Notices by Metacurity (metacurity@infosec.exchange)

"Norway is sounding the alarm after discovering that Russia is no longer only disrupting the Global Navigation Satellite Systems (GNSS) across the border, but also spoofing GPS signals, an attack that can cause significant disruption to commercial aviation."

"We were spoofed on approaching Kirkenes today”
https://www.thebarentsobserver.com/news/we-were-spoofed-on-approaching-kirkenes-today/423323

Violent Hackers Are Using U-Haul To Dox Targets
https://www.404media.co/violent-hackers-are-using-u-haul-to-dox-targets/

Even though the HOPE (Hackers on Planet Earth) conference is usually slated for every other year, given the success of the 2024 conference, HOPE will take place again next year.

I just got an email saying HOPE_16 will occur August 15-17, 2025, at St. John's University in Queens, New York City.

I'm definitely going this time.

This is kind of upsetting. Wikipedia has $400 million in cash reserves and the foundation which runs Wikipedia has 550 employees with top managers making high salaries but doesn't pay it maintainers a penny.

I'm so disillusioned.

The next time Wikipedia asks for a donation, ignore it
https://unherd.com/newsroom/the-next-time-wikipedia-asks-for-a-donation-ignore-it/

@philbetts I'd love to hear from @molly0xfff on this.

https://www.golocalprov.com/news/ri-massive-hack-hundreds-of-thousands-ss-banking-information-names-dob

Right before Christmas, RI is forced to close its SNAP food and Medicaid systems due to what sounds like a ransomware attack.

“At an unprecedented Friday night press conference held by Governor Dan McKee, he claimed that the State of Rhode Island was first notified on December 5 of a potential major massive cyberattack.

McKee disclosed late on Friday that the state’s system to support everything from SNAP benefits to Medicaid to HealthsourceRI are all now closed.”

https://www.timesofisrael.com/liveblog_entry/syrian-sources-say-assad-may-have-been-killed-in-plane-crash-during-escape/
Reuters hasn’t confirmed it but reports are that Assad was killed in a plane crash.

Not a good month for telecoms!

Scattered Spider Teen Hacked Telecoms to Spam Victims, US Says
https://www.bloomberg.com/news/articles/2024-12-04/scattered-spider-teen-hacked-telecoms-to-spam-victims-us-says

Don't miss today's Metacurity for the most important infosec developments you should know, including

--UK cybersecurity chief warns of rise in hostile cyber activity
--Russia sentences Hydra Market leader to life in prison,
--Former Polish security chief forced into Pegasus spyware hearing,
--CFPB publishes proposed data brokers rule,
--SEC settles ICBC ransomware records case,
--FDD argues for Chinese-made lidar sensor ban,
--Hack forces DMM Bitcoin shutdown,
--much more
https://www.metacurity.com/uk-cybersecurity-chief-warns-of-rise-in-hostile-cyber-activity/

@mbmy @GossiTheDog I can see how the writer interpreted the small MSP space "really doesn't matter" as "won't be missed."

But I will delete my toot that quoted the article directly to not create any confusion.

@patrickcmiller I don't believe I've ever seen an errata from NIST before.

@patrickcmiller @msbrumfield Thanks Patrick!

I think Grammarly has jumped the AI shark.

CrowdStrike has yet to face a lawsuit over July's global IT meltdown
https://www.theregister.com/2024/09/09/crowdstrike_legal_threats/

Nice to see a woman CEO handing control over a cybersecurity company to another woman.

"Darktrace Plc’s Chief Executive Officer Poppy Gustafsson will leave the British cybersecurity company, handing over to current operating chief Jill Popelka to steer the business as it’s absorbed into private equity firm Thoma Bravo."
https://www.bloomberg.com/news/articles/2024-09-06/darktrace-ceo-gustafsson-steps-down-amid-thoma-bravo-takeover?mid=1

https://www.washingtonpost.com/national-security/2024/09/04/justice-department-election-security/
“The indictment offers a glimpse into how much money significant conservative personalities can make. One unnamed Tenet contributor with 2.4 million YouTube followers on their own channel received $400,000 a month, plus a $100,000 signing bonus and performance incentives, just for making four videos a week for Tenet, according to the indictment.”

This is a must-read post from @mmasnick on Pavel Durov's arrest. The internet is all over the place about why he was arrested, with everyone concocting reasons, but solid details are still missing.

Arrest Of Telegram’s Pavel Durov Raises Questions, But The Answers May Not Be Known For A While
https://www.techdirt.com/2024/08/26/arrest-of-telegrams-pavel-durov-raises-questions-but-the-answers-may-not-be-known-for-a-while/

Trezor Addresses Security Breach Affecting Thousandshttps://cointelegraph.com/news/trezor-discloses-66k-users-affected-phishing-attack

"Google News is boosting sites that rip-off other outlets by using AI to rapidly churn out content, 404 Media has found. Google told 404 Media that although it tries to address spam on Google News, the company ultimately does not focus on whether a news article was written by an AI or a human, opening the way for more AI-generated content making its way onto Google News."

Garbage AI on Google News
https://www.404media.co/email/5dfba771-7226-48d5-8682-5185746868c4/?ref=daily-stories-newsletter

All the garbage I found on Substack in 1 hour

(I plan for Metacurity to be off Substack within a week.)

https://badnewsletter.substack.com/p/all-the-garbage-i-found-on-substack