- The Grugq's Newsletter
- Posts
- February 15, 2023
February 15, 2023
every new word of this tweet took me on a journey.
— Tyler Dinucci!! (@TylerDinucci)
4:48 AM • Feb 14, 2023
-
Criminals will start wearing extra prosthetic fingers to make surveillance footage look like it's AI generated and thus inadmissible as evidence.
— Dan (@bristowbailey)
4:11 PM • Feb 13, 2023
-
The team has just published a video that shows them breaking into a device manufactured by OneKey, a Hong-Kong based firm that has raised $20 million in venture capital and that describes its product as an “open source wallet trusted by millions.”
-
Almost all of the public exploits for ManageEngine's CVE-2022-47966 rely on getRuntime().exec(). This behavior will get an attacker caught by any half-decent security solution. So I put together a blog that demonstrates how an attacker can exploit this vulnerability without getRuntime(), stay in memory, and evade current detections.
-
A curated list of falsehoods programmers believe in
You won’t believe number 7!
-
-
If you missed the between two nerds yesterday, you should really check it out.
All the @riskybusiness podcasts are essential listening if you want to understand cyber industry and government policy
And @tomatospy and @thegrugq are two of the leading public analysts on cyberwarfare tactics. I didn’t agree with everything they said but about 90% is dead on
— Dmitri Alperovitch (@DAlperovitch)
12:21 AM • Feb 15, 2023
Link here:
-
This is an amazing story, about which I have some thoughts…
This @haaretzcom story adds more. It turns out that this group swindled Israeli Intel out of hundreds of thousands of dollars for useless or faked ‘info’
— Marc Goldberg (@MarcGoldberg111)
5:43 AM • Feb 15, 2023
-
Should companies be responsible for cyberattacks? @CISAgov thinks so – and frankly, @Google agrees. Read mine and @Kent_Walker's argument in response to @CISAJen's op-ed in @ForeignAffairs security.googleblog.com/2023/02/the-us…
— Royal Hansen (@royalhansen)
6:10 PM • Feb 13, 2023
-
My oil painting of the Taco Bell Mexican Pizza
— Noah Verrier (@NoahVerrier)
1:13 PM • Feb 14, 2023
-
Fans banned from Europa Conference League match amid Moldovan fears of Russian coup
Clever idea actually. Use saboteurs disguised as football hooligans who then attack buildings and seize control under cover of a football game.
-
I built a headlamp that’s also a projector so your shows are always in your line of sight.
— Unnecessary Inventions (@mattyxb)
3:00 PM • Feb 13, 2023
Wait...why does @Apple already have a patent for this?
— Unnecessary Inventions (@mattyxb)
11:03 PM • Feb 14, 2023
-
“any app can be a dating app if you use it wrong”
— ✨V✨ (@coolauntV)
11:25 PM • Feb 14, 2023
how it started 🦉 how it's going 💒
— Duolingo (@duolingo)
2:54 PM • Feb 14, 2023
-
Apple splats zero-day bug, other gremlins in macOS, iOS
Not much info on this, but (1) WebKit type confusion gives RCE, (2) actively exploited in the wild, (3) credit appears to be given to Citizen Labs. Strongly suggests that some spyware vendor had to spend time and money integrating a replacement iOS 0day into their system.
-
Reply