Evergreen meme, evergreen sadness

This is probably being too generous on the MacOS and mobile front but seems a reasonable approximation for org #forensic capability in #infosec

Have come across this article before and have always wondered what the real story was - anyone who actually worked it remember?

thanks Joe :) still wonder about this sometimes

The iSOON leaks will make a great case study in the continuum of attribution (e.g. Joe Słowik 🌻 paper: domaintools.com/wp-content/upl…). Specifically how multiple seemingly distinct behavioural clusters can ultimately map to same entity/organisations and how to best deconflict this.

An interesting exercise: Look at this list of 40 commonly exploited vulnerabilities the Five Eyes agencies saw in 2022 and estimate how many could not have occurred if memory safe languages were used in all the products. My very rough count: Five or fewer. cisa.gov/news-events/cy…

I’m going to become the joker

Alright, here is what critical infrastructure organizations actually need to hear & understand about this Volt Typhoon stuff: 1. You should assume there is at least a moderate degree of likelihood that the PRC will launch a military operation against Taiwan in the next 6 years.

I told you that ASA was a security risk.

An excellent thread on today's PLA announcement

Brian in Pittsburgh This advisory from CMU CERT might make you chuckle ! kb.cert.org/vuls/id/261869/

As always, excellent work from the gang at Lumen This time on Cuttlefish, a modular malware family popping SOHO routers for hijacking and packet sniffing blog.lumen.com/eight-arms-to-…

this week on love island cybercrime! 🔥 🫦 a hot new access broker enters the villa, 😱 stealer logs are leaked on telegram, 💔 and a ransom affiliate is found CHEATING with another group!

How network protocols work:

We came for the research, forever changed by the camaraderie 🥰 #LABScon24 LABScon

Taiwan MOD estimates of select PLA network systems department MUCDs size published 2017.

who got samples 🎁

State of Statecraft (SOS) is a new security and intelligence conference purposed to bring together observers of espionage, sabotage, influence, and other unique forms of covert statecraft to share their work with a community hyper-focused on tackling state-sponsored ops.

In all honesty, I'm sure there are organizations who have today adopted "Zero Trust Network Access" and diverse cloud services who were actually more practically secure back when they had all remote users authenticating via certificates to a tunneling VPN and on-prem servers.