🎓️ Vulnerable U | #020
Finding Your Moat, China and Russia Based Threat Actors, Zero Day in Office365, and Clarence Thomas on Venmo
Read Time: 6 minutes
I left you off last week before going to see Blink-182 on their reunion tour here in ATX. It was awesome. The woman in front of me screamed at me: “I’m 39!” as she was jumping into the aisle head banging. That summed up the vibe for the night well.
It was 109 degrees here this week, so we’ve either been indoors or underwater. Barton Springs seemed like a good choice.
Sneak Peak at the Blog of the Week:
In this episode:
Finding Your Moat
Mitigation for China-Based Threat Actor Activity
Microsoft Warns of Office Zero-Day Attacks, No Patch Available
Here’s a reminder to make your Venmo transactions private, courtesy of Clarence Thomas
FTC investigates OpenAI over data leak and ChatGPT’s inaccuracy
A run through of an AT&T scam - not by a scam artist, but by a legit AT&T employee
The Threat Actor Profile Guide for CTI Analysts
UK Government’s Intelligence Report on China’s Influence
APT Exploit Targeting Rockwell Automation Flaws Threatens Critical Infrastructure
🖊️ Something I wrote: A thread on things I wish I knew earlier in my career.
🎧️ Something I heard: 404 Security Not Found podcast - episode on the DBIR and startups/angel investing
📽️ Something I watched: Finetuning LLM models for your specific use cases
🔖 Something I read: 5 Things You Shouldn’t Do During A Depressive Episode (Because they make your depression worse)
Been hard to avoid folks talking about this one so I made sure it was the lead story this week. Microsoft released an incredibly detailed report about China-based threat actor group Storm-0558. Seems emergency patches going out ASAP by both Apple and Microsoft are related to this groups current campaigns. I’m betting we’ll hear more about this. Krebs has a great summary outside of Microsoft’s. [Read More]
Been a wile week for Microsoft out of band reports. This one is about Russian threat actor group, Storm-0978, who are being tracked using phishing campaigns loaded with Microsoft Office 0days with no patch available. This group is also known as RomCom and Microsoft has a lot of info on their Tools & TTPs in this report that will be useful for anyone who’s threat model includes groups like this. [Read More]
It’s embarrassing enough to see my friends Venmoing each other for things publicly, but you’d think if you work for the Supreme Court you’d have a bit better OPSEC. Some lawyers who are appearing before the Supreme Court sent money to Clarence Thomas’ aide via Venmo. [Read More]
A site that tracks illicit public Venmo transactions called Vicemo
Someone leaked the FTC subpoena into OpenAI. Seems to be broadly related to data leakage and ChatGPT inaccuracies which may harm consumers. Can’t help but think something else is motivating this investigation, otherwise all data breaches would be looked into like this. [Read More]
This scammer picked the wrong target, Michael Coates, former CISO of Twitter & Mozilla. I was reading this thinking it was a phishing scam but it turned out to be a sales rep at AT&T trying to make a sales quota by committing fraud. I smell a class action lawsuit here since I’m guessing it’s not an isolated incident. [Read More]
I’ve got a lot of respect for folks who run in Threat Intel circles. If you work in DFIR, a major superpower is having an organized intelligence strategy. If you like this kind of stuff, read my friend Scott Robert’s book. Here is another tool in that arsenal for keeping organized profiles on your threat actors. [Read More]
I think this says it all: "There is effectively a global values struggle going on in which China is determined to assert itself as a world power … China is increasingly thinking of a future in which it could be the world power and that means that – if you think of UK interests as being in favour of good governance and transparency and good economic management, which … serve our national interest because it helps with trade, investment, prosperity and stability and so forth – then I think that China represents a risk on a pretty wide scale. – Chair of the Joint Intelligence Committee (JIC)" [Read More]
These are the kind of devices you don’t know about unless you REALLY know about. Rockwell ControlLogix EtherNet/IP communication modules seem to be under fire by an unnamed APT threat actor group. “Dragos has also analyzed the vulnerabilities and the exploit, warning that it could — depending on the targeted ControlLogix device’s configuration — allow attackers to cause “denial or loss of control, denial or loss of view, theft of operational data, or manipulation of control for disruptive or destructive consequences on the industrial process.” [Read More]
Love this from Rainn Wilson. Reminder that no matter your success level, happiness is in the journey not the destination.
RAINN WILSON MISERABLE ON THE SET OF THE OFFICE - so reads dozens of CLICKBAIT headlines over last 2 days—on @billmaher ’s pod i talked abt mental health & the struggle 4 happiness & balance. Discussed being at height of success on The Office & how I STILL was unhappy I wasn’t a… twitter.com/i/web/status/1…
— RainnWilson (@rainnwilson)
Jul 12, 2023
I read this quote last night and felt called to text it to some friends and family that I don’t always tell how grateful I am for them. Grateful for all of you here supporting me as well.
The nominee for the next NSA director was asked today if he would commit to not weakening encryption. Seems like a pretty important response.
— Matthew Green (@matthew_d_green)
Jul 12, 2023
📦 KBOM - #Kubernetes Bill of Materials
An initial specification in JSON that has been designed for extensibility across various cloud service providers (CSPs) as well as DIY Kubernetes setups
— Clint Gibler (@clintgibler)
Jul 5, 2023
Cancer. All. Gone. 👏
On telemedicine visit with doctor
Me: Ok, no one has explained this to me, do I still have cancer in my body or not?
Oncologist: No. Cancer all gone.
CANCER ALL GONE
— Sherrod DeGrippo 📬 (@sherrod_im)
Jul 10, 2023
Help us grow! If you know someone who might be interested in joining the Vulnerable U community, please share this newsletter with them!
Community was foundational in launching and propelling my career. Community is the only reason I can stand being in Texas during the summer months. Community is the point. Today, I invite you to embrace discomfort on the road to a more vulnerable you.
Stay safe, Matt Johansen