July 16, 2022

Heather Adkins - Ꜻ - r00t folding team #258829 @argvee

Excited to announce the inaugural DHS CISA Cyber Safety Review Board’s findings on the Log4j event of 2021. There are important lessons here for the government, and the cybersecurity/software community as we come together to solve the big issues. 1/x

1:19 PM ∙ Jul 14, 2022

---

patrick wardle @patrickwardle

macOS malware often (ab)uses APIs such as NSCreateObjectFileImageFromMemory, NSLinkModule etc) to execute in-memory payloads. Apple has recently updated dyld3 (+these APIs), such that the in-memory payload is now first/always written out to disk 💾 See: github.com/apple-oss-dist…

3:32 PM ∙ Jul 15, 2022

---

The longer write up is here:

https://hackd.net/posts/macos-reflective-code-loading-analysis/

-

Allan “Ransomware Sommelier🍷” Liska @uuallan

This is how I have spent the last 6 months of my life. I am really excited with the results. Wine fraud is a much more pervasive problem than most people realize, and it is affects all types of wine drinkers. I'd love to hear your thoughts on the research.

share.postbeyond.comCounterfeit Wine, Spirits, and Cheese | Recorded FutureIs what you’re consuming genuine? Explore the evolving trillion-dollar criminal landscape of Counterfeit Wine, Spirits, and Cheese products – that pass as real.

1:51 PM ∙ Jul 15, 2022

---

-

Military Pigeons @MilitaryPigeons

Pigeons in the Iraq War

pigeonsofwar.wordpress.comPigeons in the Iraq WarWhen people think of military pigeons, they usually associate them with a bygone era. It may come as a shock to many to learn that pigeons were actually used by the United States military in …

10:31 AM ∙ Jul 15, 2022

---

-

Cat Damon @CornOnTheGoblin

[stopping the tattoo artist 15 seconds into my "feel no pain" tattoo] ok so you're gonna laugh

7:45 PM ∙ Nov 8, 2021

---

The Glasshouse Center @GlasshouseCtr

Recording of today's call featuring the Belarusian Cyber-Partisans (@cpartisans) and Yuliana Shemetovets (@yuliana_shem)

youtu.beOpenCall: Friday Hangout 2022/07/15 featuring the Belarusian Cyber-Partisans and Yuliana ShemetovetsGlasshouse Session - 2022-07-01Broadcasted live on Twitch -- https://www.twitch.tv/theglasshousectrNotes Doc: https://docs.google.com/document/d/1B29Ijd0j10G...

4:04 PM ∙ Jul 15, 2022

---

-

SC Media @SCMagazine

Ukraine’s cyber agency tracks ‘significant increase’ in malware-directed attacks bit.ly/3c9CO17 #cybersecurity #infosec

1:00 AM ∙ Jul 15, 2022

---

-

David Weston (DWIZZZLE) @dwizzzleMSFT

I'm late on learning about Firebloom but it's really cool - saaramar.github.io/iBoot_firebloo… Yes, Rust and memory safe systems languages are the hotness but you can do a lot to make an existing C-based measurably safer @AmarSaar @radian

saaramar.github.ioIntroduction to Firebloom (iBoot)

9:19 PM ∙ Jul 15, 2022

---

-

Brad Arkin @bradarkin

I wanted to read the new Council for Foreign Relations report about the fragmented Internet (cfr.org/report/confron…). For reasons that are too annoying to get into, I was using a proxy in Amsterdam. This is what got served up. A bit on the nose, eh?

4:20 PM ∙ Jul 15, 2022

---

-

Alex Gantman @againsthimself

Worth a read for the methodology and a sobering example of an AF1 threat model. - Encrypted Comms are LoA3 (extremely grave consequences; existential risk to the USG) - Flight Controls are LoA2 (grave consequences; redundant capabilities available for continuity of operations)😬

NSA Cyber @NSACyber

We created guidance to clearly characterize threats and risks to custom microelectronic components used in Department of Defense systems. Read more on how to apply three levels of hardware assurance to protect applicable DoD systems. https://t.co/q7wmf8bUZG https://t.co/9BcOGjeQRI

8:29 PM ∙ Jul 15, 2022

---

-

Jimmer Cork-Bottle @JimmerThatisAll

I would walk barefoot over hot koalas for you.

10:03 AM ∙ Sep 22, 2013

---

-

Dave Barry: Fellow Floridians, beware of toilet lizards and rising iguana aggression

https://www.miamiherald.com/living/liv-columns-blogs/dave-barry/article263508388.html

-

Ukrainian Memes Forces @uamemesforces

5:56 PM ∙ Jul 15, 2022

---

-

OPSEC

shoshana wodinsky (she/her) @swodinsky

well i guess i'm pinning this

gizmodo.comHow to Get an Abortion in the Age of SurveillanceWith a burner phone and some awareness of geofencing, you can conceal yourself from for-profit data brokers who would spy on your health.

4:28 PM ∙ Jun 24, 2022

---

-

Lúcás Meier @cronokirby

This week I wrote a basic explainer on a few fundamental topics in cryptography. While this might be useful to people staring out, I think that even advanced cryptographers might also notice something very interesting with this post. Let me know if see it.

cronokirby.comBasic Cryptography Without Fluff - Cronokirby- Read more: https://cronokirby.com/posts/2022/07/basic-cryptography-without-fluff/

9:27 AM ∙ Jul 16, 2022

---

-

FLUNKING THE NEW YORK TIMES TEST: MAKING SENSE OF RUSSIAN “COVERT” ACTION

https://mwi.usma.edu/flunking-the-new-york-times-test-making-sense-of-russian-covert-action/

-

DanBardak @DanBardak

I love🥰 german humor😂👍 GASPUTIN summer hitsong❗

8:48 AM ∙ Jul 14, 2022

---

-

Aristotle Tzafalias @Aristot73

cool overview "Decade Retrospective: The State of Vulnerabilities - Trustwave" h/t @campuscodi's news letter the conclusion... 🤔 "Cybersecurity solutions have seen major progress over the years and are in great shape to face what is yet to come." trustwave.com/en-us/resource…

trustwave.comDecade Retrospective: The State of VulnerabilitiesTrustwave team believed this was a suitable time to take a minute and review some of the watershed moments that had a major impact on cybersecurity between 2011 and 2021.

8:16 AM ∙ Jul 16, 2022

---

-

Rob Joyce, director of cybersecurity at NSA, used his official account to tweet a formula joke about Ghidra. This is what community outreach looks like and it is weird.

Rob Joyce @NSA_CSDirector

She’s a 10 **because** she uses Ghidra!

chompie @chompie1337

she’s a 10 but she uses Ghidra

10:26 AM ∙ Jul 16, 2022

---