May 25, 2022

May 25, 2022

An airline in India is suffering a ransomware attack. The interesting thing is that passengers trapped on planes that cant take off are tweeting from the runway. They are directly engaging and putting pressure on the company. This is an interesting dynamic that hasnt been explored in cyber extortion. It opens new perspectives on possible ways to force a company to pay a ransom.

thaddeus e. grugq 🌻 @thegrugq

There’s an entire CONOP here to explore. Using impacted regular people as a lever to pressure a victim… compellence via public outcry, it works for other situations. https://t.co/uG6Kx9yOxv

HostileSpectrum @HostileSpectrum

It is highly likely that .in SpiceJet ransomware incident will spark copycat attempts against larger aviation sector entities. Leverage of frustrated passengers stranded by disrupted flight ops much magnifies extortion demands, breaking through media noise better than hack & leak

-

Bugs.

Pietro Borrello @borrello_pietro

Join me and @0xhilbert as we will present the first CPU *architectural* bug, from one of the major vendors, able to leak data without even using a side channel or any transient execution attack! ✨ blackhat.com/us-22/briefing… 🧵 2/4

-

Security mitigation turns out to be not so useful.

grsecurity @grsecurity

Tetragone: A Lesson in Security Fundamentals

grsecurity.netgrsecurity - Tetragone: A Lesson in Security FundamentalsIn this blog post, we take the reader on a journey through a bypass of a new eBPF-based observability and mitigation tool named Tetragon, developed in the two hours after the tool was first set up, as a hopefully instructive lesson on the importance of security fundamentals.

-

This is an… thing, I guess.

stacksmashing @ghidraninja

Symbian is open-source again!

github.comSymbian Source CodeFinal repositories from the defunct Symbian Foundation - Symbian Source Code

-

XMPP smuggling in Zoom leads to RCE — fixed since May 18.

https://bugs.chromium.org/p/project-zero/issues/detail?id=2254

-

More cool research.

Synacktiv @Synacktiv

Following the talk from @abu_y0ussef, @netsecurity1 and @cleptho in Vancouver at @CanSecWest 2022, you can find here the material behind their research: Blogpost: synacktiv.com/en/publication… Slides: synacktiv.com/sites/default/… Github:

github.comGitHub - synacktiv/canon-mf644Contribute to synacktiv/canon-mf644 development by creating an account on GitHub.

-

Crypto. Fraud. Scam. Hilarity

More Butter 🧈 @morebuttertv

Seth Green’s Bored Ape NFT, which was set to star in its own animated show, was stolen through a phishing scam. Green no longer owns the commercial rights to the NFT and thus the show cannot move forward. 🔗: buzzfeednews.com/article/sarahe…

-

Charlie W. @beelze_BUBBLES

-

You want to know more about the limits of modern artillery. You read this article.

https://www.fieldartillery.org/news/no-more-paris-guns-the-end-of-cannon-artillery

-

Old news but interesting use of deception. Something I always find fascinating.

https://apnews.com/article/middle-east-israel-lebanon-hezbollah-b1510235f6c84854b5a09685041925dc

-

I am become Life. @MikePerryavatar

I'm paraphrasing, but there was a line in Mark Bowden's book Black Hawk Down like "Mogadishu was a city that looked as if everything that could be accomplished by men with guns had already been accomplished." I heart that so much.

-

Prof Bent Flyvbjerg @BentFlyvbjerg

MORE ON POWER #BIAS There is a tension between #power and #rationality in any #organization. Power doesn't want to be limited by rationality, but will encourage rationality that serves its purposes ... Read more here:

linkedin.comProf. Bent Flyvbjerg on LinkedIn: MORE ABOUT POWER BIAS There is a tension between power and rationality | 13 commentsMORE ABOUT POWER BIAS There is a tension between power and rationality in any organization. Power generally does not want to be limited by rationality... 13 comments on LinkedIn

-

Great points.

Randy Marchany @randymarchany

I've been asked why I have a different approach to cyber defense. Here's one of the reasons why. I blame Spaf (@TheRealSpaf) 😀 cerias.purdue.edu/site/blog/post… @educause @SANSDefense

cerias.purdue.eduSolving some of the Wrong ProblemsThe Center for Education and Research in Information Assurance and Security (CERIAS) is currently viewed as one of the world’s leading centers for research and education in areas of information and cyber security that are crucial to the protection of critical computing and communication infrastructu…

-

The cost of false positives is higher than defense system designers realise.

Karsten Hahn @struppigel

Detection technology research papers consistently misunderstand how much more impact a false positive has compared to false negatives. They often get equal weight. Sometimes false positives are even ignored.

Discussion about this post

No posts

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts