Notices by Dr. Christopher Kunz (christopherkunz@chaos.social)

@ulrichkelber Dieselben Ärzte, die lieber wieder Papierrezepte ausstellen, als ihre Konnektoren auf ECC-Schlüssel umzustellen? *seufz*

Ich habe bei weiten Teilen der medizinischen Profession das Gefühl, dass "es geht doch auch so" das vorherrschende Sentiment bzgl. Digitalisierung und Patientenorientierung ist.

@vncresolver It's amazing to me how many of these screen shots are of an open root shell where multiple skids unsuccessfully tried to install a rootkit.

@GossiTheDog @dangoodin always writes stellar articles. I absolutely adored his explainer about the "Chinese have quantum broken RSA" hype a few months ago: https://cku.gt/quantumhype

@whitequark I'm not really sure what those numbers mean, is there any context to the diagram? They can't mean "currently valid certificates" or "certificates issued" as those figures are orders of magnitude higher. They can be seen by looking at the raw certificate population as reported by Certificate Transparency: https://crt.sh/cert-populations

@GossiTheDog The timeline checks out: The exploit was posted on TG on October 3, early afternoon. It was also first uploaded to VT on October 3. After Oracle woke up to the news on October 4, they quickly assessed the damage and pivoted their narrative to "discovered during our investigation". aka "downloaded from telegram".

This fits a repetitive pattern of what I would diplomatically call "unethical disclosure practice". If you update your publications, AT LEAST mark the edits.

2/2

@GossiTheDog I cannot stress enough how deceptive this tactic is.

First, Oracle gaslight their own customers into "if something happens, it's because you haven't patched". Then, after downloading a zero-day off Telegram finding out that they have been pwned by Scattered Lapsus$ Hunters, they quitely edit out the previous content.

And this is not some anonymous marketing writer, but the Chief Security Officer for one of the biggest corporations on the globe.

1/2

TIL: The Cl0p ransomware group has been named "Graceful Spider" by CrowdStrike. What the actual f is that? There's nothing graceful about extortion. Nothing.

This is purely a marketing device for companies, and ultimately a transparent sales tactic.

If you want to see if companies take actual security seriously, look at small things like this. There is zero necessity for these individual TA names, on the contrary: They increase confusion by conflating clearly distinct profiles.

The "ls -laR" of the Red Hat data breach by Scattered Lapsus$ Hunters -- err Crimson Collective -- is, put into a text file, 2 GB (EDIT: The tree.txt is an additional 200M). That's a heck of a breach.

% wc -l REDHAT_GIT_LS.txt
37665671 REDHAT_GIT_LS.txt

@GossiTheDog They replaced the whole blog post and somehow purged copies from WBM. However, they forgot to change the SEO URL which still hints at their original narrative: "Apply July 2025 CPU".

Cl0p had it, SLSH has it, and if the indicators on the exp aren't faked, they have had it since May or so. And now, everyone has it, I expect it to make CISA KEV by tomorrow.

This is Jamal Kashoggi. Seven years ago today and one day before his planned wedding, he entered the consulate of Saudi-Arabia in Istanbul and never came back. The people who ordered his assassination have never faced justice.

@GossiTheDog Yeah, good point. findmystreet.co.uk is still down too, hdsc.org.uk seems down, Harwich Town Council is the wrong site (org vs. co).

@GossiTheDog The attacks ran a couple minutes ago, the check-host.net on Noname's TG are from around 7:00 am UTC. Most of the attacks are likely over already.

@GossiTheDog And then there's this, too. Shareholders don't give a damn if your products take down whole airports.

@GossiTheDog @LukaszOlejnik Ta to Tata, I guess.

@GossiTheDog This media isn't bored but there's just not enough for updated reports. Last I heard was that ENISA claimed ransomware, ShinyHunters got strangely quiet on the record when questioned by @PogoWasRight so maybe there's something interesting there. For me there's just not enough substance right now to report anything.

AI companies: We're so close to AGI. Just one more trillion dollars in funding. So close...
AI products:

@GossiTheDog They can just keep leadership by derailing everyone else. CVE tariffs, maybe? ;-)

Jokes aside, that "CVE vision" PDF makes some quite sound points, and I like the overall tone of commitment - including a commitment to transparency, with CISA leading by example (their words, not mine). In this day and age, that sounds almost sane.

We'll see how much of that will survive the next CVE funding lapse.

@GossiTheDog Reading their statement, this really reads like a boilerplate phrase that uses so many words for "we're not going to do anything to diversify the stakeholder landscape". The whole first page talks about how CVE is "CISA's thing" and that they claim ownership for the program, and then there's a lukewarm phrase à la "Yeah, we'll definitely circle back to this, but don't call us. We'll call you!"

I'm more concerned about the very clear "everyone: hands off CVE" undertone.

@GossiTheDog
They are looking at "potential mechanisms for diversified funding", that does not mean CVE will disappear from CISA's budget.

The document makes it very clear that CISA rejects privatization of the program and that they think that CVE is their mandate: "These conflicts of interest reinforce the need for CISA to
take a more active role in the long-term stewardship of the CVE Program. At CISA, we have the appropriate mandate [..]"

@patrickcmiller "Noisy Bear" is a fake. It was a test phishing campaignhttps://thehackernews.com/2025/09/noisy-bear-targets-kazakhstan-energy.html