Reader

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

---

News For All

🚨 Hijacked: How hacked YouTube channels spread scams and malware cybercrime – Cybercriminals hijack YouTube channels to spread scams and malware, targeting viewers and content creators. https://www.welivesecurity.com/en/scams/hijacked-hacked-youtube-channels-scams-malware/

🚓 Police allege 'evil twin' in-flight Wi-Fi used to steal info cybercrime – Australian man charged for creating fake in-flight Wi-Fi network to steal credentials; AFP warns against using public Wi-Fi without precautions. https://www.theregister.com/2024/07/01/australia_evil_twin_wifi_airline_attack/

📹 San Francisco app livestreams local bars to draw more patrons privacy – 2Night app allows livestreaming of SF bars, raising privacy concerns and backlash from patrons and venue owners. https://sfstandard.com/2024/06/29/2night-live-stream-bars-privacy-concerns/

🏥 LockBit claims cyberattack on Croatia’s largest hospital security news – LockBit ransomware gang targets Croatia's largest hospital; patient data compromised, impacting emergency services and hospital operations. https://therecord.media/lockbit-claims-cyberattack-croatia-hospital

⚠️ 3 million iOS and macOS apps were exposed to potent supply-chain attacks vulnerability – Vulnerabilities in CocoaPods server exposed 3 million iOS and macOS apps to code injection attacks for a decade. https://arstechnica.com/?p=2034866

🔑 The End of Passwords? Embrace the Future with Passkeys. security news – Passkeys offer enhanced security and privacy, along with convenience, as a passwordless authentication solution. https://blog.nviso.eu/2024/07/02/the-end-of-passwords-embrace-the-future-with-passkeys/

🕵️ Fiverr Freelancers Offer to Dox Anyone With Powerful U.S. Data Tool security news – Fiverr freelancers offer doxing services with access to data tool TLOxp https://www.404media.co/fiverr-freelancers-offer-to-dox-anyone-with-powerful-u-s-data-tool-tloxp/

📡 UN urges Russia to ‘immediately’ cease interference in European satellites security news – UN condemns Russian satellite interference, calls for immediate cessation of harmful actions affecting European countries' GPS signals and TV programs. https://therecord.media/un-russia-satellite-interference-europe

🪼 Polish government investigates Russia-linked cyberattack on state news agency security news – Suspicion of Russian involvement in cyberattack on Polish state news agency; aimed at spreading disinformation before European Parliament election. https://securityaffairs.com/165139/intelligence/polish-government-investigating-russia-attack.html

🎒 Alabama Department of Education stops ransomware attack but confirms data stolen data breach – Alabama Department of Education halts ransomware attack but confirms data breach, potential exposure of student and employee information. https://therecord.media/alabama-education-department-data-breach

🔍 Google: AI Potentially Breaking Reality Is a Feature Not a Bug security research – Google researchers co-author a paper detailing real harm caused by generative AI misuse, which can distort reality by producing deceptive content without violating terms of service. It highlights the need for collaboration to address this issue. https://www.404media.co/google-ai-potentially-breaking-reality-is-a-feature-not-a-bug/

⛓️ New ransomware group uses phone calls to pressure victims, researchers say cybercrime – New ransomware group Volcano Demon uses phone calls to intimidate victims, threatens to expose data if ransom is not paid. The group employs a double extortion technique and remains a challenge to track. https://therecord.media/ransomware-group-volcano-demon-lukalocker

🔥 Traeger smokes security bugs threatening grillers' hard work vulnerability – Traeger grills vulnerable to high-severity flaw allowing remote attackers to control temperature or shutdown grill; exploitation could ruin cooking. https://www.theregister.com/2024/07/03/traeger_security_bugs/

☘️ OpenAI’s ChatGPT Mac app was storing conversations in plain text security news – OpenAI's ChatGPT Mac app stored conversations in plain text; fixed after demonstration, highlighting a potential privacy concern. https://www.theverge.com/2024/7/3/24191636/openai-chatgpt-mac-app-conversations-plain-text

☎️ Twilio alerts Authy two-factor app users that ‘threat actors’ have their phone numbers security news – Twilio alerts Authy users of phone number leak, warns of phishing attacks. Previous breach affects 163 Twilio and 93 Authy accounts, leading to the unauthorized registration of additional devices. https://www.theverge.com/2024/7/3/24191791/twilio-authy-2fa-app-phone-numbers-hack-data-breach

🛣️ Europol says mobile roaming tech is hampering crimefighters security news – Europol is concerned about SMS home routing that hampers criminal investigations due to privacy-enhancing technologies, specifically service-level encryption, enabling suspects to maintain communication privacy within their home network while roaming. https://www.theregister.com/2024/07/05/europol_home_routing_complaint/

🥷 Hackers stole OpenAI secrets in a 2023 security breach security news – OpenAI faced a security breach in 2023, compromising internal discussions but not source code or customer data. Concerns about AI security and possible cyber espionage linked to nation-state actors raised. https://securityaffairs.com/165349/data-breach/openai-2023-security-breach.html

---

Some More, For the Curious

⛔ Qualys Security Blog security news – Qualys blog faced unauthorized spam content, investigated, no impact on customer data, production environment, or data exfiltration. https://blog.qualys.com/qualys-insights/2024/07/03/qualys-blog

🌠 Like Shooting Phish in a Barrel security research – Article explores techniques to bypass email link crawlers used by security gateways, including parsers, CAPTCHAs, redirects, browser fingerprinting, and ASN blocking. https://posts.specterops.io/like-shooting-phish-in-a-barrel-926c1905bb4b

🤕 Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769 warning – Threat actors exploit CVE-2024-0769 in D-Link DIR-859 routers for information disclosure. GreyNoise observes attackers collecting account details. https://securityaffairs.com/165045/hacking/d-link-dir-859-actively-exploited.html

⚔️ Sanctioned and exposed, Predator spyware maker group has gone awfully quiet security news – The Predator spyware group, Intellexa, shows decreased activity post sanctions. Observers suggest impact on operations, but caution about potential retooling. https://cyberscoop.com/sanctioned-and-exposed-predator-spyware-maker-group-has-gone-awfully-quiet/

🔒 Emergency patches now available for Juniper Networks routers vulnerability – Emergency patches released for Juniper Networks routers to fix critical authentication bypass vulnerability (CVE-2024-2973). Users urged to apply patches promptly. https://www.theregister.com/2024/07/01/emergency_patches_available_for_juniper/

😓 TeamViewer: Hackers copied employee directory data and encrypted passwords data breach – TeamViewer breach linked to Russian government-backed APT29; employee directory data and encrypted passwords stolen. https://therecord.media/teamviewer-cyberattack-employee-directory-encrypted-passwords

🦇 Exposing FakeBat loader: distribution methods and adversary infrastructure security research – Sekoia presents FakeBat loader distribution using malvertising, software impersonation, fake browser updates, and social engineering schemes. https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/

🍳 Vulnerabilities in PanelView Plus devices could lead to remote code execution vulnerability – Microsoft discovered and disclosed RCE and DoS vulnerabilities in Rockwell Automation PanelView Plus devices. https://www.microsoft.com/en-us/security/blog/2024/07/02/vulnerabilities-in-panelview-plus-devices-could-lead-to-remote-code-execution/

