June 9, 2022

A userland rootkit is pretty weak. There are some easy ways to detect it. The simplest is to just use a staticky linked binary, like busybox, rather than the utilities on the compromised box. Honestly, I thought this was standard practise, so I’m a bit surprised that a userland rootkit can defeat live forensics.

Intezer @IntezerLabs

Alongside @BlackBerry we just released joint research detailing a new, undetected Linux threat called #Symbiote Different from other Linux malware, the threat infects running processes rather than using a standalone executable file to inflict damage

intezer.comSymbiote: A New, Nearly-Impossible-to-Detect Linux ThreatSymbiote is a new Linux® malware we discovered that acts in a parasitic nature, infecting other running processes to inflict damage on machines.

12:14 PM ∙ Jun 9, 2022

---

-

Big SIGINT energy.

“People were asking ‘Well you know, I’m not sure we’re seeing a dip in ransomware, how do you know this; can you show me?' I would just say: how did we know? Really? We’re NSA,” said Joyce, alluding to the agency’s core mission of collecting signals intelligence. “We heard them say they can’t get their money out. We heard them say that they can’t buy infrastructure.

https://www.scmagazine.com/analysis/rsac/nsa-cyber-chief-says-there-has-been-enormous-amount-of-hacking-in-ukraine-war

-

Greg Linares has escaped #RSA @Laughing_Mantis

If you don't have "attackers physically targeting your employees home networks/hardware in order to gain access to their employer" in your game plan, let me tell you: You should.

6:45 AM ∙ Jun 8, 2022

---

-

-

Matthijs R. Koot @mrkoot

Dueling over Dual_EC_DRBG: The Consequences of Corrupting a Cryptographic Standardization Process (0.6MB .pdf, 8 June 2022, 61 pages) harvardnsj.org/wp-content/upl… re: NIST By @NadiyaKostyuk & Susan Landau, published in Harvard Law School's NatSec Journal (@harvardnsj). /c @thegrugq

1:28 PM ∙ Jun 8, 2022

---

-

Lukasz Olejnik @lukOlejnik

“combatant who conducts defensive cyber operations may be the object of a lethal attack (e.g., an airstrike)”. Defending systems during wartime may have some curious implications. Yes: defending … lieber.westpoint.edu/private-compan…

6:06 AM ∙ Jun 8, 2022

---

-

Cataleya (She/Her) @CataleyaVi

Cats be like👀

9:34 PM ∙ Jun 7, 2022

---

-

Erin L. Thompson @artcrimeprof

In 1572, "making his Low Obeisance to Queen Elizabeth [the Earl of Oxford] happened to let a Fart, at which he was so abashed and ashamed that he went to Travell, 7 yeares. On his return, the Queene welcomed him home and says, My Lord, I had forgott the Fart."

2:53 PM ∙ Jun 8, 2022

---

-

Do yourself a favour and read this thread. It is a wonderful journey.

Christopher W. Jones @cwjones89

Today I am going to tell you about a legal term from real estate transactions in the Middle East dating back 2,800 or more years. The term is bētu epšu adi gušūrīšu. “A built house along with its beams.” Legal conventions have a way of sticking around over time.

2:09 PM ∙ Jul 8, 2020

---

-

Dr Kate Compton @GalaxyKate

Sure, you could post on Stack Overflow, OR pay 10% of your salary for a 20 person off-broadway production of "cryptodaddy47, You Are Wrong About C Pointers (and Everything Else)"

10:18 PM ∙ Jun 8, 2022

---

-

switched @switch_d

“The program continues to track a cybersecurity vulnerability risk stemming from the F-15EX design, derived from FMS aircraft and, according to the program, not designed to U.S. Air Force cybersecurity requirements”

breakingdefense.comGAO finds delays in major weapons programs, broad cybersecurity worries - Breaking DefenseGAO found delays in more than half of the programs it studied. Also, 4-pound birds are a problem.

12:48 AM ∙ Jun 9, 2022

---

-

The Life Of Sharks @thelifeofsharks

12:03 PM ∙ Jun 8, 2022

---

-

raptor @0xdea

Awesome writeup by @SonarSource 👍 Horde Webmail - Remote Code Execution via Email blog.sonarsource.com/horde-webmail-…

blog.sonarsource.comHorde Webmail - Remote Code Execution via EmailWe discovered vulnerabilities in Horde Webmail that allow an attacker to execute arbitrary code on Horde instances by having a victim open an email

5:54 AM ∙ Jun 9, 2022

---

-

Peter C @itspeterc

Disclosing an unfixed Google Cloud Platform (GCP) vulnerability as the 90-day remediation deadline has passed: Cloud Functions or Cloud Run launched from any GCP organization can bypass Google Kubernetes Engine (GKE) Authorized Networks (aka Kubernetes control plane firewalls) 🧵

4:06 PM ∙ Jun 7, 2022

---

-

Highly recommend reading Seriously Risky Business today.

Srsly Risky Biz: Thursday June 9

-

Mykhailo Fedorov @FedorovMykhailo

Starlink Ukraine received an operator license. Actually it’s #1 in Ukrainian Register of providers of electronic communication networks and services. The representative office of @SpaceX is about to start working in Ukraine!

8:41 AM ∙ Jun 9, 2022

---

-

I wouldn’t bet on it.

Barak Ravid @BarakRavid

Scoop: Israel presses U.S. to remove cyber spying company NSO from blacklist. My story on @axios

axios.comIsraeli officials push U.S. to remove NSO from blacklistReports emerged last year that found NSO’s Pegasus software had become a tool for governments to spy on journalists and critics.

8:47 AM ∙ Jun 9, 2022

---

-

Wolfie Christl @WolfieChristl

In 2011, FB renamed its 'privacy policy' to 'data policy'. While the extreme depth+scale of its global surveillance machine doesn't change, FB/Meta now announced to rename it back to 'privacy policy'. The new policy (effective July) is a complete rewrite:

about.fb.comHere’s What You Need to Know About Our Updated Privacy Policy and Terms of Service | MetaWe’ve rewritten and re-designed our Privacy Policy to make it easier to understand and clearer about how we use your information.

10:09 AM ∙ May 27, 2022

---

-

This is evil and incompetent. \o/

Ki @KibyDesign_

Got a email from my job saying all employees get a $30 gas card to alleviate high gas prices (we are required to drive clients around). Why when I went to sign up it sent me another email saying I was phished by my tech department as a tester and then got assigned training???🥲💔

6:04 PM ∙ Jun 8, 2022

---

-

Great stuff in here.

B. A. Friedman @BA_Friedman

My series on reconnaissance-strike tactics and maneuver warfare for the Marine Corps Gazette is available in its entirety online. (Not paywalled) Links in thread. @MCA_Marines

2:07 PM ∙ Jun 9, 2022

---