Jan 16, 2023

Supply Chain Attack Using Identical PyPI Packages, “colorslib”, “httpslib”, and “libhttps”

https://www.fortinet.com/blog/threat-research/supply-chain-attack-using-identical-pypi-packages-colorslib-httpslib-libhttps

Electrospaces @electrospaces

Right behind German defense minister Lambrecht we can see the brand new secure telephone SINA Communicator H:

Verteidigungsministerium @BMVg_Bundeswehr

Gemeinsam sind wir stärker. Ministerin Lambrecht stimmte sich heute mit 🇺🇸 @SecDef Austin zu Schützenpanzern #Marder und dem Flugabwehrsystem #Patriot für die 🇺🇦 ab. Das nächste Ramstein-Treffen findet am 20. Januar statt. Details finden Sie in der heutigen Pressemitteilung👇 https://t.co/bVjlYYZefb

Matt Suiche @msuiche

This is an attack vector that @lordx64, @Cryptilt and I have been talking about since 2021. 🤷‍♂️ https://t.co/FbY7238tQf

whalechart.org @WhaleChart

BREAKING: Google Chrome security vulnerability detected could lead to crypto wallet stealing

Given that the invention of attack trees is commonly attributed to Schneier's 1999 article, I was surprised to see the idea described in a 1991 paper by J.D. Weiss of Bell Labs [1].
Even more surprising is that I found it because it was cited in another paper co-authored by Schneier in 1998 [2].
[1]J.D. Weiss, "A System Security Engineering Process," Proceedings of the 14th National
Computer Security Conference, 1991.
https://csrc.nist.gov/CSRC/media/Publications/conference-paper/1991/10/01/proceedings-14th-national-computer-security-conference-1991/documents/1991-14th-NCSC-proceedings-vol-2.pdf
[2] Chris Salter, O. Sami Saydjari, Bruce Schneier, Jim Wallner, "Toward a secure system engineering methodology," NSPW '98: Proceedings of the 1998 workshop on New security paradigms
https://dl.acm.org/doi/10.1145/310889.310900

https://ioc.exchange/@againsthimself/109696644157195062

Time Travelling Italian Midwife @DrFurfagMD

hol up the chinese are running cobalt strike on iphones gloxec.github.io/CrossC2/zh_cn/…

Zhuowei Zhang @zhuowei

(apologies to xkcd.com/1420/)

Timeline from 1990 to 2030 with two regions highlighted:
"API key max user limit" (ending in 2010)
(empty area between 2010 and just past 2020)
"API key revoked"

An arrow points to the empty area, with caption:
"Brief, glorious period in which Tweetbot was usable"

Guccifer is out of prison and giving interviews. I wouldn’t wish American prison on my worst enemy.

https://theintercept.com/2023/01/15/guccifer-interview-hacked-clinton-emails/

Claudio Tennie @CTennie

Let’s assume two neighbouring ape groups, 1 fishes for termites, while 2 dips for ants. This is ape culture. In the graphic you see six ape groups’ cultures. You might NOT have actually seen this graphic before. The graphic is from our recent paper: nature.com/articles/s4159… 1/n

Graphic from a new paper on ape culture. It shows six virtual ape group's cultural differences.

Xeno Kovah @XenoKovah

🧵1 @glitchnsec and I wanted to say thanks to the people whose CVE discoveries, vulnerability write-ups, and PoCs we used to create the material for #OST2 ost2.fyi/Vulns1001. So thanks go out to the following contributors…

ost2.fyiVulnerabilities 1001 Short URL Redirect

Daniel Cuthbert @dcuthbert

A threat intel firm hacking a .ru drug market to divert cash to Ukrainian efforts. holdsecurity.com/news/2023/01/s… Motive aside, this is still a very dodgy approach to take.

holdsecurity.comSolaris – Russian Drug Platform Exposed | Hold Security

Danny Palmer @dannyjpalmer

Ransomware has now become a problem for everyone, and not just tech My new @ZDNET Monday Opener on ransomware and why it can't be dismissed as just a computer thing - as seen with Royal Mail, attacks are regularly disrupting everyday services.

zdnet.comRansomware has now become a problem for everyone, and not just techRansomware attacks have rumbled on for years and show no signs of slowing down. It’s time we faced the threat head on.

thaddeus e. grugq 🌻 thegrugq@infosec.exchange @thegrugq

@dannyjpalmer @ciaranmartinoxf @ZDNET So ransomware is Tory?

Danny Palmer @dannyjpalmer

@thegrugq @ciaranmartinoxf Well, one could argue that ransomware is fundamentally based around an ideology of enriching the individual/small collective without much thought over how that impacts everyone else, which some could potentially class as your classic conservative economic model...

Internal Tech Emails @TechEmails

Bill Gates tries to install Movie Maker January 15, 2003

Internal Tech Emails @TechEmails

So You Want to Solve Python Packaging: A Practical Guide
First, the technical: Python is used by vastly different groups of people, some that don't identify as "developers". Those groups often have disparate expectations about how packaging should work. Some don't even know what a package is.

https://hachyderm.io/@stargirl/109697057391904145

Yep Yepsen @YepYepsen

@mdowd custom rules for uBlock origin like

github.comGitHub - robonxt/CleanYourTwitter: Adblock filters for Twitter. Removes Promoted Tweets, You Might Like, Who to Follow, What’s HappeningAdblock filters for Twitter. Removes Promoted Tweets, You Might Like, Who to Follow, What's Happening - GitHub - robonxt/CleanYourTwitter: Adblock filters for Twitter. Removes Promoted Tweets, ...

Citizen Lab @citizenlab

NEW REPORT: You Move, They Follow Uncovering Iran’s Mobile Legal Intercept System

citizenlab.caYou Move, They Follow: Uncovering Iran’s Mobile Legal Intercept System - The Citizen LabCitizen Lab examined a set of documents leaked to news outlet The Intercept that describe plans to develop and launch an Iranian mobile network, including subscriber management operations and services, and integration with a legal intercept solution. If implemented fully as envisioned, it would enab…

The Info Op

Discussion about this post