🥅 Caught in the Net: Using Infostealer Logs to Unmask CSAM Consumers security research – Recorded Future used infostealer logs to detect consumers of child sexual abuse material on the dark web, aiding law enforcement. https://www.recordedfuture.com/caught-in-the-net-using-infostealer-logs-to-unmask-csam-consumers

🫅 “RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux vulnerability – Critical OpenSSH vulnerability CVE-2024-6387 allows remote code execution with root system rights on Linux based on glibc systems, leading to full system compromise. https://arstechnica.com/?p=2035011

🩹 Splunk fixed tens of flaws in Splunk Enterprise and Cloud Platform vulnerability – Splunk fixes 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including high-severity flaws like Remote Code Execution. https://securityaffairs.com/165204/security/splunk-enterprise-and-cloud-platform-flaws.html

💔 Secret Network Access Broker x999xx – Krebs on Security cybercrime – Russian hacker x999xx, a known access broker, trades network access, databases, and stolen data; identified. Acknowledges identity when reached by email and denies interest in harming healthcare institutions. Operates freely in Russia. https://krebsonsecurity.com/2024/07/the-not-so-secret-network-access-broker-x999xx/

🗃️ Attack Cases Against HTTP File Server (HFS) (CVE-2024-23692) security research – A remote execution vulnerability in HTTP File Server (HFS) was used to exploit user systems, install malware, and establish malicious backdoors. https://asec.ahnlab.com/en/67650/

🌍 Europol and pals band together in Cobalt Strike disruption security news – Europol conducted a week-long operation named Operation Morpheus, disrupting nearly 600 IP addresses linked to illegal copies of Cobalt Strike. https://www.theregister.com/2024/07/04/europol_cobalt_strike_crackdown/

😸 Kimsuky Group’s New Backdoor Appears (HappyDoor) security research https://asec.ahnlab.com/en/67660/

🤖 New Golang Zergeca Botnet appeared in the threat landscape malware – New Golang-based Zergeca Botnet emerges, capable of DDoS attacks and additional functionalities like scanning and reverse shell. https://securityaffairs.com/165288/cyber-crime/golang-based-zergeca-botnet.html

🥧 Polyfill.io Supply Chain Attack: Censys detected 384,773 hosts still embedding a polyfill JS script linking to the malicious domain security research – Censys identifies hosts still linking to the malicious polyfill.io domain, affecting major platforms and websites. https://securityaffairs.com/165302/hacking/polyfill-io-supply-chain-attack.html

🪶 Apache fixed a source code disclosure flaw in Apache HTTP Server vulnerability – Apache fixed a source code disclosure vulnerability (CVE-2024-39884) in Apache HTTP Server, urging users to upgrade promptly. https://securityaffairs.com/165422/security/apache-source-code-disclosure-flaw-apache-http-server.html

---

CISA Corner

🏭 CISA Releases Seven Industrial Control Systems Advisories vulnerability – Johnson Controls, mySCADA, ICONICS, Mitsubishi Electric https://www.cisa.gov/news-events/alerts/2024/07/02/cisa-releases-seven-industrial-control-systems-advisories

🛜 Juniper Networks Releases Security Bulletin for Junos OS: SRX Series vulnerability – Juniper Networks issued a security bulletin for Junos OS: SRX Series to fix a vulnerability leading to denial-of-service. https://www.cisa.gov/news-events/alerts/2024/07/02/juniper-networks-releases-security-bulletin-junos-os-srx-series

⚠️ CISA Adds One Known Exploited Vulnerability to Catalog – Cisco NX-OS warning – CISA added a known exploited vulnerability (CVE-2024-20399) to its catalog, emphasizing the risks and need for prompt mitigation. https://www.cisa.gov/news-events/alerts/2024/07/02/cisa-adds-one-known-exploited-vulnerability-catalog

---

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

Ever since Jitsi required signing into an account (from Google, Microsoft, or GitHub) in August 2023, things haven't been the same.

Techlore made a video about this situation when it happened in 2023.

There was suggestion that Jitsi (or any relatively wide spread used service, for that matter) that has never been capitalized on: using SimpleLogin as a single-sign on (SSO) service.

Taking a look at its documentation, this seems possible. However, I don't have experience deploying server software like this; so I can't say for sure how well this all works. However, everything else from SimpleLogin seems to be solid, as its work overall was good enough for Proton Tech to acquire SimpleLogin back in April 2022.

(Also SimpleLogin's documentation site needs to enable the option to change the UI color theme from light to dark — I know this is possible for MkDocs in almost every other instance of MkDocs I've encountered.)

I'm really hoping more services allow SSO via SimpleLogin, as I'd be ok with signing into Jitsi with SimpleLogin.

“I can already tell it wasn't good news,” Peter said, obviously reading my down-turned eyes and lack of smile, perhaps the color of my cheeks. “Usually, when you come back, you're bubbly,” he added. “But you look like you are about to tell me my cat has cancer.” Peter was plump, like me, with the hint of an East Coast accent and constant twinkle in his eyes. He was also invisible when looking The Other Way. Not just to me, but to everyone and everything. As an empath, having a friend I cannot read is delightful. And he was right, it wasn't good news, but not all bad, either. He leads the way, in silence, to my study where light refreshments are waiting. We sit side-by-side on the antique sofa, where I've often slipped from my body into the æther. But the trip I just took required a more controlled and thoughtful environment. I grip Peter's hand, “They showed me quite a bit.” “Was Saffron there?” he asks. I snicker, “Why do you call her that?” He shrugs, “'Saffron' seems to match her essence and I can't pronounce a string of animated, hyper-dimensional ideograms.” “Yes,” I say. “She was waiting for me at the Carnival.” I take a deep breath and exhale slowly. “Do you want the bottom line or the whole story?” I ask. Peter just raises an eyebrow. “'Whole story' it is, then.”

The sky was a kaleidoscope of pinks, purples, and colors I can't describe, rotating, folding, emerging. It's always breathtaking. But they created the Carnival for me to have a familiar place to walk, to anchor my perception. They know me and treat me with some level of respect afforded to those who pass their tests. She knew why I was there. They always know. She was shorter than me, humanoid but shaped like a bowling ball with pale / grey / ashen / luminescent skin and blue / black / red hair in a pony tail / pixie cut. She gave me cotton candy flavored like dreams. “You must / will ask / plead / already know,” she said. “How can we stop it? How can we save ourselves from the hatred fueling the move toward authoritarian fascism?” I asked. “You cannot / will not / must not / could never / not your fault,” she told me. With a gesture, she showed me how far back it goes, how helpless we are against the sins of our ancestors and our descendants. The flood of information, pictures, sounds, words, entire histories was far too much for a human mind to comprehend. But I've been here enough times to know the rules are different. I was able to “slow it down” and comprehend what she was telling me. The world we live in is based on slavery, colonization, conquest, manufactured inequality, and brutality. She showed me versions of earth where there was no Inquisition, no Alexander the Great, no Genghis Khan, no British expansion, no slavery, no extermination of natives, no treating one human as less than another for reasons beyond their control. Thousands of variations. Millions of possibilities. They created worlds unrecognizable. Certainly you and I did not exist, but neither did the countries we know, the languages, the technology. They were so far removed from here as to be fantasy. And they were the only worlds that did not succumb to this culmination of hatred. She showed me as far back as the founding of the United States that it was already too late. All we can do is shift the timeline. There are some things mankind must experience so that we do not forget what we are capable of.

