- The Grugq's Newsletter
- Posts
- February 7, 2023
February 7, 2023
Hackers are mass infecting servers worldwide by exploiting a patched hole
Today’s reminder that patch availability is not directly correlated to the end of an exploit’s utility.
The persistent belief that 0days must be reported to vendors immediately to “improve security for everyone” is based on a fantasy. The reality is that reporting bugs simply increases the quantity and diversity of exploits available to all threat actors.
In the ideal world when a bug is reported to a vendor they prioritise it and quickly fix it. Then when the patch is released, everyone immediately patches their software, rendering the vulnerability completely harmless. And there are unicorns.
But we live in reality, where bugs sit in vendor’s bug trackers for months (or years), and patches are applied on only some boxes. In reality when a patch (and maybe vulnerability announcement) is released it is the threat actors who pay attention.
The problem is simple: Applying patches is tedious. Exploit development is fun.
-
-
-
Interesting Scrolling attack😂
Interessante Attaque avec le touchScreen 😂#CyberSecurity#cybersecurite
source : linkedin.com/posts/ali-farh…
— 5t3ph4n3 -=BeBoX=- #open to work (@BeBoXoS)
9:28 PM • Feb 5, 2023
-
BREAKING: FTX is sending letters to politicians who received donations from FTX to return the money they received.
There was not a list of the politicians they gave money to, and the amounts.
Until now.
See it here:
unusualwhales.com/politics/artic…— unusual_whales (@unusual_whales)
9:01 PM • Feb 5, 2023
-
3d printer does homework that ChatGPT wrote … 🔥
Kids in school have it so easy these days.😂
— Wall Street Silver (@WallStreetSilv)
9:05 PM • Feb 3, 2023
-
one of the ideas i've been playing around with since i started at @GreyNoiseIO is how to communicate to people that the internet has a hum that is periodic, and when the frequencies are out of balance pay attention because something interesting might be happening
— kimber ✨ (@kimb3r__)
8:17 PM • Feb 6, 2023
-
Tsunami: Asteroid Impact
Video simulation of the tsunami that killed the dinosaurs.
-
2014 I wrote 'Introduction to Anti-Fuzzing: A Defence in Depth Aid' which @FidgetingBits & I worked on.
Fast fwd 2023 an academia paper has just been published 'No-Fuzz: Efficient Anti-fuzzing Techniques'
link.springer.com/chapter/10.100…
no ref == no href.
— Ollie Whitehouse (@ollieatnowhere)
7:02 AM • Feb 7, 2023
-
Yeah but with inflation that’s only really worth $588 million to $934 million in today’s dollars.
— thaddeus e. grugq [email protected] (@thegrugq)
10:36 AM • Feb 7, 2023
@thegrugq I haven't read the article but how I'm surprised this is such big news when @chainalysis published a similar nurmber a week ago?
— Henrik Moltke (@DRMoltke)
10:04 AM • Feb 7, 2023
-
No restructuring of the Business Department will ever match the moment in 2005 when it was nearly renamed the Department of Productivity, ENergy, Industry and Science. Or PENIS for short.
— Robert Hutton (@RobDotHutton)
8:15 AM • Feb 7, 2023
-
Reply