Award winning shitposter and cybersecurity weatherman. Shitposting is an anagram of Top Insights.
Sorry for the Twitter link, but Patrick Wardle doesn't yet have a Mastodon account that I can find.
https://twitter.com/patrickwardle/status/1611482670156091392
Microsoft security blog post "comes close" to ripping off Wardle's "The Art of Mac Malware," and doesn't cite prior research, which it clearly draws upon, he says.
The post in question: https://www.microsoft.com/en-us/security/blog/2023/01/05/unraveling-the-techniques-of-mac-ransomware/
@alan because your instance could disappear one day, if the admin gets hit by a bus or accidentally breaks the server and has no backup etc. And you then can’t migrate account away as it needs the instance to be online.
Have you ever thought that people hundreds and thousands of years ago weren't stupider than us? I used to think they were stupider. I guess because of our comparative technologies.
But now I think they were smarter. We have a short memory. We are disconnected from the systems that sustain us like food production, climate, and basic survival skills or even craftsmanship. We know celebrities we'll never meet but not all of our neighbors.
Timeline cleanse....
Someone really likes leaves.
🤭🥰😍
I find myself not very excited to share things lately, but need to get over the Twitter-depression hump and get back in there. Here's a butt orange from my backyard.
Huh, never thought to look this up, because we sort of took it as gospel that the OPenSSL "Heartbleed" thing was a massive problem.
In actuality, doing a survey of searches - the impact to the environment was not supposedly massive caches of lost or stolen data, or even the primary route for a breach... but instead was the resources consumed looking for and patching the vuln.
There's only two real notable stories on orgs reporting an impact from a Heartbleed exploit, from Community Health Systems (CHS) which was reported by TrustedSec through "anonymous, but trusted contacts of those responding to the breach" (supposedly through grabbing creds from a policy device, I think Palo Alto). But not much reporting afterwards.
Second is a "whiz kid" in Canada who two years after his supposed use of the Heartbleed exploit, resulted in 900 Canadian equivalent to their social security number, being stolen. Reporting doesn't indicate how they were stolen, just ties it to the Heartbleed exploit. Even the case reporting doesn't detail it, so I find it highly suspect.
Much like most things it seems, if there's a vuln that's new closely released to a breach or other incident, it's often convenient to tie it to that exploit, without verification. Funny, these stories were within two weeks of the vuln... and then zero... and for something as wide ranging in scope and breadth as OpenSSL, one wonders why more hasn't been reported globally other than these tow incidents.
I think we dodged a bullet with Heartbleed, short of the work to patch.
I also would like to share that the narrative about OpenSSL's vuln being impactful was merely from the triage level and awareness, not the actual monetary value of loss sort of resource expenditure and not data theft or even a major breach.
So, now you know. I feel wiser for looking into it (due to clarifying a statement on a report coming out) and I was curious, since it is the whipping boy for software supply chain security.
Probably one of my favourite pictures I've taken on my phone! The best camera is the one you have on you :)
It's portrait, so please expand to see the whole thing!
NEW: On a recent threat hunt, our MDR team uncovered multiple Raspberry Robin infections using a DLL spreader.
The USB worm was first spotted in Sept 2021 by Red Canary. Back then, its purpose wasn’t clear. Since then, it’s spread – a lot.
1/10
Less than three months after its public debut, the “anti-woke” banking startup GloriFi is canceling itself. https://www.rollingstone.com/politics/politics-news/anti-woke-bank-glorifi-shuts-down-1234634682/
Elenquay
It seems #Tiktok has an open redirect being actively abused by attackers.
hxxps://www.tiktok.com/link/v2?aid=1988&lang=fr-FR&scene=bio_url&target=hxxps://berkaodelrortraxion.blogspot.com/
TIL long-eared hedgehogs exist and are adorable
Following his so-far unsuccessful attempt to lure Donald Trump back to Twitter, Elon Musk has opened the social media platform up to another once-banned far-right favorite: Georgia Representative Marjorie Taylor Greene. https://www.rollingstone.com/politics/politics-news/elon-musk-reinstates-marjorie-taylor-greene-twitter-account-1234634659/
Sports betting company DraftKings said today that it would make whole customers affected by a credential stuffing attack that led to losses of up to $300,000.
#Throwback to my first parody song to really make the rounds: "Fighting These Guys" in the style of "My Eyes" from Dr. Horrible's Sing Along Blog
idk why but this seems appropriate to tag for today #fridayfeeling
hope it brings you a wee bit of joy amongst the myriad of dumpster fires occurring... literally everywhere.
@SwiftOnSecurity @gossithedog I wasn't aware you moonlighted at utilities orgs?
@malwareunicorn @malwaretech don't worry, they'll figure out the system is broken next week
NEW: According to a leaked document, the cybersecurity startup Corellium offered trials to controversial surveillance companies NSO Group and DarkMatter.
Corellium also sold to cellphone cracking firms Cellebrite (Israel) and Elcomsoft (Russia), as well as Pwnzen, a hacking firm with ties to China's government, according to the document.
Corellium declined to answer most of the questions we asked about its customers.
Corellium said NSO and DarkMatter only had access to “a limited time/limited functionality trial version of Corellium's software” and that both were later denied requests to purchase the full version following its vetting process.
The company told us that it has a careful vetting process, and that it has had “opportunities to profit from these bad actors and have chosen not to."
https://www.wired.com/story/corellium-nso-group-darkmatter-apple-lawsuit/