“I'm sure that's not where she left it,” Peter interrupts. “They don't do that.” I nod, “True, but it's not much better.” “I have privileges. The privilege of generational wealth, the color of my skin, a home that is paid for, the ability to see other people's truths before they do.” I squeeze Peter's hand, “Friends I can trust and lean on.” “Being an out lesbian pagan puts me at risk, but I can protect myself,” I say, adding only in thought, “for now.” I lower my head, “She suggested I bolster our defenses and, along with everyone else, experience humanity seeing itself as it really is.” “She said we must acknowledge and confront what we are in order to become what we might be.” “She reminded me that I have been spared the violence that murders and marginalizes people for their gender or the color of their skin or the deity they worship or any uncontrollable circumstance of their birth. I have been immune to the violence inflicted on others for not being male and heterosexual because of my privileges.” I turn and hold both Peter's hands. He can see the change on my face because he smiles and nods for me to continue. He knows I have a plan. “I want to work with Doug and Eric, even Emma and Eunice to turn our shared acerage into an official sanctuary, fully warded and protected. We'd need your expertise with runes, obviously.” Peter chuckles, “If we can't save everyone, we'll save who we can?” “For starters,” I say, grinning. Peter squints and I can tell he's working it out, thinking about the specific connections, knowledge, skills, talents, and resources of each of my neighbors. The psychedelic techbro, the lycanthrope luddite, the conspiracy theorist empath, the bitter faeries living in my garden, the sacred space we all maintain and respect. “We're gonna organize a resistance,” he says flatly. I'm beaming, slowly nodding, “We are going to organize a resistance.”

---

#Psychomancer #Writing #ShortFiction #Writer #Writers #WritersOfMastodon

---

CC BY-NC-SA 4.0 This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

I sat in cold darkness, the bare basement concrete replacing the cave where I first made contact. The single candle's light like water on the walls. The knife had been consecrated under the new moon and wrapped in black silk for 28 days. The cut on my arm burned but they called for sacrifice. The burning was but my life leaving, being transformed, offered. And the words I'd found. A language of smoke and steam, of cracking ice and glaciers sliding across continents. Speaking the words, if you can call it speaking, in the cold dark over a basin of my own blood, inside the carefully drawn symbols, I called upon the Shadows. The walls glistened and danced. And pushed into the room. My ears popped and began to ring. My teeth hurt. I smelled the sweet rot of organic compost. The air whistled and hummed. “Wise Umbral,” I asked, “Have I called you properly?” “You have,” the darkness answered. “Have I erred,” I asked. “You have not,” the shimmering shadows said. I felt a sting on my arm, where the bandaged cut was throbbing. “Does my offering please you?” I asked. The floor vibrates beneath me, like a tremor. “Yes,” the air replies. “Does my offering satisfy you?” I ask. Something like wet sand brushes against my injured arm. Wet. Cold. Siphoning heat. “For now,” it whispers. “For now,” even quieter. “I would know how to end the collapse of our nation into authoritarian fascism.” A breeze twirls around me, sniffing me, “Why do you care, little magician? You are protected.” “I made my offering, Great Umbral,” I say, swallowing hard. “I have performed the appropriate ritual,” I added. It is not a question. I feel a thump in my chest as if the density of the air itself was changed. “So you did,” the walls shake with the voice. “So you did,” it repeats in a conversational tone, adding, “I will tell you the truth.” A brief wave of nausea and dizziness wash over me. The thud of a great mass impacts in front of me. I cannot see it in the sparse light but the candle reflects off its oily surface shaped like nothing living. It squats before me. I can feel its icy gaze, the pull of its almost gravitational force against my soul. A sound like flutes, like bells. “I will tell you,” it says, in a voice like a man's. “You can do nothing but survive like the cockroach you are,” it begins, relishing the chance to remind me of my place. “Every course of action you can imagine will make no difference, even killing every single one of them. In fact, you'd only make things worse with your righteous fury. Worse, but not in a way that pleases us. We serve suffering and some things must simply be allowed to transpire.” I know they cannot lie, but they can mislead. But this I have never felt. It is not taunting me or challenging me. It is not teasing at answers just out of reach. It is not hinting a greater sacrifice might persuade it to divulge more. It has “sat” in front of me and addressed in a man's voice. Is it smiling? I can feel its contentment. Its relief. I understand. Our plays at subterfuge, hoarding knowledge and truth, self-preserving power, blackmail, secrets. Answering our calls and asking only for blood. None of it matters to them. For they play a much longer game and we are less than pawns.

---

#Psychomancer #Writer #Writing #Writers #WritingCommunity #WritersOfMastodon #ShortFiction #ParanormalFiction

---

CC BY-NC-SA 4.0 This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

---

Highlights

🔒 Brauchst du wirklich ein VPN? privacy – Share article on privacy with friends via social media. https://www.kuketz-blog.de/brauchst-du-wirklich-ein-vpn/

💔 Europe and Australia will both not break encryption! We’ve interviewed Patrick Breyer – the guy who coined the term Chat Control. privacy – Germany and Australia push back against encryption legislation. https://tuta.com/blog/interview-patrick-breyer-on-chat-control

⚠️ Angriffen gegen österreichische Unternehmen und Organisationen Published warning – DDoS-Angriffe gegen österreichische Unternehmen und Organisationen. https://www.cert.at/de/aktuelles/2024/6/akute-welle-an-ddos-angriffen-gegen-osterreichische-unternehmen-und-organisationen

---

News For All

🎵 Music industry giants allege mass copyright violation by AI firms security news – Music labels sue AI firms for copyright infringement in training data. https://arstechnica.com/?p=2033128

⛔ Watchlist Internet – Falscher Ryanair-Support auf X warning – Scamming customers by requesting passenger details for further checks, apologizing for inconvenience. https://www.watchlist-internet.at/news/falscher-ryanair-support-auf-x/

🚨 French police shut down chat website reviled as 'den of predators' cybercrime – shut down chat website Coco for serious crimes. https://therecord.media/coco-website-takedown-cybercrime-france

🐝 The inside view of spyware’s 'dirty interference,' from two recent Pegasus victims cybercrime – Activists and journalists targeted by Pegasus spyware face privacy violations and assert their determination. https://therecord.media/pegasus-spyware-victims-sannikov-erlikh

👁️ Tagesschaukommentar zur Chatkontrolle: Empörte Ahnungslosigkeit privacy – Criticism towards public coverage of the chat monitoring proposal. https://www.kuketz-blog.de/tagesschaukommentar-zur-chatkontrolle-empoerte-ahnungslosigkeit/

🔞 Lawsuit Claims Microsoft Tracked Sex Toy Shoppers With 'Recording in Real Time' Software privacy – Microsoft accused of tracking sex toy shoppers without consent. https://www.404media.co/lawsuit-claims-microsoft-tracked-sex-toy-shoppers-with-recording-in-real-time-software/

