The Info Op

Share this post

February 7, 2023

grugq.substack.com

February 7, 2023

the grugq
Feb 07, 2023
4
Share this post

February 7, 2023

grugq.substack.com
Share

Hackers are mass infecting servers worldwide by exploiting a patched hole

Today’s reminder that patch availability is not directly correlated to the end of an exploit’s utility.

The persistent belief that 0days must be reported to vendors immediately to “improve security for everyone” is based on a fantasy. The reality is that reporting bugs simply increases the quantity and diversity of exploits available to all threat actors.

In the ideal world when a bug is reported to a vendor they prioritise it and quickly fix it. Then when the patch is released, everyone immediately patches their software, rendering the vulnerability completely harmless. And there are unicorns.

But we live in reality, where bugs sit in vendor’s bug trackers for months (or years), and patches are applied on only some boxes. In reality when a patch (and maybe vulnerability announcement) is released it is the threat actors who pay attention.

The problem is simple: Applying patches is tedious. Exploit development is fun.

https://arstechnica.com/information-technology/2023/02/hackers-are-mass-infecting-servers-worldwide-by-exploiting-a-patched-hole/

-

The Info Op is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.

-

-

Twitter avatar for @BeBoXoS
5t3ph4n3 -=BeBoX=- #open to work @BeBoXoS
Interesting Scrolling attack😂 Interessante Attaque avec le touchScreen 😂 #CyberSecurity #cybersecurite source : linkedin.com/posts/ali-farh…
9:28 PM ∙ Feb 5, 2023
1,396Likes328Retweets

-

Twitter avatar for @unusual_whales
unusual_whales @unusual_whales
BREAKING: FTX is sending letters to politicians who received donations from FTX to return the money they received. There was not a list of the politicians they gave money to, and the amounts. Until now. See it here: unusualwhales.com/politics/artic…
Image
9:01 PM ∙ Feb 5, 2023
36,651Likes14,489Retweets

-

Twitter avatar for @WallStreetSilv
Wall Street Silver @WallStreetSilv
3d printer does homework that ChatGPT wrote … 🔥 Kids in school have it so easy these days.😂
9:05 PM ∙ Feb 3, 2023
3,730Likes616Retweets

-

Twitter avatar for @kimb3r__
kimber ✨ @kimb3r__
one of the ideas i've been playing around with since i started at @GreyNoiseIO is how to communicate to people that the internet has a hum that is periodic, and when the frequencies are out of balance pay attention because something interesting might be happening
Image
Image
Image
8:17 PM ∙ Feb 6, 2023
275Likes45Retweets

-

Tsunami: Asteroid Impact

Video simulation of the tsunami that killed the dinosaurs.

https://sos.noaa.gov/catalog/datasets/tsunami-asteroid-impact-66-million-years-ago/

-

Twitter avatar for @ollieatnowhere
Ollie Whitehouse @ollieatnowhere
2014 I wrote 'Introduction to Anti-Fuzzing: A Defence in Depth Aid' which @FidgetingBits & I worked on. research.nccgroup.com/2014/01/02/int… Fast fwd 2023 an academia paper has just been published 'No-Fuzz: Efficient Anti-fuzzing Techniques' link.springer.com/chapter/10.100… no ref == no href.
link.springer.comNo-Fuzz: Efficient Anti-fuzzing TechniquesFuzzing is an automated software testing technique that has achieved great success in recent years. While this technique allows developers to uncover vulnerabilities avoiding consequent issues (e.g., financial loss), it can also be leveraged by attackers to find...
7:02 AM ∙ Feb 7, 2023
18Likes8Retweets

-

Twitter avatar for @thegrugq
thaddeus e. grugq 🌻 thegrugq@infosec.exchange @thegrugq
Yeah but with inflation that’s only really worth $588 million to $934 million in today’s dollars. https://t.co/t3Y569x9Ln
Twitter avatar for @JanLemnitzer
Jan Lemnitzer @JanLemnitzer
North Korea's 'hacking for nukes' programme is thriving as never before: a secret UN report the German Press Agency claims it has seen assumes they made at least 630 million dollars and possibly up to a billion last year (in German). @thegrugq @DRMoltke https://t.co/brm7t3Oxvy
10:36 AM ∙ Feb 7, 2023
6Likes1Retweet
Twitter avatar for @DRMoltke
Henrik Moltke @DRMoltke
@JanLemnitzer @thegrugq I haven't read the article but how I'm surprised this is such big news when @chainalysis published a similar nurmber a week ago?
blog.chainalysis.com2022 Biggest Year Ever For Crypto Hacking - ChainalysisCrypto hacking had its biggest year ever in 2022 with $3.8 billion stolen primarily from DeFi protocols and largely conducted by North Korean-linked hackers.
10:04 AM ∙ Feb 7, 2023

-

Twitter avatar for @RobDotHutton
Robert Hutton @RobDotHutton
No restructuring of the Business Department will ever match the moment in 2005 when it was nearly renamed the Department of Productivity, ENergy, Industry and Science. Or PENIS for short.
8:15 AM ∙ Feb 7, 2023
181Likes36Retweets

-

4
Share this post

February 7, 2023

grugq.substack.com
Share

Discussion about this post

No posts

Ready for more?

© 2024 the grugq
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture
Share