Mastodawn

finished reading A Song For The Void 🌕🌕🌕🌗🌑

A Song For The Void

A Mind Imprisoned Is The Greatest Of Hells. 1853. South China Sea. While on patrol between the Opium Wars, the crew of the steam frigate HMS Charger pursue

NeoDB Book

probably Feb 11

finished reading Reset 🌕🌕🌕🌕🌕

Reset

Bestselling author and renowned technology and security expert Ronald J. Deibert exposes the disturbing influence and impact of the internet on politics, t

NeoDB Book

probably Jan 11

started reading Ship of Gold in the Deep Blue Sea

Ship of Gold in the Deep Blue Sea

"White knuckle reading...with generous portions of adventure, intrigue, heroism, and high technology interwoven." -- Los Angeles Times Book Review This

NeoDB Book

probably Apr 11, 2024

BrianKrebs Apr 11, 2024

There is something potentially huge popping up now. Has to do with a compromise at business intelligence vendor Sisense. I'm hearing this is a supply chain attack affecting many millions of credentials and hundreds of tenants. This is a message the Sisense CISO just sent to customers.

probably Feb 21, 2024

BrianKrebs Feb 21, 2024

Heads up to people/orgs running ConnectWise ScreenConnect. There is a bad-as-it-gets bug being exploited right now that is basically no-tech hacking to gain remote admin access. Patch now if you haven't already.

ConnectWise's advisory on the vulnerabilities and exploitation is here:

https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8

A working proof of concept for this attack:

https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc

Huntress does a good job dissecting the ConnectWise advisory and showing the exploit in action.

https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass

https://www.youtube.com/watch?v=AWGoGO5jnvY

@wdormann sums up the technical capabilities needed to exploit this flaw:

"Apparently the exploit is to add a '/' to the end of the URI.
That's it."

https://infosec.exchange/@wdormann/111969450560709377

probably Jan 4, 2024

k3ym𖺀 Jan 2, 2024

Great write-up by @Kaspersky on Operation Triangulation, the 0-click iMessage attack which chained together four (now patched) zero-days as part of it's attack chain.

Read up on this incredibly sophisticated attack:
https://securelist.com/operation-triangulation-the-last-hardware-mystery/111669/

#cybersecurity #cti #zeroday #threatintel

Operation Triangulation: The last (hardware) mystery

Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs.

Kaspersky

probably Oct 21, 2023

Taiwan in Monochrome Oct 21, 2023

○○基地に於ける高砂義勇隊の活躍 National Taiwan University Library Collection https://dl.lib.ntu.edu.tw/s/photo/page/list #taiwan #taiwanhistory #taiwanphoto

照片出處 · 國立臺灣大學圖書館數位典藏館

probably Sep 29, 2023

Chris Clarke Sep 29, 2023

Well @riskybusiness definitely called it this week https://www.cbc.ca/news/politics/cyberattacks-parliament-india-1.6981399?cmp=rss

Cyberattacks hit military, Parliament websites as India-based group targets Canada | CBC News

The federal government is coping with cyberattacks this week, as a hacker group in India claims it has sowed chaos in Ottawa — but Canada's signals-intelligence agency says the "nuisance" attacks likely haven't put private information at risk.

CBC

probably Sep 23, 2023

Frank Bajak Sep 23, 2023

Researchers at Citizen Lab and Google uncover attempt to hack opposition Egyptian presidential candidate with spyware, say Egyptian govt likely to blame. It’s why Apple rushed to release a critical iOS update this week. https://apnews.com/article/6e5ab454bff94e1712c94b20b0756f7f

Leading Egyptian opposition politician targeted with spyware, researchers find

Security researchers say a leading Egyptian opposition politician was targeted with Predator spyware after announcing a president bid. They say it's highly likely Egyptian authorities were behind the hacking attempt. Its discovery by researchers at Citizen Lab and Google prompted Apple to rush out operating system updates for iPhones, iPads, Mac computers and Apple Watches to patch the vulnerability. Citizen Lab said in a blog post Friday that attempts beginning in August to hack former lawmaker Ahmed Altantawy involved configuring his connection on the Vodaphone Egypt mobile network to automatically infect his devices if he visited certain websites not using the secure HTTPS protocol.

AP News

probably Sep 23, 2023

Ollie Whitehouse Sep 23, 2023

Weekly analysis (attribution by others)

-🇷🇺 diplo 🎣 ops
-🇰🇵 ops in response to 🇰🇷 mil exercises
-🇰🇵 ₿ ops using n-day
-🇨🇳 📱 ops
-🇨🇳 telco ops in Middle East
-🇵🇰 ops in 🇮🇳
-🇮🇷 ☁️ ops
-🦹🏽‍♂️ ☁️ ops
-🦹🏻‍♀️ SMS 🎣 ops

plus off/def tradecraft analysis etc.

https://bluepurple.binaryfirefly.com/p/bluepurple-pulse-week-ending-september-b1f

Bluepurple Pulse: week ending September 24th

The amount of commercial mobile capability both on show and burnt this week is material..

Cyber Defence Analysis for Blue & Purple Teams

bird link	https://twitter.com/robstunkist
work on	https://www.threatable.io