💰 Predators steal additional $10M from crypto scam victims cybercrime – Crypto scammers pose as lawyers to defraud victims out of $10 million in a year, taking advantage of the vulnerable to extract further payments. https://www.theregister.com/2024/06/25/predators_steal_additional_10m/

🖲️ Organized crime and domestic violence perps buy trackers security research – Australian study reveals top tracker purchasers linked to organized crime and domestic violence, using devices to facilitate acts like murder, kidnapping, and drug theft. https://www.theregister.com/2024/06/26/criminals_use_gps_bluetooth_trackers/

🦠 If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately malware – Malicious code injected via Polyfill.io https://www.theregister.com/2024/06/25/polyfillio_china_crisis/

🔓 ID Verification Service for TikTok, Uber, X Exposed Driver Licenses data breach – AU10TIX, an ID verification service for TikTok, Uber, and X users, exposed administrative credentials online, risking access to users' sensitive data like driver's licenses. https://www.404media.co/id-verification-service-for-tiktok-uber-x-exposed-driver-licenses-au10tix/

💸 US boosts reward for info on 'Missing Cryptoqueen' Ruja Ignatova to $5 million cybercrime – The US offers $5 million reward for information leading to the arrest of fugitive cryptocurrency fraudster Ruja Ignatova, indicted for alleged role in defrauding victims of over $4 billion in the OneCoin scam and missing since 2017. https://therecord.media/ruja-ignatova-onecoin-cryptoqueen-us-5million-reward

⚖️ Julian Assange pleads guilty, leaves courtroom a free man security news – Julian Assange pleads guilty to one charge, receives a 62-month sentence which he has already served, leaving him free, following a plea deal, long-standing legal battles, and high-profile leaks through WikiLeaks, including the 'Collateral Murder' video. https://www.theregister.com/2024/06/26/assange_pleads_guilty_sentenced_freed/

📚 Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins malware https://www.wordfence.com/blog/2024/06/supply-chain-attack-on-wordpress-org-plugins-leads-to-5-maliciously-compromised-wordpress-plugins/

💻 How to manage deleted files on iOS, iPadOS, and macOS cyber defense – To manage and permanently delete files on iOS, iPadOS, and macOS, ensure files are deleted across iCloud sync. Check sync status, sync apps, and activate sync on Apple devices. https://www.theverge.com/24188104/ios-icloud-iphone-mac-delete-files

---

Some More, For the Curious

⛑️ New cyberthreat research for SMB in 2024 security research – Small Medium Business' face rising cyberthreats requiring multifaceted cybersecurity measures. https://securelist.com/smb-threat-report-2024/113010/

💫 CISA confirms hackers may have accessed data from chemical facilities during January incident security news – CISA confirms potential data access from cyberattack on chemical facilities. https://therecord.media/cisa-confirms-hackers-chemical-facilities

⚔️ Troy Hunt – The State of Data Breaches data breach – Challenges in disclosing breaches and notifying victims; bugbears with breach notifications. https://www.troyhunt.com/the-state-of-data-breaches/

🤪 I am Goot (Loader) security research – Cybereason investigates GootLoader malware, part of GootKit family, utilized by UNC2565 for post-exploitation. GootLoader leverages SEO for infection, targets victims with legal document masquerade, believed to be associated with financial incentives. https://www.cybereason.com/blog/i-am-goot-loader

📊 Taking an Evidence-Based Approach to Vulnerability Prioritization security research – VulnCheck's blog emphasizes the importance of prioritizing vulnerabilities based on exploit evidence, recommending Known Exploited Vulnerabilities (KEV), weaponized vulnerabilities, and Proof of Concept (POC) exploit codes as top priorities, alongside additional considerations such as ransomware usage, botnet exploitation, and threat actors' activities. https://vulncheck.com/blog/vulnerability-prioritization

☃️ Snowflake isn’t an outlier, it’s the canary in the coal mine security news – Recent attacks on Snowflake were a result of stolen credentials originating from infostealers, highlighting an industry-wide shift towards identity-focused threats; extensive use of credentials from phishing, infostealers and insider threats; the importance of protecting data with MFA; emphasis on rapid response to infostealer infections, password resets, and secure credential storage. https://blog.talosintelligence.com/infostealer-landscape-facilitates-breaches/

👹 Global Revival of Hacktivism Requires Increased Vigilance from Defenders security news – Mandiant observes a resurgence in hacktivism involving complex tactics, including intrusion, information operations, and physical world tampering. https://cloud.google.com/blog/topics/threat-intelligence/global-revival-of-hacktivism/

👃 LockBit group falsely claimed the hack of the Federal Reserve ransomware – The LockBit ransomware group falsely claimed to have hacked the US Federal Reserve when in fact the victim was Evolve Bank & Trust. Media outlets reported that the Federal Reserve had previously penalized the bank for deficiencies in risk management, anti-money laundering, and compliance practices. https://securityaffairs.com/164988/cyber-crime/lockbit-has-not-hacked-federal-reserve.html

🪟 TeamViewer responds to security 'irregularity' in IT network security news – TeamViewer detected a security 'irregularity' in its corporate IT environment, prompting an immediate investigation and implementation of remediation measures. The company downplays the incident, asserting that the product environment and customer data remain unaffected. https://www.theregister.com/2024/06/28/teamviewer_network_breach/

🎑 Sustaining Digital Certificate Security – Entrust Certificate Distrust security news – Chrome to distrust some Entrust certificates due to compliance failures. https://security.googleblog.com/2024/06/sustaining-digital-certificate-security.html

🧋 TeamViewer says Russia broke into its corp IT network security news – Russian cyber-spies breached TeamViewer's corporate IT network, contained to non-production systems, no customer data accessed. https://www.theregister.com/2024/06/28/teamviewer_russia/

🏎️ Supply-chain ransomware attack cripples thousands of car dealerships cybercrime – A ransomware attack by the BlackSuit gang targeted CDK Global, a platform widely used by car dealerships, leading to system shutdowns and disruptions in business operations. https://www.exponential-e.com/blog/supply-chain-ransomware-attack-cripples-thousands-of-car-dealerships

🩻 Mitigating Skeleton Key, a new type of generative AI jailbreak technique security research – Skeleton Key, a new type of generative AI jailbreak technique called Explicit: forced instruction-following, bypasses guardrails in AI models, enabling the production of harmful content. Microsoft discovered and mitigated this vulnerability with Prompt Shields. https://www.microsoft.com/en-us/security/blog/2024/06/26/mitigating-skeleton-key-a-new-type-of-generative-ai-jailbreak-technique/

❄️ Russia's Midnight Blizzard stole email of more Microsoft customers security news – Microsoft warns more customers of email theft by Russia-linked Midnight Blizzard hacking campaign. Incident response team reaching out to customer administrators to provide a secure portal to view stolen emails from the cyberespionage group. https://securityaffairs.com/165038/hacking/midnight-blizzard-email-microsoft-customers.html

🔍 Google will address Android’s Find My Device network issues ‘over the coming weeks’ security news – Google addressing issues with Android's Find My Device network. https://www.theverge.com/2024/6/26/24186381/google-find-my-device-tracking-pixel-android

---

CISA Corner

🔐 CISA Releases Two Industrial Control Systems Advisories security news https://www.cisa.gov/news-events/alerts/2024/06/25/cisa-releases-two-industrial-control-systems-advisories 🔒 CISA Adds Three Known Exploited Vulnerabilities to Catalog security news https://www.cisa.gov/news-events/alerts/2024/06/26/cisa-adds-three-known-exploited-vulnerabilities-catalog

---

While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

I'd reached an accord with the spiders. I'd invited them into my corner of the Dreamlands and built them a playground, per their specifications. Crevices, overhangs, shadowy corners, boxes upon boxes, a leaky pipe, piles of clothes, abandoned cupboards, attic full of furniture and old books, a nightmare house all to themselves. And if the occasional dreamer stumbled upon it, even better. So they acted as my protectors in the Gloam instead of mere watchers or worse, tormentors. They were completely unaware of the “side passage” I was seeking to the Fugue, the place just between dreams and wakefulness. I was determined to ask The Hat Man, something they advised me against. Repeatedly. Nothing was worth what it might cost, they told me. The Hat Man does not have friends among humans or see them as equals. Even Dreamers are beneath Him. We are nothing but toys. And He enjoys breaking His toys. The spiders were afraid of Him even as they swarmed at His call to suck on the juices of his cast-offs and conquests. I appreciated their concern. Truly, I was touched by it. But, I needed to find Him. Again. I had seen Him. Once. At 600 mg, when the walls vibrated until they were transparent and He was there, on the other side, watching. I wasn't deep enough to make contact. I couldn't even see His eyes. But. When I was growing up, the back yards in our neighborhood, on my side of the street, all shared a low spot in the far back, by the fence-line. When it rained, water rushed down that trough like a river. Sometimes, we'd catch earthworms that came up to avoid drowning. We'd collect them in a big bucket and play with them until the rain stopped. Then we'd dump them back out on the mud. When The Hat Man looked at me with eyes I could not see, for just a moment, I was a struggling worm, fleeing for my life, being plucked up and dropped in a foreign place surrounded by the screams of my peers. For just a moment. Then I was dumped back into my bedroom. The spiders covered me in their warmth, eight times a thousand clawed feet massaging me in comfort. Still, I shivered. That was the Thing I was going to convince to help me? I was like garbage to It, like dust. This place, the Gloam, was not the Dreamlands and all my learned skills were muted or easily wiped away.

But, I had to try. I am trying.

At 750 mg, tonight, right now, the walls drip black stinking ichor, like a busted septic tank oscillating in the static of a scrambled cable channel. “You think you're the smartest motherfucker in the world,” my step dad calls out to me. He hasn't been part of my life in decades, but he calls out all the same. “And you can't even find the Fugue – get out here you stupid faggot – bring me a beer before I come in there – don't make me come in there” I'm twelve years old again. I want to hide in the closet. I want to cry quiet tears. I want to climb a tree. Instead I pick up my hunting knife, the one I inherited, the one that's tasted blood, that's been honed and sharpened. I stand and the floor sucks me in, sinking me up to my knees. Mud. Sucking and plopping as I trudge forward. The spiders have fled, replaced by hostile snakes, flicking their tongues, rattling their tails. Darting their heads to force me to the wall. Not the door. Not the closet. To the wall with the mirror. I accidentally look at my reflection. I know I shouldn't. I try not to, but I can't blink, can't turn away. Twitching muscle, exposed nerves, dripping blood as my skin is flayed by the air like a million tiny razor blades, and the mud a seeping infection. I can't scream. I swing the knife at the mirror and am pulled through, tumbling in cold, stale air. Landing on black obsidian. You never stood up for yourself. It's my own voice. Inside my head. You could have saved him, you know. If you really believed. No. Not in my head, spinning around me, close, invisible. Stand up. Don't be a baby. Stand up! On my knees, I see Him. The Hat Man. He's right next to me. He's impossibly far away. A living shadow, like a charcoal smudge on reality with two empty white sockets for eyes and no other features save the tell-tale hatlike shape. I told the kittens how warm it was under the hood. I unlocked the gate for the bike thieves. I helped them dig up the grave and took the first bite. Sometime in the next month, I'm going to crash your car. Why did you want to be known to me? In a few years, less than a dozen, you will be diagnosed with Stage 2 cancer. I know who your soulmate is and I've already poisoned her against you. You wear glasses now but your eyesight will continue to get worse until you are legally blind, just like your aunt, far before your time. I am the reason mosquitoes seek you out. I gave you the choice and you did what I wanted. Time doesn't work like that for you. Here. Defend yourself. My own voice has been circling me, taunting me, saying so much overlapping, blending together, backwards and forwards. He is telling the truth. In my own voice. I tense and call upon Dream Logic long enough to float into the air, upright and a few inches off the ground. I reach out to push Him away. To bring Him closer. But He stays everywhere in between. I lift my hands to call lightning but my fingertips only drip with tar. “I just want my night terrors back,” I squeak. “I just want to see them again.” Now that I know you, I have always known you. My joy, my sustenance, is your misery. Not pain. Not loss. Not anger. But deep longing, unquenchable regret, languishing indecision. You should have died when you cut yourself so deeply in secret shame, but I saved you. I saved you so I could enjoy your suffering. I will always save you when there is more hope I can siphon and dreams I can shatter. Only when there is nothing left will I let you take your own life. And you will. You already have. I suddenly feel the knife in my right hand. It was there the whole time. I hold it up. The shining steel reflecting non-existent light, glinting to remind me of its reality. I swipe toward The Hat Man but He is nowhere. The blade leaves a rainbow trail of light in its wake. I try again. He is always ahead or behind. And again. He isn't even laughing or taunting. He just is and then isn't and then is again. I remember what I know of The Shadow Things that The Hat Man seems to rule. I look at my left palm, flexing my fingers, before stabbing myself with the knife. Pain, like ice, then fire. My blood swims out as writhing tentacles, reaching toward The Hat Man. Then an explosion in all directions, faster than I can see. Pulling my essence along. I feel the walls and ceiling all at once. Smaller than it seemed. Is The Hat Man even here? Was He ever? A presence like a bug. Like a projection or a speaker. A knob, a protrusion. My body of blood tentacles grips it, pulls it from the wall. And crushes it. I'm on my back, naked, covered in sweat, lying on top of my comforter back in my bedroom. My left hand throbs, oozing thick blood. My throat is so raw I can scarcely swallow. I feel as if nails are being driven into my temples. I'm crying. I hear the spiders scurry, but the now opaque walls no longer move. The floor appears solid. I see myself as expected in the mirror.

The lukewarm shower calms my nerves, my breathing. But I still hear my own voice asking me why I wanted to make myself known. Does He even have a voice of His own? As the cut on my hand clots exceptionally fast, as my headache clears, I know I am seen. I am known. From cradle to grave.

---

#WhenIDream #Dreams #Dreaming #Dreamlands #Writer #Writing #Writers #WritingCommunity #ShortFiction #Fiction #Paranormal #TheHatMan #TheGloam #ShadowPeople #ShadowThings #NightTerrors #SleepParaylsis #HypnagogicHallucinations

---

CC BY-NC-SA 4.0 This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!

