- The Grugq's Newsletter
- Posts
- March 28, 2023
March 28, 2023
I wrote about this issue earlier this year when Twitter complied with India's demands to censor a BBC doc. It laid bare the obvious reasons why Musk's argument that free speech "matches the law" just doesn't make sense, especially on a global platform.
— Sarah McLaughlin (@sarahemclaugh)
2:43 PM • Mar 27, 2023
-
-
The infosec community is increasingly becoming the cybersecurity industrial complex.
Team Cymru gets netflow data from ISPs to track malware and hackers. It's now giving that info the FBI so that they can surveille you without a warrant.
— Robᵉʳᵗ Graham (@ErrataRob)
12:30 AM • Mar 28, 2023
-
BREAKING: Biden White House issues executive order on commercial spyware.
Also confirms over 50+ USG personnel suspected targeted w/#Pegasus
Huge deal, let me break the new #SpywareEO down. 1/
— John Scott-Railton (@jsrailton)
4:02 PM • Mar 27, 2023
Biden’s spyware executive order gets mostly good reviews. A look at the reactions to the executive order, by @timstarks (w/ @ddimolfetta)
— Aaron Schaffer (@aaronjschaffer)
11:09 AM • Mar 28, 2023
-
If you're running the GoAnywhere MFT file-sharing service, you need to start rolling out #IncidentResponse now.
🔍 Check if the Admin Page is publicly exposed
🖥 Check your logs for exploitation
🔐 Rotate passwords and isolate the Admin Page#DFIR#ransomware#breach
— Josh Lemon (@joshlemon)
3:34 AM • Mar 28, 2023
-
Why does it sound like the East Belfast UVF have hired Deloitte?!
m.belfasttelegraph.co.uk/sunday-life/ne…— Cathal Malone (@cathalmalone)
7:42 PM • Mar 26, 2023
-
-
Many policymakers were surprised by how far Chinese researchers penetrated research institutions. “In collaborations, China dominates its relationships with academic partners.”
Total share* (vertical axis) and proportion for top eight research collaborators with China @FT
— Theresa Fallon (@TheresaAFallon)
8:31 AM • Mar 28, 2023
-
Finding and exploiting 0day for commercial reasons. This is really weird, especially because an N-day (or pool of N-days) would work just fine. No one does timely Android updates.
At the beginning of this month, multiple Chinese security researchers published articles pointing to an e-commerce giant that had developed and exploited multiple vulnerabilities to escalate privileges and ultimately gain full control over users’ smartphones.
Upon successful privilege escalation, the malicious application could prevent users from uninstalling it, deceive and lure users, collect a wide range of users’ private information, and steal information from competing apps. Its ultimate goal is to significantly increase its installation and activity rates, prompting more conversions and boosting sales.
Android app from China exploited 0-day CVE-2023-20963 flaw securityonline.info/android-app-fr…
— Nicolas Krassas (@Dinosn)
12:40 PM • Mar 28, 2023
-
If only the intelligence was accurate, then the policy makers wouldn’t have been duped into deciding to invade Iraq. 🙃
-
Belgian man dies by suicide following exchanges with ChatGPT
— switched (@switch_d)
12:37 PM • Mar 28, 2023
-
China banned Google, YouTube, TikTok, Instagram, Facebook, Netflix, Snapchat, the NBA, Pinterest, Whatsapp, \Twitter, Dropbox, Reddit, Zoom, Steam, foreign movies, Skype, Tumblr, 95% of foreign Media etc but yeah I guess they're an "open market" because iphones are allowed
— Mark Witzke (@mkwitzke)
3:13 PM • Mar 27, 2023
-
Some new CVEs from Apple. 🎉 CVE-2023-27952 is not GateKeeper but a full TCC bypass.
— Csaba Fitzl (@theevilbit)
9:16 AM • Mar 28, 2023
-
If someone had told me 10 years ago that all H264 hw decoders are fundamentally broken and vulnerable, I would've said "Yes, and no one wants to find out".
Well, now we've found out: wrv.github.io/h26forge.pdf
— निर्भीक चौहान (@nirbheek)
11:15 AM • Mar 27, 2023
-
Uncovering a lovely story about how the U.K. created a fake think tank through which to launder intell & expose Soviet activity
West Germany then exploited the UK’s plausible deniability by discreetly claiming credit for the work.
U.K. found it both hilarious and outrageous!
— Rory Cormac (@RoryCormac)
11:43 AM • Mar 27, 2023
-
Reply