The Info Op

Share this post

The Info Op
The Info Op
April 11
Copy link
Facebook
Email
Notes
More

April 11

the grugq
Apr 11, 2022

Share this post

The Info Op
The Info Op
April 11
Copy link
Facebook
Email
Notes
More
Share

Craig Newmark is throwing 50m into “cyber civil defense” which will be focusing on tools for the common civilian.

Twitter avatar for @zittrain
Jonathan Zittrain @zittrain
Welcome news from Craig Newmark, who has been doggedly identifying the gaps between public and private responsibility for cybersecurity, where new institutions and relationships need to take root and flourish. This will very much help that happen.
Image
Twitter avatar for @craignewmark
craig newmark @craignewmark
I've committed over 50M to what I'm calling Cyber Civil Defense, with a focus on tools and services for regular people. Working with @ConsumerReports @GlobalCyberAlln @RescueTaskForce @Shadowserver and more! https://t.co/A0ISjUuHeX
2:54 PM ∙ Apr 11, 2022
13Likes10Retweets

Impressive improvement in cracking passwords.

Twitter avatar for @ezrabowman
Ezra Bowman @ezrabowman
Check out the reduction in brute force attack time on passwords since last year. Looks like 16-18 characters should be the absolute minimum.
Image
Image
2:07 PM ∙ Apr 10, 2022
1,908Likes692Retweets

A little dive into the shitty world of Russian disinformation.

Twitter avatar for @BenDoBrown
Benjamin Strick @BenDoBrown
Pro-Russian accounts and 'fake news' sites are trying to claim that satellite imagery from @Maxar, posted by @nytimes, showing bodies on the streets of Ukraine's Bucha are fake, but in this thread, you're going to see how silly pro-Russian disinformation attempts can be 🧵👇
Image
9:24 AM ∙ Apr 10, 2022
9,013Likes3,235Retweets

Goodbye Tracking? Impact of iOS App Tracking Transparency and Privacy Labels

Overall, our findings suggest that, while tracking individual users is more difficult now, the changes reinforce existing market power of gatekeeper companies with access to large troves of first-party data.

https://arxiv.org/abs/2204.03556

This cyberpunk future is both amazing and terrifying and, frankly, terrible. It’s not exactly the Off World Colonies, but…

Twitter avatar for @DrEricDing
Eric Feigl-Ding @DrEricDing
7) Of course, Chinese govt doesn’t condone balcony singing or & protesting. And of course, a govt drone appears: “Please comply with COVID rules. **Control your soul’s desire for freedom**. Do not open window to sing.” ➡️yes the drone actually said that.
3:03 AM ∙ Apr 10, 2022
3,515Likes1,432Retweets

Impressive progress in solving security. Looks like UAF memory corruptions will all be over by Christmas!

Twitter avatar for @jonmasters
Jon Masters 🏴‍☠️ @jonmasters
Great progress! Worth noting that CHERI is still a research architecture. It’s a great concept, but it’s a little ways away. I’m very interested in the analysis of the overhead of real implementation
Twitter avatar for @ed_maste
Ed Maste @ed_maste
That takes confidence: Prof. Robert Watson presenting a CHERI software brief at the Digital Security by Design conference, from an Arm Morello board prototype running CheriBSD with all userspace software running memory safe using CHERI capabilities https://t.co/rKbZzwRWTI
3:40 PM ∙ Apr 10, 2022
25Likes3Retweets

As we frequently discuss, there is a lot of soft power in having good opportunities and desirable lifestyles. For example, you can brain drain your adversaries.

Twitter avatar for @AlecStapp
Alec Stapp @AlecStapp
When one chart is worth a thousand words: Russian emigration started to explode in 2012 after Putin began his third term as president.
Image
12:09 PM ∙ Apr 10, 2022
750Likes162Retweets

Some sorta nginx 0day going about. Some initial reports of ITW exploitation and an older version being vulnerable? Is it the same issue as this one?