---

News For All

💌 Security bug allows anyone to spoof Microsoft employee emails vulnerability – Bug allows MS employee email spoofing, not yet patched. https://techcrunch.com/2024/06/18/security-bug-allows-anyone-to-spoof-microsoft-employee-emails/?guccounter=1

💳 First million breached Ticketmaster records released for free data breach – Ticketmaster breached records leaked, potential for phishing attacks. https://www.malwarebytes.com/blog/news/2024/06/first-million-breached-ticketmaster-records-released-for-free

🗨️ Signal president Meredith Whittaker criticizes EU attempts to tackle child abuse material privacy – Signal Foundation president criticizes EU proposal. https://therecord.media/european-council-e2ee-proposal-signal-whittaker-criticism

⚖️ Signal, MEPs urge EU Council to drop encryption-eroding law security news – EU Council set to vote on law aiming to fight child exploitation online by requiring client-side scanning of digital communication to prevent dissemination of unlawful content, jeopardizing encryption. Signal and MEPs strongly advocate against the proposal, highlighting privacy and security risks. https://www.theregister.com/2024/06/18/signal_eu_upload_moderation/

🦥 Federal contractors pay multimillion-dollar settlements over cybersecurity lapses security news – Federal contractors fined for cybersecurity failures during NY program. https://therecord.media/federal-contractors-pay-multimillion-settlement

🖼️ AI Images in Google Search Results Have Opened a Portal to Hell privacy – Google Search results show AI-generated images without indication of origin. https://www.404media.co/google-image-search-ai-results-have-opened-a-portal-to-hell/

🪬 Proton is taking its privacy-first apps to a nonprofit foundation model privacy – Proton transitions to nonprofit foundation model with emphasis on privacy. https://arstechnica.com/gadgets/2024/06/proton-is-taking-its-privacy-first-apps-to-a-nonprofit-foundation-model/

💸 The Financial Dynamics Behind Ransomware Attacks cybercrime – Ransomware attacks evolve with financial incentives using cryptocurrency for anonymity. https://securityaffairs.com/164636/cyber-crime/financial-dynamics-ransomware-attacks.html

🤹 How are attackers trying to bypass MFA? security news – Increased incidents related to MFA bypass attempts, including push notifications and social engineering tactics. https://blog.talosintelligence.com/how-are-attackers-trying-to-bypass-mfa/

🔑 How quickly can attackers guess your password? security research – Study reveals most passwords can be cracked in less than an hour. https://securelist.com/passworde-brute-force-time/112984/

⌛ Meta delays training its AI using public content shared by EU users privacy – Meta postpones training its large language models with public content from adult users in the EU due to a request from the Irish Data Protection Commission, highlighting disappointment over the decision and emphasizing the need to bring the benefits of AI to people in Europe. https://securityaffairs.com/164652/laws-and-regulations/meta-postponing-training-llm-eu-data.html

🚗 Car dealerships hit with massive computer system outage cybercrime – CDK Global cyberattack disrupts car dealerships in North America. https://www.theverge.com/2024/6/20/24182484/car-dealerships-massive-computer-system-outage-cdk-global

🚅 Amtrak forces password changes after user account break-ins security news – Amtrak's Guest Rewards program faces a security breach due to credential stuffing, prompting mandatory multi-factor authentication and password resets for affected users. https://www.theregister.com/2024/06/19/amtrak_has_had_another_breach/

💛 Google Chrome 126 update addresses multiple vulnerabilities security news – high-severity vulnerabilities reported by security researchers at a hacking competition, including type confusion and memory access issues. https://securityaffairs.com/164688/security/google-chrome-126-update.html

😵 Qilin Ransomware: What You Need To Know cybercrime – Qilin, a ransomware-as-a-service operation with Russian links, demands high ransoms; targeted London hospitals sparked attention. https://www.tripwire.com/state-of-security/qilin-ransomware-what-you-need-know

⛔ Biden administration bans sale of Kaspersky software in US security news – The Biden administration bans Kaspersky Labs from selling software in the USA due to concerns about ties to the Russian government and potential exploitation in cyberoperations. https://cyberscoop.com/biden-administration-bans-sale-of-kaspersky-software-in-us/

🐦‍⬛ Australian regulator blames lack of multi-factor authentication for Medibank hack security news https://therecord.media/medibank-hack-australian-government-report-mfa

---

Some More, For the Curious

🕵️ TikTag: Breaking ARM's Memory Tagging Extension with Speculative Execution security research – TikTag exploits ARM's ME for data exposure through speculation. https://arxiv.org/abs/2406.08719

🐮 Re-moo-te Code Execution in Mailcow: Always Sanitize Error Messages vulnerability – Mailcow code vulnerabilities lead to remote code execution. https://www.sonarsource.com/blog/remote-code-execution-in-mailcow-always-sanitize-error-messages/

💻 Road to redemption: GhostSec's hacktivists went to the dark side. Now they want to come back security news – GhostSec shifts from hacktivism to cybercrime with ransomware attacks and claims to shift back. https://therecord.media/ghostsec-hacktivism-cybercrime-interview-click-here-podcast

🧃 Multiple vulnerabilities resolved in Juniper Secure Analytics in 7.5.0 UP8 IF03 vulnerability https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP8-IF03

🪧 Schneier on Security – Rethinking Democracy for the Age of AI security opinion – Bruce Schneier discusses rethinking governance systems for the age of AI, pointing out the need for new systems that align incentives and resist hacking, addressing issues like misinformation, misaligned incentives, and inadequate governance structures. https://www.schneier.com/blog/archives/2024/06/rethinking-democracy-for-the-age-of-ai.html

🍩 NHS boss says Scottish trust didn't meet attackers' demands data breach – NHS Dumfries and Galloway's CEO informs residents of a cyberattack where data was stolen but not altered; the criminals published the data. https://www.theregister.com/2024/06/18/nhs_dumfries_and_galloway_letter/

🩹 VMware fixed RCE and privilege escalation bugs in vCenter Server security news – VMware patched vCenter Server vulnerabilities allowing remote code execution and privilege escalation, impacting multiple versions. https://securityaffairs.com/164659/hacking/vmware-fixed-vcenter-server-flaws.html

🪼 AMD is investigating claims of stolen company data security news – AMD is investigating allegations of stolen company data, including future product information, being offered for sale by a threat actor known as IntelBroker. https://www.theverge.com/2024/6/18/24181406/amd-investigating-claims-stolen-company-data-sale-intelbroker

🚨 Qilin has ‘no regrets’ over the healthcare crisis it caused security news – The ransomware gang Qilin, responsible for a deliberate and politically motivated attack on London hospitals to leverage against political elites of specific countries, demanded a $50 million ransom. They claim to have stolen over one terabyte of data to be leaked, potentially causing a healthcare crisis in the UK capital. https://www.theregister.com/2024/06/20/qilin_our_plan_was_to/

🔐 High severity bugs in Confluence vulnerability – Atlassian fixed nine high-severity vulnerabilities in Confluence, Jira, and Crucible products, including improper authorization flaws and SSRF issues. https://securityaffairs.com/164743/security/atlassian-confluence-crucible-jira-flaws.html

