ryan Naraine @ryanaraine
"Unfortunately, at the time of writing, some HP enterprise devices (laptops and desktops) have still not received updates to patch these vulnerabilities, despite them being publicly disclosed for over a month...." 
BINARLY @binarly_io💥New REsearch: "Binarly Finds Six High Severity Firmware Vulnerabilities in HP Enterprise Devices".

🔥Approximately 20% of FW updates contain at least 2 or 3 known vulnerabilities, according to our data (based on enterprise-grade vendors study). #FwHunt

https://t.co/4nMdk2fXvu https://t.co/9fAk1J4uZc7:12 PM ∙ Sep 8, 2022
15Likes12Retweets
-
Ian Coldwater 📦💥 @IanColdwater
Do you enjoy being right and being ignored? Do I have the job for you! 
Sherrod DeGrippo 📬 @sherrod_im
Thinking about getting into InfoSec? Well I hope you enjoy being tired a lot.3:44 AM ∙ Sep 9, 2022
325Likes36Retweets
-
There is some great information in here.

-
The Ruck
What Ukraine drone videos tell us about the future of war
WE CAN LEARN SO MUCH about where warfare is going by watching drone videos from Ukraine. There are countless examples of these videos, shot from both small drones that can be bought online and larger ones made solely for military use, all with similar themes: background techno music overshadowing the lethal voyeurism, confusion as you try to pinpoint the…
Read more
7 months ago · 3 likes · Paul Szoldra
-
chompie @chompie1337
Curious about exploiting VMs or memory bugs in a safe language? Read my new blog post, where I attack Firecracker, AWS' VMM written in Rust. Learn about the various layers of virtualization + the attack surface, and how design decisions impact security. 
graplsecurity.comAttacking Firecracker: AWS’ microVM Monitor Written in Rust - Blog | GraplFirecracker is a microVM manager in Rust that powers AWS services like Lambda and Fargate. It’s also one of the key components of Grapl’s multi-tenant isolation. A critical dependency deserves some red teaming - here’s how we attacked AWS Firecracker.4:17 PM ∙ Sep 8, 2022
1,388Likes370Retweets
-
vx-underground @vxundergroundThe United States congress is considering banning cryptocurrency mining to combat climate change.

Image via @BitcoinMagazine 1:59 AM ∙ Sep 9, 2022
249Likes57RetweetsIt was mentioned that “all US mining uses 100% renewables. This is to have them show receipts to prove it.” And honestly, I’m kinda ok with that. OTOH, it’s renewables that isn’t being used for regular stuff and thus forces non renewable use, but I think it probably also provides strong incentives to increase renewable deployment (and pay for it). Which lowers costs of renewables which helps get them more widely deployed fast… assuming that is the second order effect, it’s probably net positive? 
-
Military Pigeons @MilitaryPigeons
The Swedish Military’s Pigeon Service: 1886 – 1949 pigeonsofwar.wordpress.comThe Swedish Military’s Pigeon Service: 1886 – 1949A lot of ink has been spilled about military pigeons and their heroic actions during wartime. But what about those in peacetime armies? This blog is part of an occasional series examini…4:13 AM ∙ Sep 9, 2022
18Likes6Retweets
When SIGINT meant hawks. (Not actually in here, just amusing)
-
People adjust their opinions to match everyone else’s opinions. But they also badly misjudge what everyone else’s opinions are. 

https://www.pnas.org/doi/10.1073/pnas.2107260119

-
Microsoft Security Intelligence @MsftSecIntel
Microsoft Detection and Response Team (DART) was engaged to lead the investigation on destructive cyberattacks launched against the Albanian government in mid-July. We assess that the attack was launched by an Iranian state-sponsored actor. Full report: microsoft.comMicrosoft investigates Iranian attacks against the Albanian government - Microsoft Security BlogShortly after the destructive cyberattacks on the Albanian government in mid-July, the Microsoft Detection and Response Team (DART) was engaged to lead an investigation into the attacks.3:05 PM ∙ Sep 8, 2022
283Likes152Retweets
-
Jonathan Metzman @metzmanj
We published a blogpost on SystemSan - our sanitizer for command injection which found a remote code execution vulnerability in tinygltf.

security.googleblog.com/2022/09/fuzzin…

We will pay rewards for sanitizers that can find non C/C++ specific vulnerabilities such as SQLI, XSS, and SSRF. 
4:00 PM ∙ Sep 8, 2022
71Likes34Retweets
-
Bret Devereaux is a very insightful scholar and everyone should read his blog acoup.blog
He discusses pre modern logistics and warfare on this podcast, and it’s great.
Advisory Opinions
Bret Devereaux Talks Orc Battle Tactics
Listen now (57 min) | Bret Devereaux is an ancient and military historian at the University of North Carolina at Chapel Hill, and is here to discuss military tactics of some of fiction's biggest battles from The Lord of the Rings to Game of Thrones. Can David contain his excitement? Does Sarah understand anything being said…
Read more
8 months ago · 89 likes · 115 comments · David French and Sarah Isgur
The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

Don't miss what's next. Subscribe to the grugq's newsletter: