Tootfinder

One year, I had a chat with the fine people @… during the @… conference, and they were wondering why we didn't create an open source website for all the different rules (YARA, Suricata, and many others) — a place to allow comments…

It's Saturday morning, and that means it's time for Metacurity's round-up of the best infosec-related long reads of the week, available to our free and paid subscribers.
This week's selection covers
--Myanmar's junta benefits from cyberscams,
--Cyberscams could be behind the Thai-Cambodia conflict,
--Africans are tricked into cyberscam compounds,
--How China's propaganda and surveillance work,
--Vibe coding is risky,
--Ross Ul…

Best infosec-related long reads for the week of 9/6/25
Myanmar's junta benefits from cyberscams, Cyberscams could be behind the Thai-Cambodia conflict, Africans are tricked into cyberscam compounds, How China's propaganda and surveillance work, Vibe coding is risky, Ross Ulbricht is very lucky, Don't steal the phone of a hacker's girlfriend

One of these is not like the others. #HomeAssistant #HorseAssistant

No notes
#ShamelesslyStolenFromSomewhereElseOnTheInternetHonestlyICantKeepTrackOfThisStuffAnymore

New Post: Proactive Defense: Iranian Cyber Threats and How to Push Back https://www.tarah.org/2025/08/13/proactive-defense-iranian-cyber-threats-and-how-to-push-back

RE: https://infosec.exchange/@spoofy/115369235510376896
I’m surprised Microsoft didn’t do this earlier — or even remove IE mode entirely for non-enterprise versions of Edge.

I used to link to sections of webpages using anchor links, or have jump links pointing to id tags.
I went back to a page where I've done this in the past, and the page has been entirely rewritten with non-semantic HTML. Class descriptors have random suffixes for CSS rather than providing semantic IDs that can be used as jump links as well as, uhhh, semantic organization of a web page.
There's a lot of bad things from the 1980s and 1990s that I am glad to leave behind, but…

Wait, when did #eBay start collecting a THIRTEEN percent fee for selling electronics?

Before you head out for the weekend, check out today's Metacurity for the most critical infosec developments you should know, including
--Chinese state hackers used Anthropic to automate cyber intrusions,
--UK MoD knew of Excel's security risks before Afghan data leak,
--NHS investigates Clop's attack claims,
--ASUS patches DSL router critical flaws,
--DoorDash reveals October security incident,
--US feds warn of Akira's expanded encryption …

Chinese state hackers used Anthropic to automate cyber intrusions
UK MoD knew of Excel's security risks before Afghan data leak, NHS investigates Clop's attack claims, ASUS patches DSL router critical flaws, DoorDash reveals October security incident, US feds warn of Akira's expanded encryption capabilities, Kraken is testing how fast it can encrypt, much more

#ShamelesslyStolenFromSomewhereElseOnTheInternetHonestlyICantKeepTrackOfThisStuffAnymore

Life is short, so check out today's Metacurity for a concise rundown of the most critical infosec developments you should know, including
--California sets global standards with new landmark AI and data privacy laws,
--UK highly significant cyberattacks jumped by 50% over the past year,
--Australian cyber incidents rose 11% over the past year,
--Ofcom fined 4chan under new online safety regime,
--Researchers eavesdropped on sensitive satellite comms,
--…

California sets global standards with new landmark AI and data privacy laws
UK highly significant cyberattacks jumped by 50% over the past year, Australian cyber incidents rose 11% over the past year, Ofcom fined 4chan under new online safety regime, Researchers eavesdropped on sensitive satellite comms, Stingrays were used near Portland protest, much more

"murder is not one of the seven deadly sins"
"what!? how. that seems wrong."
"remember? gluttony, lust, greed, wrath...?"
"seems like murder is worse but okay"

« Eavesdropping on Internal Networks via Unencrypted Satellites »
Very good paper and research.
VSAT vendors used to love their walled gardens: pseudo-standard DVB-S2 implementations, broken encryption everywhere, and zero cooperation on security, all to protect their proprietary turf.
The high cost of VSAT-style infrastructure and GEO satellite capacity was another major reason vendors avoided investing in security and interoperability.
Will this change? I…

