Manuel D'Orso @cirku17@infosec.exchange

Compromised rubygems account results in rest-client code injection.
https://github.com/rest-client/rest-client/issues/713

CVE-2019-15224

#ruby
#CVE

What is CTI and what makes a good CTI analyst? by @ComradeCookie@twitter.com https://link.medium.com/Z0NVZ7mUfZ

Google Engineer Leaks Nearly 1,000 Internal Documents, Alleging Bias, Censorship https://www.theepochtimes.com/google-engineer-leaks-nearly-1000-internal-documents-alleging-bias-censorship_3042234.html di @EpochTimes@twitter.com

Stuck with stix2 import for observables, it won't take valid stix2. Issues have been already opened on that, I might have to try their python client.

Building a Valid Threat Library for Cloud Based Applications - OWASP AppSec EU 2018 #DevOps Track https://youtu.be/W3k9HsqaebM #DevSecOps via @AppSecEU@twitter.com

Trying #OpenCTI .
Heavy, but very nice so far.

#ThreatIntel

Building an AppSec Program with a Budget of $0: Beyond the OWASP Top 10 https://youtu.be/5RmHQKeXgk4

RT @mattblaze@twitter.com
Some “unhackable” voting equipment at ⁦@VotingVillageDC@twitter.com.

Threesome app 3fun exposed user locations and profile data https://tcrn.ch/2Yyw4Cq di @TechCrunch@twitter.com

MITRE ATT&CK: The Play at Home Edition
https://drive.google.com/file/d/1xCRnECt-IsFLgxdZr_zCFcoeEecr0t0j/view

RT @threatpost@twitter.com
A malicious #WordPress plugin called WP Security has been encrypting individual blog posts (an unusual behavior) and rendering the content unreadable. @sucurisecurity@twitter.com
https://threatpost.com/cryptolocking-wordpress-plugin/147016/

RT @enigma0x3@twitter.com
Here is a 0day in Steam. This bug has been publicly disclosed (https://amonitoring.ru/article/steamclient-0day/), so I'm opening up my PoC. No blog post since @PsiDragon@twitter.com covered it nicely.
https://gist.github.com/enigma0x3/03f065be011c5980b96855e2741bf302

RT @privacyint@twitter.com
Yesterday @Twitter@twitter.com disclosed that it may have shared your data with advertising partners without your consent for months.

The entire AdTech industry needs fixing, but @Twitter@twitter.com could do much more already.

Our response:
https://privacyinternational.org/news-analysis/3111/twitter-may-have-used-your-personal-data-ads-without-your-permission-time-fix

On the Amazon panopticon https://tcrn.ch/2YqkM2Q di @TechCrunch@twitter.com

RT @fpietrosanti@twitter.com
The Military-Style Surveillance Technology Being Tested in American Cities

https://www.theatlantic.com/technology/archive/2019/08/military-style-surveillance-air-often-legal/595063/

RT @Info_Activism@twitter.com
Digital Integrity Fellowship manual https://manuals.digitaldefenders.org/#introduction

RT @OSINTtechniques@twitter.com
If you're new to OSINT research. Here's a list of helpful resources:
https://docs.google.com/document/d/1BfLPJpRtyq4RFtHJoNpvWQjmGnyVkfE2HYoICKOGguA
https://osintframework.com
https://start.me/p/m6XQ08/osint
https://start.me/p/ZME8nR/osint
https://start.me/p/OmExgb/terrorism-radicalisation-research-dashboard
https://start.me/p/VRxaj5/dating-apps-and-hook-up-sites-for-investigators

Whistleblower vindicated in Cisco cybersecurity case https://abcn.ws/2KidmF1 di @ABC@twitter.com

Apple Card will not allow purchase of cryptocurrencies https://reut.rs/2Zvfuzu