Jan 20, 2023

Exploiting null-dereferences in the Linux kernel

https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html

-

What not to say on your security clearance application.

https://milk.com/wall-o-shame/security_clearance.html

-

US spies lag rivals in seizing on data hiding in plain sight

https://apnews.com/article/politics-russia-government-ukraine-china-us-central-intelligence-agency-6ed827c92bfbdca0c033483b5cc28d9d

-

Test if an account signup is legitimate by comparing the email to the pwned or not email list. This can establish an email address’s age, e.g. “at least as old as the 201X breach.”

https://www.troyhunt.com/pwned-or-bot/

-

Matthijs R. Koot @mrkoot

RAND: Outsmarting Agile Adversaries in the Electromagnetic Spectrum (2023) rand.org/pubs/research_… Report (.pdf, 174pp) rand.org/content/dam/ra… "Cognitive EW capabilities" = use of ML to enable USAF platforms to learn, reprogram, adapt, & counter EW threats in flight.

5:18 PM ∙ Jan 19, 2023

---

-

Alex Johnson @AlexH_Johnson

OMFG Wells Fargo gets into huge legal trouble so often that it has started talking about it as a category of regular operational expense in its earnings. Here's the CFO explaining how operating losses due to legal problems were down $2.3 billion between September and December.

11:01 PM ∙ Jan 19, 2023

---

-

Dhiyaneshwaran @DhiyaneshDK

CVE-2022-47966: ManageEngine RCE 🔥 Nuclei Template : github.com/projectdiscove… @pdnuclei Shodan Query: title:"ManageEngine" #pdresearch #nuclei #hackwithautomation #bugbounty

8:37 PM ∙ Jan 19, 2023

---

-

mdowd @mdowd

Finding bugs that turn out to be useless can be demoralising but usually finding those means you’re on the right track! Remember: The road to exploitable bugs is paved with unexploitable bugs

2:00 AM ∙ Jan 20, 2023

---

-

Chris Inglis @ncdinglis

Today I welcomed members of the cybersecurity research community to the White House.  These subject matter experts are key to addressing cybersecurity threats and their contributions to our defense are valuable and valued.   

whitehouse.govReadout of Office of the National Cyber Director Meetings with Cybersecurity Researchers | ONCD | The White HouseThis afternoon, the Office of the National Cyber Director (ONCD) hosted cybersecurity researchers as part of an afternoon of programming to share key initiatives in the Biden-Harris Administration cybersecurity agenda. National Cyber Director Chris Inglis and Federal Chief Information Officer Clare…

11:45 PM ∙ Jan 19, 2023

---

-

Zuk @ihackbanme

The recent WhatsApp accounts takeover is simple and genius. This is how it works: You're sleeping. A "hacker" tries to login to your account via WhatsApp. You get a text message with a pincode that says "Do not share this". You don't share it, yet you still get hacked. How?

9:56 PM ∙ Jan 19, 2023

---

Zuk @ihackbanme

The attacker clicks on the option that the SMS didn't arrive and asks for a verification by phone. WhatsApp call you. You're sleeping. It goes to Voicemail. The voicemail stores the automated voice with the pincode that the attackers are trying to obtain.

9:56 PM ∙ Jan 19, 2023

---

Zuk @ihackbanme

Next, the attackers check your voicemail simply by trying the default pincode which is the last four digits of your cellphone number in many carriers. Then they can log in to YOUR WhatsApp.

9:57 PM ∙ Jan 19, 2023

---

-

how to completely own an airline in 3 easy steps

https://maia.crimew.gay/posts/how-to-hack-an-airline/

EXCLUSIVE: U.S. airline accidentally exposes ‘No Fly List’ on unsecured server

https://www.dailydot.com/debug/no-fly-list-us-tsa-unprotected-server-commuteair/

-

Graeme Coleman @graemecoleman

Hello, my name is Graeme, I have a PhD in computing, and I am a senior accessibility consultant, but when I want to type "é" on a Windows laptop I go to Beyoncé's Wikipedia page and copy/paste the letter from there.

4:11 PM ∙ Feb 20, 2019

---

-

b1ack0wl @b1ack0wl

🙃

BleepingComputer @BleepinComputer

T-Mobile says hackers stole data on 37 million customers - @serghei https://t.co/UbIzXYYarU

12:59 AM ∙ Jan 20, 2023

---

-

Ciaran Martin @ciaranmartinoxf

Really interesting (& encouraging?) report from @chainalysis - ransomware payments down in 2022 Caveats aplenty, but their reason: “we believe that much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers Brilliant if true and/but 1/3 https://t.co/oWFfBw2vlR

J. Burns Koven @JBurnsKoven

After years of back-to-back record-setting ransomware payouts, 2022 stands apart.  Our data shows a steep – 40% — drop in ransomware payments.  There’s multiple factors to consider: 🧵 https://t.co/cUwYDoA8lR

9:18 AM ∙ Jan 20, 2023

---

Jamie MacColl @jamiemaccoll

@ciaranmartinoxf That statistic is only using coveware’s data. Although they have significant share of ransomware recovery/negotiations/payment market they’ve taken a much stronger stand against clients paying in cases of data extortion than some other firms.

9:40 AM ∙ Jan 20, 2023

---

-

This was clever. A programmatic ad company bought ad slots in mobile apps to abuse. They pushed JavaScript to the ad slot which loaded and played 25 video ads stacked on top of each other in that one slot. So they got paid 25x for each ad slot they bought. Which was a lot. Targeting 1700 apps across 11 million devices and peaking at 12 billion ads per day.

https://www.humansecurity.com/newsroom/human-orchestrates-unprecedented-private-takedown-vastflux

-