When your work 3-year laptop refresh is this week, but your 3 year-old M1 MBP is still a beautiful beast, you know you have found a great laptop
#Apple

Just switched from an old and clunky CC2531 to a Sonoff Zigbee Stick for my #Zigbee2mqtt #HomeAssistant setup, because I required more recent Zigbee features that weren't available on the old stick (pairing codes).
Had to re-pair all my Zigbee devices, but was surprisingly pai…

This is really useful for incident investigations. I’m excited to try it out.
#cybersecurity #threatintel
From: @…

Check out today's Metacurity for the most crucial infosec developments you should know, including
--Russian hackers suspected of sabotaging a dam in Norway,
--Canadian House of Commons is probing a 'significant' data breach,
--North Korean hackers unmasked by leak to ZachXBT,
--Court rules that FCC data breach rules are legal,
--US AG sues Zelle for allegedly enabling scammer fraud,
--UK gov't spent $3.2m to keep Afghan breach secret
--…

Russian hackers suspected of sabotaging dam in Western Norway
Canadian House of Commons is probing a 'significant' data breach, North Korean hackers unmasked by leak to ZachXBT, Court rules that FCC data breach rules are legal, US AG sues Zelle for allegedly enabling scammer fraud, UK gov't spent $3.2m to keep Afghan breach secret, much more

Wow, a lot happened in the cybersecurity world over the weekend, so check out today's Metacurity for the most critical infosec developments you might have missed, including
--The White House fired 176 CISA employees on Friday, with more layoffs feared,
--Scattered Lapsus$ Hunters leaked 5m Qantas, 23m Vietnam Air customers' records,
--Spanish cops dismantle GXC Team,
--Dutch gov't warns of China's Nexperia security risks,
--Breach of crypto betting…

The White House fired 176 CISA employees on Friday, with more layoffs feared
Scattered Lapsus$ Hunters leaked 5m Qantas, 23m Vietnam Air customers' records, Spanish cops dismantle GXC Team, Dutch gov't warns of China's Nexperia security risks, Breach of crypto betting platform Shuffle exposes user data, FCC chair says sites have removed barred Chinese electronics, much more

Only one day left in a very news-heavy work week, so don't miss today's Metacurity for the crucial cybersecurity news you should know, including
--Operation Endgame dismantled Rhadamanthys, VenomRAT, and Elysium,
--DC US Attorney launches investigation into crypto scams,
--APT exploited Citrix Bleed2 flaws in Cisco ISE,
--CISA orders patching of Cisco ASA and Firepower devices,
--Extremist group 764 member faces charges related to online child exploitatio…

Operation Endgame dismantled Rhadamanthys, VenomRAT, and Elysium
DC US Attorney launches investigation into crypto scams, APT exploited Citrix Bleed2 flaws in Cisco ISE, CISA orders patching of Cisco ASA and Firepower devices, Extremist group 764 member faces charges related to online child exploitation, Musk fumbles X security key switchover, much more

Cybersecurity firm Deepwatch lays off dozens, citing move to “accelerate” AI investment
https://techcrunch.com/2025/11/12/cybersecurity-firm-deepwatch-lays-off-dozens-citing-move-to-accelerate-ai-investment/

Cybersecurity firm Deepwatch lays off dozens, citing move to "accelerate" AI investment | TechCrunch
Deepwatch’s CEO told TechCrunch that the layoffs allow the company to accelerate investments in “AI and automation.”

Army Lt. Gen. Joshua Rudd, an Army officer with Indo-Pacific experience but no digital warfare experience, emerges as potential Cyber Command, NSA pick
https://therecord.media/cyber-command-nsa-potential-pick-lt-gen-joshua-rudd

Army officer with Indo-Pacific experience emerges as potential Cyber Command, NSA pick
Lt. Gen. Joshua Rudd, the No. 2 at U.S. Indo-Pacific Command, has emerged as a potential pick to lead U.S. Cyber Command and the National Security Agency, multiple people familiar with the search told Recorded Future News.