Twitter avatar for @Gi7w0rm
Gitworm @Gi7w0rm
Some more information on the #Nginx #0day by @_Blue_hornet as shared via DM and published here with permission:
Image
1:49 PM ∙ Apr 9, 2022
124Likes53Retweets

Additional info is available on GitHub.

https://github.com/AgainstTheWest/NginxDay

And an interview with the person behind the exploit. Or at least part of the team. See next.

A Pro West hacking collective. They find and develop an nginx 0day. And then immediately report it via HackerOne. Just… what kind of hackers are these?

The sections on motivations and where they see themselves in the larger cyber conflict is interesting.

https://www.databreaches.net/an-interview-with-againstthewest/

The Awesome OSINT list.

https://github.com/jivoi/awesome-osint

%

The updates on this eBay listing. It is very funny and the storytelling is incredible

https://www.ebay.co.uk/itm/154933141682

A bunch of semgrep rules for vuln hunting.

Twitter avatar for @0xdea
raptor @0xdea
I took some time to write 36 new rules for @r2cdev’s Semgrep. Enjoy! Semgrep ruleset for C/C++ vulnerability research
security.humanativaspa.itSemgrep ruleset for C/C++ vulnerability research - hn security“Humans are more suited to recognize […]
8:38 AM ∙ Apr 11, 2022
48Likes15Retweets

NSO was used to hack the phones of top EU officials. This seems like the death blow for NSO.

Twitter avatar for @razhael
Raphael Satter @razhael
New: Senior European Union officials — including the bloc’s top justice official — were targeted using powerful phone hacking tools, @Bing_Chris and I have learned.
reuters.comExclusive: Senior EU officials were targeted with Israeli spywareSenior officials at the European Commission were targeted last year with spy software designed by an Israeli surveillance firm, according to two EU officials and documentation reviewed by Reuters.
6:15 AM ∙ Apr 11, 2022
255Likes228Retweets

Several advances in ransomware gang techniques. New methods of initial access, and more AV evasion techniques.

Twitter avatar for @BushidoToken
Will @BushidoToken
LockBit Ransomware with a new Initial Access Vector! Now using SocGholish JS framework (which was historically used by EvilCorp) 🧐 cc @pancak3lullz @GossiTheDog
Twitter avatar for @TrendMicroRSRCH
Trend Micro Research @TrendMicroRSRCH
We examine the evasive tactics of #SocGholish and #BLISTER loaders, such as masking a tampered DLL as legitimate and placing shell code to sleep temporarily. Find out more from our investigation: https://t.co/0u345bPFhH
9:29 AM ∙ Apr 11, 2022
43Likes15Retweets
Twitter avatar for @TrendMicroRSRCH
Trend Micro Research @TrendMicroRSRCH
We examine the evasive tactics of #SocGholish and #BLISTER loaders, such as masking a tampered DLL as legitimate and placing shell code to sleep temporarily. Find out more from our investigation:
research.trendmicro.comThwarting Loaders: From SocGholish to BLISTER’s LockBit PayloadBoth BLISTER and SocGholish are loaders known for their evasion tactics. Our report details what these loaders are capable of and our investigation into a campaign that uses both to deliver the LockBit ransomware.
2:00 PM ∙ Apr 10, 2022
18Likes6Retweets

Finland is really keen to point out that they are going to join NATO and any actions by Russia will only harden their resolve. I liked that cyber attacks are called out.

Twitter avatar for @alexstubb
Alexander Stubb @alexstubb
Any intimidation, threat or cyber attack from Russia will only increase support for @NATO membership in Finland. The train has left the station. We are on board. Destination Nato HQ in Brussels. An application is imminent, latest in June. Membership 2022.
2:27 PM ∙ Apr 11, 2022
540Likes65Retweets

China.

Twitter avatar for @TGTM_Official
The Great Translation Movement 大翻译运动官方推号 @TGTM_Official
AMOGUS Ok seriously, they are taking George #Orwell as instructions now. #TheGreatTranslationMovement #大翻译运动 #Beijing
Image
Image
Image
Image
11:05 AM ∙ Apr 10, 2022
3,509Likes1,438Retweets

Share this post

The Info Op
The Info Op
April 11
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2025 the grugq
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More