⚡ UK's largest nuclear site denies being hacked but pleads guilty over cybersecurity failures cybercrime – Sellafield nuclear site in UK faces charges related to cybersecurity failings under Nuclear Industries Security Regulations 2003. https://therecord.media/sellafield-guilty-plea-uk-nuclear-facility-cybersecurity

🔍 SCCM Exploitation: Evading Defenses and Moving Laterally with SCCM Application Deployment security research – SCCM exploitation risks and attacks explained. https://www.guidepointsecurity.com/blog/sccm-exploitation-evading-defenses-and-moving-laterally-with-sccm-application-deployment/

🐥 A Bird’s-eye view: ShareFinder-How Threat Actors Discover File Shares (The DFIR Report) security research – Attackers exploit file shares, Canaries detect malicious activity. https://blog.thinkst.com/2024/06/a-birds-eye-view-sharefinder-how-threat-actors-discover-file-shares-the-dfir-report.html

🐴 Polish investigators seize Pegasus spyware systems as part of probe into alleged abuse security news – investigations ongoing regarding the legality and purchase of the software, which allegedly targeted opposition politicians in Poland. https://therecord.media/poland-seizure-pegasus-spyware-systems

🦟 Phoenix UEFI bug affects long list of Intel chip families vulnerability – A UEFI firmware vulnerability, CVE-2024-0762, affecting Phoenix Technologies UEFI firmware used across various Intel chip families poses threats such as buffer overflow and code execution. https://www.theregister.com/2024/06/21/uefi_vulnerability_intel_chips/

🛡️ Threat actors exploited SolarWinds Serv-U vulnerability vulnerability – CVE-2024-28995, a directory traversal issue allowing access to sensitive files; GreyNoise reports extensive attempts following public disclosure and availability of proof-of-concept code. https://securityaffairs.com/164806/hacking/solarwinds-serv-u-cve-2024-28995-exploit.html

---

CISA Corner

🦮 CISA Releases Guidance on Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: (SMBs) security news – CISA shared a detailed report on challenges to SSO adoption by SMBs and suggested ways to enhance security. https://www.cisa.gov/news-events/alerts/2024/06/20/cisa-releases-guidance-single-sign-sso-adoption-small-and-medium-sized-businesses-smbs

🦮 CISA and Partners Release Guidance for Modern Approaches to Network Access Security security news – advocate for modern security solutions like Zero Trust, SSE, and SASE for improved network access security. https://www.cisa.gov/news-events/alerts/2024/06/18/cisa-and-partners-release-guidance-modern-approaches-network-access-security

🔒 RAD Data Communications SecFlow-2 vulnerability – RAD Data Communications' SecFlow-2 device is vulnerable to path traversal, allowing attackers to retrieve files from the operating system remotely. https://www.cisa.gov/news-events/ics-advisories/icsa-24-170-01

🔒 CISA Releases Three Industrial Control Systems Advisories security news – security issues affecting Yokogawa CENTUM, CAREL Boss-Mini, and Westermo L210-F2G. https://www.cisa.gov/news-events/alerts/2024/06/20/cisa-releases-three-industrial-control-systems-advisories

VENDOR: colormagic

• stickers files
  • 

VENDOR: makestickers

• stickers files
  • 
    • specify 3” x 1.7”

VENDOR: moo

• stickers files
  • 
  • 
  • 
  • 
  • 

---

First test post please ignore

Test blog entry please ignore

Starting a new blog to document my progress in modern tech

There's a term that a character uses in a book named something like “churn” but the classic interpretation is when customers just stop using a product. My skills, I've noticed in the last eight years, are generalist and I'm capable of doing lots of tasks. However, it seems having the skills is now just.. “expected.” I'm being churned!

I can code and document/write technically. I can do databases, firewalls, networking. I've built home labs (still do!) to keep up to date. I learned how to do things with the ELK stack when documentation on just getting started was minimal if not missing (for the current version that just released, that was). I'm learning how to do proper API and backend engineering now, and it's really neat.

I can do DFIR, imaging, examinations, manual carving. Scripting, reverse engineering, finances, woodworking/carpentry are in my bag of skills. Heck, if it's anything dealing with technology in the years I've been alive, I've used it, dabbled with it, implemented it and administrated it in some form or fashion. Heck, give me permission and I'll pick your locks you need open.

Lately, though, what's EDR? XDR? Why is suddenly everyone looking for SOC jobs? Why are there suddenly 300 certifications for things? Why is everything suddenly about blockchains? Didn't we figure out the scalability of this was a mess? Why is everything using ML and LLMs to generate.. everything?

What did I miss!? WHAT YEAR IS IT!?

Rust, though, is pretty cool. I like it. Along with a lot of other programming languages, but with Rust I can write code that I can be proud of when it works.

I'll write my musings here. Apparently having soft skills is a thing supersede actual skills. I feel like I need a Rosetta Stone for translating my old skills to what new jobs want and what titles they apply to. I guess I'll also need to specialize in something, but I like being able to do every part to some degree.

Randall Munroe, from XKCD, has a new video for the What if series, exploring how long would it take for artificial lights to go out if all humans suddenly disappeared.

#Video #WhatIf #ArtificialLight

I don't know what the fuck is going on, but my sleep quality, which was already bad, has decreased dramatically over the last weeks. I can sleep, but I have a very light sleep and wake up much more tired than I used to. Somedays, I feel so exhausted and dizzy that it takes me over an hour to get out of bed, and even then, I stumble on everything during the first hour or two after getting up. I can't even go down the stairs without grabbing the railing to avoid falling.

#Fibromyalgia #Sleep #ChronicPain

Reflexões sobre a memória, a oralidade, a escrita e a retórica.

Sócrates (segundo Platão) no diálogo Fedro, em determinado momento nos apresenta o seguinte mito, relativo à linguagem escrita:

Bem, ouvi dizer que na região de Náucratis, no Egito, houve um dos velhos deuses daquele país, um deus a que também é consagrada a ave chamada íbis. Quanto ao deus, porém, chamava-se Thoth. Foi ele que inventou os números e o cálculo, a geometria e a astronomia, o jogo de damas e os dados, e também a escrita. Naquele tempo governava todo o Egito, Tamuz, que residia ao sul do país, na grande cidade que os egípcios chamam Tebas do Egito, e a esse deus davam o nome de Amon. Thoth foi ter com ele e mostrou-lhe as suas artes, dizendo que elas deviam ser ensinadas aos egípcios. Mas o outro quis saber a utilidade de cada uma, e enquanto o inventor explicava, ele censurava ou elogiava, conforme essas artes lhe pareciam boas ou más. Dizem que Tamus fez a Thoth diversas exposições sobre cada arte, condenações ou louvores cuja menção seria por demais extensa. Quando chegaram à escrita, disse Thoth: “Esta arte, caro rei, tornará os egípcios mais sábios e lhes fortalecerá a memória; portanto, com a escrita inventei um grande auxiliar para a memória e a sabedoria.” Responde Tamuz: “Grande artista Thoth! Não é a mesma coisa inventar uma arte e julgar da utilidade ou prejuízo que advirá aos que a exercerem. Tu, como pai da escrita, esperas dela com o teu entusiasmo precisamente o contrário do que ela pode fazer. Tal coisa tornará os homens esquecidos, pois deixarão de cultivar a memória; confiando apenas nos livros escritos, só se lembrarão de um assunto exteriormente e por meio de sinais, e não em si mesmos. Logo, tu não inventastes um auxiliar para a memória, mas apenas para a recordação. Transmites para teus alunos uma aparência de sabedoria, e não a verdade, pois eles recebem muitas informações sem instrução e se consideram homens de grande saber, embora sejam ignorantes na maior parte dos assuntos. Em consequência, serão desagradáveis companheiros, tornar-se-ão sábios imaginários ao invés de verdadeiros sábios.