I can only think of one instance, maybe two instances, where a US CEO lost their job over a data breach.
Lotte Card CEO Cho Jwa-jin Resigns Early Over Data Breach
https://www.chosun.com/english/market-money-en/2025/11/13/NAY73YT4TZFVRKBCGXUXQP2MPU/

Lotte Card CEO Cho Jwa-jin Resigns Early Over Data Breach
Lotte Card CEO Cho Jwa-jin Resigns Early Over Data Breach

China is upset that Australia accused it of spying.
Beijing launches unusually personal attacks at ‘irresponsible’ ASIO boss Mike Burgess over new China speech

Beijing launches unusually personal attacks at ‘irresponsible’ ASIO boss Mike Burgess over new China speech
Beijing has accused Australia’s domestic spy boss of ‘spreading disinformation’ and ‘sowing division and confrontation’ after he again warned against Chinese hackers.

It was Operation Endgame that took down Rhadamanthys.
End of the game for cybercrime infrastructure: 1025 servers taken down
https://www.europol.europa.eu/media-press/newsroom/news/end-of-game-for-cybercrime-infra…

End of the game for cybercrime infrastructure: 1025 servers taken down – Operation Endgame’s latest phase targeted the infostealer Rhadamanthys, Remote Access Trojan VenomRAT, and the botnet Elysium | Europol
Between 10 and 14 November 2025, the latest phase of Operation Endgame was coordinated from Europol’s headquarters in The Hague. The actions targeted one of the biggest infostealers (Rhadamanthys), the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime. Authorities took down these three large cybercrime enablers. The main suspect for VenomRAT was also arrested in Greece on 3 November 2025.

https://www.washingtonpost.com/dc-md-va/2025/11/12/cryptocurrency-task-force-dc-pirro/
Pirro targets cryptocurrency scams with new federal task force

Pirro targets cryptocurrency scams with new federal task force
The scams are intricate, with fake websites and smartphone apps made to look like real investment platforms, and they often run for weeks or months.

In case you missed it, my piece yesterday on the 176 CISA employees fired last Friday, which will not go behind the customary archive paywall.
It's critical to note that sources told me more RIFs are in store for the nation's embattled cybersecurity agency.
https://www.

The White House fired 176 CISA employees on Friday, with more layoffs feared
Scattered Lapsus$ Hunters leaked 5m Qantas, 23m Vietnam Air customers' records, Spanish cops dismantle GXC Team, Dutch gov't warns of China's Nexperia security risks, Breach of crypto betting platform Shuffle exposes user data, FCC chair says sites have removed barred Chinese electronics, much more

https://www.thecrimson.com/article/2025/10/14/harvard-security-breach-russian-cybercrime-group/
Harvard Investigating Security Breach After Cybercrime Group Threatens To Release Stolen Data

Harvard Investigating Security Breach After Cybercrime Group Threatens To Release Stolen Data | News | The Harvard Crimson
Harvard is investigating a data breach after a Russian-speaking cybercrime organization claimed it was preparing to release information stolen through a vulnerability in a software suite used by the University.

The Stakeholder Engagement Division, the Infrastructure Security Division, and likely the Integrated Operations Division are believed to have been impacted.
Multiple CISA divisions targeted in shutdown layoffs, people familiar say
https://www.

Multiple CISA divisions targeted in shutdown layoffs, people familiar say
CISA units including its Stakeholder Engagement division are believed to have been hit. A DHS spokesperson said that the RIFs are meant to help get CISA “back on mission.”

