@francisck.com
I'm an infosec person who currently works as the CTO of a security services firm. Have done DevSecOps, Red Teaming, and reverse engineering. I reversed some of the tooling leaked by the Shadow Brokers and spoke about it publicly
I'm reading a bunch of Coruna reports after dinner because I am a cool person who knows how to party. Of particular interest: not only does Coruna not work against iOS in lockdown mode, but if it even detects lockdown mode running, it bails. This is why I talk about lockdown mode so damn much.
Here we go. Free, no-reg versions of favorite stories from my four years at the Washington Post. First, three pieces from our Pulitzer-finalist series on how India's ruling party coerced U.S. tech giants into violating their own policies. www.washingtonpost.com/world/2023/0...
OpenAI disrupted new malicious use of ChatGPT... mostly for romance scams and info-ops
openai.com/index/disrup...
Cisco said there are no workarounds for the vulnerability and urged customers to apply available patches immediately. The company also recommended reviewing system logs, validating controller integrity, and implementing additional hardening measures where possible.
www.csoonline.com/article/4137...
Iβm so sorry to hear that, Joe. Youβre one of the greats and it breaks my heart to see that you were laid off. Looking forward to seeing where you end up and where I need to subscribe next.
patch ye MongoDB, there's an exploit for a vuln which has been in the product for over a decade that allows the remote, unauth read of any memory - which includes plaintext creds.
Somebody posted an exploit on Christmas Day, Merry Christmas!
doublepulsar.com/merry-christ...
This channel started to get recommended to me recently. I watched a bit of one video, realized itβs AI generated, and then just removed the channel from my recommendations. Pretty crummy quality, and whoever is making this is just pumping a ton of content out.
HARDEN YO' N8N - [CVSS 10.0 RCE] Remote Code Execution via Expression Injection m.cje.io/4qhl2JX
cc: @networkchuck @danielmiessler @jhaddix
Yep, that also tracks with the data we have (owned by a large cyber insurer). Akira is by far the most active and impactful for our clients. Responsible for most incidents in Q3 for sure.
6 boxes of full sized candy bars, tiny stuffed Halloween themed toys, and hot wheels.
I may have gone overboard on the Halloween goodies this year
#halloween
This is one of my favorite sci-fi books and my fav Andy Weir book! I was cautiously excited when I saw they were making a movie
Yooooo idk what youβre talking about. That stuffed animal looks awesome!
Iβve been reading further and it seems like it was a third party provider who was like a business process outsourcer.
This is similar to the recent Air France and stellantis breaches but no idea if theyβre related.
I think this is probably Salesforce compromised via Salesloft drift?
It aligns with the salesloft drift stuff weβve seen. Most of the other parties were also using SalesForce for support ticketing and had salesforce auth tokens stolen from drift.
I encourage cybersecurity professionals to read this report to understand the type of capabilities that can be deployed against citizens at scale by autocratic regimes.
Organizations designing products that support privacy should understand these capabilities and design to protect users from them.
"The requirements for future development also mention adding the ability to check which users are connected to specific mobile base stations in order to support location triangulation through these stations and detect when a large number of people congregate in a particular area"
" It uses the in-path injection capability in TSG to effectively recruit unsuspecting users' computers to participate in the attack, thereby creating a botnet"
"however, a closer examination reveals that it is actually a platform for launching DDoS attacks against websites and other internet services deemed politically undesirable. This would appear to be Geedge's own implementation of China's Great Cannon, as described in a 2015 Citizen Lab report"
"TSG's in-path injection capability system allows for sophisticated targeting of this malicious code for the specific user, facilitating on-the-fly modifications across a variety of file formats [...] complemented by Cyber Narrator [...] hijack in order to infect specific individuals."
"TSG is also capable of modifying HTTP sessions in realtime through techniques such as spoofing redirect responses, altering headers, injecting scripts, replacing text, and overriding response bodies."
From the report:
"Cyber Narrator is a powerful tool capable of tracking network traffic at the individual customer level and can identify the geographic location of mobile subscribers in real time [..]. The system also allows the government client to see aggregated network traffic."
This report from @interseclab.bsky.social on how a Chinese company is exporting some of the capabilities of "The Great Wall of China" to other autocratic countries is INSANELY INTERESTING:
interseclab.org/wp-content/u...
*EVERY Page is worth reading*
Some interesting tidbits in the thread
Incredible work, Yael!
Plex was hacked. It included usernames, emails, and hashed passwords.
Change your passwords when you can,
#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/7
SentinelOne and Beazley Security have discovered a new Windows infostealer used in the wild named PXA Stealer, most likely the work of a Vietnamese-speaking cybercrime group.
www.sentinelone.com/labs/ghost-i...
labs.beazley.security/articles/gho...
I mean Iβve been urging people to toss their sonicwall devices into a shredder for years now π€·π»ββοΈ
Our team collaborated with our friends at @sentinellabs.bsky.social to identify and disrupt a PXA infostealer campaign that has an intricate and complex delivery chain:
labs.beazley.security/articles/gho...
Thanks for the fantastic collab SentinelLabs team!
Look forward to seeing you!!!