July 20, 2022

Ryanair Flight FR4978

The report on Belarus’ rerouting Ryanair flight FR4978 to abduct an activist is now out.

https://www.icao.int/Security/Pages/FFIT.aspx

Report PDF:

https://www.icao.int/Security/Documents/Ryanair%20FR4978%20FFIT%20report.pdf

-

-

matty hutson @MattHutson

My mum busted a cyber crimer

7:40 PM ∙ Jul 18, 2022

---

-

TeamViewer installs suspicious font only useful for web fingerprinting

https://www.ctrl.blog/entry/teamviewer-font-privacy.html

-

Lorenzo Franceschi-Bicchierai @lorenzofb

NEW: Google found a malicious Android app that was disguising as an app for Ukrainians to launch DDoS attacks against Russian sites. In reality, the app was malware designed to indentify and track Ukrainians.

vice.comRussia Released a Ukrainian App for Hacking Russia That Was Actually MalwareGoogle researchers said the app was designed to figure out who may want to use this kind of app.

3:38 PM ∙ Jul 19, 2022

---

-

Ragıp Soylu @ragipsoylu

Now viral on Turkish social media: Turkish intel chief Fidan is spying on his colleague Altun’s phone this evening during a presser by Erdogan, Putin and Raisi in Tehran

7:17 PM ∙ Jul 19, 2022

---

-

Haifei Li @HaifeiLi

In no joking:), I discovered like 17 RCE bugs all in a SINGLE attack surface in Windows, which proved one point I've been talking about for a while. Thread.

Haifei Li @HaifeiLi

Looking forward to the new MSRC t-shirt to fill the summer cloth shortage & fight inflation. https://t.co/qmzuWE0q9r

6:25 PM ∙ Jul 19, 2022

---

-

Musical Instruments with Chaotic Auras @MusicalChaotic

You’ve heard of the violin, now get ready for the violence

4:05 PM ∙ Jul 19, 2022

---

-

Katie Nickels @likethecoins

I discussed some of the many group naming challenges in this webcast, in case it's helpful:

youtube.comMaking Order out of Chaos: How to Deal with Threat Group Names | STAR WebcastCozy Bear or APT29? Carbanak or FIN7? Lazarus or HIDDEN COBRA? For years, analysts have been frustrated by different threat group naming conventions. Efforts...

4:37 PM ∙ Jul 19, 2022

---

-

switched @switch_d

Justice Department Seizes and Forfeits Approximately $500,000 from North Korean Ransomware Actors and their Conspirators | OPA | Department of Justice justice.gov/opa/pr/justice…

6:19 PM ∙ Jul 19, 2022

---

-

Figen @TheFigen

Very cool!

6:52 PM ∙ Jul 18, 2022

---

-

Bret Devereaux @BretDevereaux

So I was thinking about Roman age/gender terminology (boy vs. man, etc) and it occurs to me that today's supposed 'extended adolescence' is really just the reemergence of something I think about as 'graduated adulthood.' So let's take a trip through Roman age/gender words! 1/

9:36 PM ∙ Jul 18, 2022

---

-

Kath N @kathsnc

The 4yo has just told me that 5 plus 4 is 54, and I don’t have the heart to tell her she’s now a Javascript programmer.

8:24 AM ∙ Jul 18, 2022

---

-

Dave Aitel @daveaitel

I feel like this Predatory Sparrow of 78G of email dumped from an Iranian Steel company is another good data point when it comes to the "total gigs of email" any midsize company has vs. "how much bandwidth any midsize company has in comparison" exfiltration curve.

12:17 AM ∙ Jul 20, 2022

---

-

Directoratul Național de Securitate Cibernetică @DNSC_RO

🇨🇳Belgium denounces malicious cyber activities from Chinese hacker groups known as APT 27, APT 30, APT 31 and UNSC 2814/GALLIUM/SOFTCELL that targeted the Belgian Defence and FPS Interior. They urge Chinese authorities to take action against these groups. diplomatie.belgium.be/en/news/declar…

diplomatie.belgium.beChina: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action agains…Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors.

7:07 AM ∙ Jul 19, 2022

---

-

Gators Daily 🐊 @GatorsDaily

WORK SMARTER NOT HARDER

12:00 AM ∙ Jul 20, 2022

---

-

Nice trick used to figure this out too.

John David Pressman @jd_pressman

What I thought OpenAI was doing: Guiding the prior to increase aesthetics, content filter and "de-bias" What OpenAI is actually doing: Tacking on "black" and "female" at random to prompts months after initial public access

Richard Zhang @rzhang88

@waxpancake @minimaxir @ByFrustrated Very neat trick to tease this out. Reproduced: - https://t.co/KnEn0FcyuR - https://t.co/a8uW7PYKJS - https://t.co/Xp91j5IO57 I cherry-picked from ~8 generations, since #dalle #dalle2 is adding a different set of word(s) for each generation https://t.co/VeF262sESn

10:37 PM ∙ Jul 19, 2022

---

-

101 East @AJ101East

Exclusive: 101 East exposes a web of Chinese fugitives and criminals linked to Cambodia’s most powerful. Thousands of victims enslaved, tortured and forced to commit online scams worth billions. Out now: aje.io/cyberslaves

8:10 AM ∙ Jul 14, 2022

---

Article:

https://vodenglish.news/underground-group-chat-teems-with-human-trafficking-ads/

-

Lord Hugh Mungus @PoodleSnarf

If you would have told me when I was five that I would have to go to a place and be frustrated for 40 hours every week I would have stuck with my plan to become a dinosaur

12:42 PM ∙ Jul 19, 2022

---

-

Objective-See @objective_see

Excellent writeup published by @ESETresearch / @marc_etienne_ on "CloudMensis" 🍎👾 ...a new macOS backdoor that "uses cloud storage as its C&C channel and to exfiltrate documents, keystrokes, and screen captures"👀 welivesecurity.com/2022/07/19/i-s…

welivesecurity.comI see what you did there: A look at the CloudMensis macOS spyware | WeLiveSecurityESET uncovers CloudMensis, a macOS backdoor that spies on users of Mac devices and communicates with its operators via public cloud storage services.

11:28 AM ∙ Jul 19, 2022

---

-