Apple and Home Office agree to drop legal claim over encryption backdoor
https://www.computerweekly.com/news/366632561/Apple-and-Home-Office-agree-to-drop-legal-claim-over-encryption-backdoor

Apple and Home Office agree to drop legal claim over encryption backdoor
Investigatory Powers Tribunal rules that Apple’s appeal against the Home Office will no longer proceed because of a ‘change in circumstances’

Jeep software update bricks vehicles, leaves owners stranded
https://www.thestack.technology/jeep-software-update-bricks-vehicles-leaves-owners-stranded/

Jeep software update bricks vehicles
“Please exercise extreme caution”

Dutch army to deploy hackers to front lines to gain battlefield advantage
https://nltimes.nl/2025/09/13/dutch-army-deploy-hackers-front-lines-gain-battlefield-advantage

Dutch army to deploy hackers to front lines to gain battlefield advantage
The Royal Netherlands Army is deploying hackers to the front lines as part of the newly formed 101 CEMA Battalion, officials said Thursday. According to De Telegraaf, the unit, officially established in Stroe, merges companies specialized in electronic warfare and cyber operations.

https://www.cnbc.com/2025/08/13/trump-russia-hack-putin-pacer-courts.html
Trump shrugs off suspected Russian hack of U.S. federal courts: 'Are you surprised?'

Trump shrugs off suspected Russian hack of U.S. federal courts: 'Are you surprised?'
President Donald Trump said that he "could" bring up the hack during his upcoming meeting with Russian President Vladimir Putin in Alaska.

https://www.nytimes.com/2025/08/13/world/europe/uk-data-breach-afghan.html
U.K. Secretly Spent $3.2 Million to Stop Journalists From Reporting on Data Breach

U.K. Secretly Spent $3.2 Million to Stop Journalists From Reporting on Data Breach
After British authorities accidentally exposed information about 19,000 Afghans, the government sought a legal order preventing disclosure of the breach.

https://www.cbc.ca/news/politics/house-of-commons-data-breach-1.7608061
House of Commons hit by cyberattack from 'threat actor': internal email

House of Commons hit by cyberattack from 'threat actor': internal email | CBC News
The House of Commons and Canada’s cybersecurity agency are investigating a significant data breach caused by an unknown “threat actor” targeting employee information.

RE: https://infosec.exchange/@metacurity/115542145307181866
As usual, a cute video filled with lots of hidden messages https…

CISA, FBI and Partners Unveil Critical Guidance to Protect Against Akira Ransomware Threat
https://www.cisa.gov/news-events/news/cisa-fbi-and-partners-unveil-critical-guidance-protect-against-akira-ransomware-threat<…

"The effort focused on dozens of targets and involved a level of automation that Anthropic’s cybersecurity investigators had not previously seen"
Chinese Hackers Used Anthropic’s AI to Automate Cyberattacks
https://www.wsj.com/tech/ai/china-hackers-

I love that the Australian Signals Directorate produced an informative video that spells out the findings of its cyber threat report released today.
https://vimeo.com/1126705145/bdc41025a2?fl=pl&fe=vl

https://www.theguardian.com/technology/2025/oct/14/cyber-attacks-rise-in-past-year-uk-security-agency-says
Cyber-attacks rise by 50% in past year, UK security agency says

https://www.theguardian.com/politics/2025/oct/13/muddle-over-semantics-or-pressure-from-china-collapsed-spying-case-remains-baffling
Muddle over semantics or pressure from China? Collapsed spying…

'A New Category of Evidence.' Feds Cite ChatGPT Logs of Palisades Fire Suspect
https://www.pcmag.com/news/a-new-category-of-evidence-feds-cite-chatgpt-logs-of-palisades-fire-suspect

This is probably a ridiculous question, but do any people follow me here who know anything about nuclear weapons cybersecurity?
If so, please contact me at Cynthia.507 via Signal.

Someone counter-hacked a North Korean IT worker: Here’s what they found
https://cointelegraph.com/news/someone-counter-hacked-a-north-korean-it-worker-here-s-what-they-found

https://www.theguardian.com/world/2025/aug/14/russian-hackers-control-norwegian-dam-norway
Russian hackers seized control of Norwegian dam, spy chief says

NSA Joins CISA and Others to Share OT Asset Inventory Guidance
https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/4273440/nsa-joins-cisa-and-others-to-s…

Poland foiled cyberattack on big city's water supply, deputy PM says
https://www.reuters.com/en/poland-foiled-cyberattack-big-citys-water-supply-deputy-pm-says-2025-08-14/?utm_source=chatgpt.com