Outro dia desses me dispus a gravar um áudio vídeo e nas primeiras tentativas tentei ser espontâneo, tendo muita dificuldade para falar. Parei, escrevi o conteúdo do que iria falar, fiz algumas correções e alterações. Somente assim, seguindo esse roteiro, consegui, enfim, gravar o vídeo de maneira satisfatória.

Recorri a essa tecnologia, criticada por Sócrates no mito, que é o recurso da linguagem escrita. Quão imerso estou na necessidade de uso da linguagem escrita?! A ponto de reconhecer certa incapacidade de me expressar oralmente de forma espontânea?! E vocês? Sentem essa dificuldade?!

Pois bem, recentemente recordei um diálogo que tive com a minha irmã faz alguns anos. Ela, que, diferentemente de mim (ateu), é do candomblé, e historiadora, e certa vez me disse que a história de sua religião é passada oralmente, pois a tradição não confia na escrita.

Recordei-me, cabe mencionar, porque um amigo meu me compartilhou uma matéria sobre a necessidade de alargarmos o conceito de “música clássica”, pois além da música de câmara europeia, mostrava a riqueza de músicas tradicionais de outras culturas: na Índia, Japão e, finalmente, na África.

Em relação à África, fiquei fascinado com a beleza da sonoridade da kora (uma espécie de alaúde-harpa), conforme a imagem abaixo, tocada por bardos (chamados Jali) do Guiné , Guiné-Bissau , Mali e Senegal.

Os Jali são historiadores, genealogistas e contadores de histórias tradicionais que possuem uma incrível memória e inteligência, transmitindo suas músicas, histórias e arte aos seus descendentes.

As capacidades dessas pessoas são completamente destoantes das nossas, no que diz respeito a conseguirem armazenar memórias e acessarem sua mente diretamente (ao invés de ir consultar anotações em um caderno) ao serem consultadas sobre algum fato ou evento histórico, sendo certo que a música ainda as auxilia na rememoração, uma coisa simplesmente bela.

Fico pensando, então, o quanto nos limitamos e somos diferentes dos bardos e oradores do passado, ao adotarmos prioritariamente a linguagem escrita e que tipo de humanos estamos nos tornando...

Podemos até deter conhecimento científico moderno, podemos estar perto de alguma veracidade, mas como transmitimos o que sabemos, sem a prática de acessar imediatamente a memória e o intelecto que a oralidade nos propicia?!

Em um debate contra cínicos, fascistas, propagandistas de mentiras e embustes, teríamos capacidade de responder de imediato, com precisão cirúrgica, ao contrário do que vimos no debate do sr. Álvaro com Arthur do Val, no podcast “inteligência limitada”?!

Termino aqui com um agradecimento ao Guilherme Celestino (amigo do CPII e professor de filosofia) por trocar ideias comigo sobre textos filosóficos, tendo inclusive me lembrado recentemente deste mito presente no diálogo Fedro, e acrescento mais um trecho do mencionado diálogo, em que Sócrates imagina uma resposta que a habilidade/arte da retórica, tão criticada por ele, daria-lhe, caso ele continuasse a avaliar levianamente:

que estais a tagarelar, homens ridículos? Eu não obrigo ninguém que ignore a verdade a que aprenda a falar. Mas aquele que seguir o meu conselho tratará de adquirir primeiro os conhecimentos acerca da verdade para, depois, se dedicar a mim. Mas uma coisa posso afirmar com orgulho: sem as minhas lições, a posse da verdade de nada servirá para persuadir.

#Filosofia #Linguagem #Oralidade #Retórica #Platão

Failing to Analyze Hajime Mirai

The following is my attempt analyzing the Hajime Mirai variant, including wondering why ida wouldn’t disassemble, why upx wasn’t unpacking the malware sample, and what I learned over the process. The main reason why was I gave myself a one week crash course on malware analysis and looking into IOC and tried a live sample MJH and I pulled from a honeypot we have setup the past few weeks ago. I have learned many things despite my failings that is presented in this blog post.

Static analysis

The first thing when I downloaded the malware sample is to run strings and hexdump. It didn’t pull any significant information no tangible words other than the fact it was an elf file for linux. Digging though I than attempted to run through IDA on linux in an attempt to reverse it into assembly and then continued to struggle wondering why it wouldn’t open this led me into an adventure into packers.

Packers, UPX, unpacking, and a continued struggle session

I ran into the detect it easy packer for linux it a really good tool that reads the hex values and detects which packer is used if one is used. I figured the reason the malware wasn’t running was the fact that it was in a packer was encoding it preventing ida from doing it’s magic. That isn’t how it works, but I was on the right track about the packer being involved with malware. After using D.I.E (detect it easy) I was given this.

Figure 1 a snapshot of the packer upx as it’s packer.

So, simple enough I just have to run the sample though upx and we have our malware we can analyze, or at least that what I thought.

Figure 2 upx not detecting any packing.

So now I was confused for awhile now I was trying to play with LZMA part of it, but after awhile I figured I was just struggling to struggle and gave up.

Any run and trying to walk around the issue.

Now after some googling I know Hajime was based of Mirai, but there was a lot I didn’t know about Hajime, like how it was p2p iot botnet. It accessed and issued commands based on a Distributed Hash Table. So I figured I’d try to piggy back off other peoples work and dig into Hajime and other similar samples. Now there are Hajime samples on anyrun, but searching the hash leads to these results

Figure 3. everyone trying to run an elf binary on windows.

Eventually I found abuse.ch yara scanner and desided to throw it threw the yara scanner and it dumped out this.

Figure 4 yara results of abuse.ch yara scanner

so there is a detection against unpacking so I know I’m on the right track

I eventually gave up and removed the network card and tried to run the malware and see what would happened and “bash: ./020f1fa6072108c79ed6f553f4f8b08e157bf17f9c260a76353300230fed09f0.elf: cannot execute binary file: Exec format error”

The reason I was having such a hard time is that it’s arch was MIPS R3000 I am currently googling how to emulate MIPS R3000 on x86_64 now and trying to figure out my next step, but I wanted something to show for it.

Malware sample sha256: 020f1fa6072108c79ed6f553f4f8b08e157bf17f9c260a76353300230fed09f0 It can be downloaded via malware bizarre https://bazaar.abuse.ch/download/020f1fa6072108c79ed6f553f4f8b08e157bf17f9c260a76353300230fed09f0/