t3chlaw

@arekfurt One must also consider the VEP and whether there was any calculated delay.

I always wonder in major breaches where the org in question "learned" of the compromise whether this is a case where the breach was actually first discovered by good guys when hackers from NSA/CyberCom/foreign allied agencies penetrated adversary state hacking operations.

@arekfurt Agreed. Not all of these people stay at NSA but many of them get great experience and then move onto other agencies or go out into the private sector. It’s absolutely a training ground for the industry.

A very interesting point here: NSA relies on developmental programs to bring in and train talent. Programs that could be devastated by the indiscriminate firing of probationary employees that other agencies have gotten struck by.

@ImposeCost She competing in hyrox or running an ultra by any chance?

ICYMI, this bulletin on SVR cyber activities released yesterday by NSA/etc. contains a rather interesting list of vulnerabilities that have not necessarily been publicly confirmed to be under wide exploitation but that the agencies suggest you pay special attention to.🤔

Just saw this. mastercard.com/news/press/202…

@Maxwsmeets @OUPAcademic @HurstPublishers Exciting. I pre-ordered it 😎

I am excited to announce my new book “Ransom War: How Cyber Crime Became a Threat to National Security” published by @OUPAcademic & @HurstPublishers, out in February 2025.

@michaeldweiss About right

SIGINT / HUMINT

"Cyber criminals are sending text messages to iPhone users in the U.S. that appear to be from Apple, but are in fact an attempt at stealing victims' personal credentials." cbsnews.com/news/cyberatta…

BIG RULING: Geofencing of Google Location History records was not a search, 4th Circuit rules, as it was only two hours duration and 3rd party doctrine applies. Court adopts the mosaic theory, but there was not enough surveillance to create a mosaic. ca4.uscourts.gov/opinions/22448… #N

@JohnFetterman @john_sipher Is this a remix of an E-40 song? #choices #yup

1) Ever bang a porn star? 2) Ever bribe one? 3) Been impeached? 4) Consumed by revenge? 5) Vow to pardon Jan. 6th insurrectionists? 6) Pay a $25M fine for some shitty college? 7) Promise to be a dictator? 8) Ever destroy Roe? 9) Ever beat Trump?

@alexrblackwell Wasn’t Harry Coker in charge of The Open Source Center?

Commentary: How the Intelligence Community Has Held Back Open-Source Intelligence, and How it Needs to Change cia.gov/resources/csi/…

“There is also a limit to the effectiveness of OSINT within the U.S. Intelligence Community (IC), not because it is technically limited, but limited by the desire of the IC to see OSINT as a full-fledged discipline.” cc @Mpolymer. moderndiplomacy.eu/2022/01/10/an-…

This is really cool! And really necessary! Congratulations @ProtonPrivacy 💐💐💐 proton.me/blog/docs-prot…

A viral story that alleges Ukraine's Olena Zelenska recently bought a rare Bugatti car in Paris is the work of an AI-powered disinformation operation, run by an ex-Florida cop now based in Moscow, that pumps out fake news websites aimed at Americans. bbc.co.uk/news/articles/…

@LeahLitman We will see that on T-shirts and bumper stickers pretty soon.

NEW: Compelled biometrics does not trigger the 5th Amendment privilege against self-incrimination, 9th Circuit rules in Payne, at least where the government picks the finger to use. (This is clearly correct.) cdn.ca9.uscourts.gov/datastore/opin… #N

In light of the recent government efforts to restrict data being sold to adversary nations, I’d like to bring this thread back. This particular scenario involves what I would consider typical B2B activity that will likely fly under the radar. threadreaderapp.com/thread/1363622…

@threadreaderapp unroll

I’m having my cybersecurity students read the @FTC action against BLU Products from 2018. In reading it again for this upcoming class, I’m wondering if this would have gotten a different kind of attention if it happened recently. For those that are not aware…

@jfslowik Hustlin’ by Rick Ross

OK #CTI nerds, you're presenting at a conference and you get to pick walk-up music (max 45 seconds) - what are you picking? Me? I'm going with the opening of Judas Priest's Nightcrawler (which I think I did for SANS CTI Summit in 2019?)

@arekfurt I’m curious what you think about the attribution component. It isn’t clear how they came to this conclusion. Do you think they should be more forthcoming with these details in light of the fact that they pointed the finger at a specific entity in a foreign country?

HP's notification/filing provides a wonderful illustration. It details HP learning two of two events that have been attributed to the SVR. The first was not disclosed. The second was. sec.gov/ix?doc=/Archiv…

Reading, for example, the MS and HP for filings one can start to see a whole new category of intrusion disclosures taking shape: Significant compromises firms were previously able to avoid disclosing because they could take forever to find ways to classify them as non-important.

@linakhanFTC @FTC I love it!

We're launching an Honors Attorney Program for new and recent law graduates to join the @FTC! Honors attorneys will work on both antitrust and consumer protection matters. To join the program starting in August 2024, apply by 9/26/23: bit.ly/48gTsEp