Lightnews — Scholar-powered news

Danny Moore @moore.bsky.social · Jun 23

One of our biggest issues as a cybersecurity community and industry is that we inflicted dozens of partly overlapping cryptonyms on the world and just expect them to deal with it because we can't.

Danny Palmer @dannypalmer.bsky.social · Jun 23

A interesting read. Always felt a bit odd covering cyber attacks, then writing it was carried out by 'Vengeful Hamster' or 'Creeping Groundhog' or something

...then also having to use a paragraph to detail all the different names different companies call the same group.

www.wsj.com/tech/cyber-s...

‘We’re Not Naming Care Bears.’ Hacker Code Names Are Getting Too Cute

Cartoonish naming conventions for potentially catastrophic cyberattacks are dividing security professionals

www.wsj.com

7

Danny Moore @moore.bsky.social · Jun 23

Still consistently the best cyber-related podcast out there

Catalin Cimpanu @campuscodi.risky.biz · Jun 23

-CoinMarketCap hacked via animated logo
-White House rejects NSA & CyberCom nomination
-FCC probes US Cyber Trust Mark program
-Cyberattack disrupts Russian animal processing industry
-Iran hacks Albania's capital Tirana

Podcast: risky.biz/RBNEWS441/
Newsletter: news.risky.biz/risky-bullet...

1 2 14

Danny Moore @moore.bsky.social · Jun 22

כנראה עדיין שוק תרמי כתוצאה מחימום מהיר על אינדוקציה

1

Danny Moore @moore.bsky.social · Jun 21

Considering that one of Israel's overt goals for the war is to destabilize the Iranian government, a nation-wide shutdown of public internet access plays well into Israel's hands.

And it may not even stop further attacks.

Lorenzo Franceschi-Bicchierai @lorenzofb.bsky.social · Jun 20

NEW: Iran's government has now admitted it took down the internet in the country, arguing it was to protect against Israeli cyberattacks.

I spoke to two Iranians who live abroad and can't communicate with their loved ones back home.

"I haven’t heard from them in two days," said @ammir.bsky.social.

Iran's government says it shut down internet to protect against cyberattacks | TechCrunch

The government cited the recent hacks on Bank Sepah and cryptocurrency exchange Nobite as reasons to shut down internet access to virtually all Iranians.

techcrunch.com

2 3

Reposted by Danny Moore

Catalin Cimpanu @campuscodi.risky.biz · Jun 19

Predatory Sparrow has dumped the Nobitex crytpo platform source code on Telegram

They previously stole $90mil worth of assets in a hack yesterday

t.me/gonjeshkdara...

1 2 8

Danny Moore @moore.bsky.social · Jun 13

My hot take is that it isn't a lack of strategy, Israel has many viable, ambitious strategies.

It's a constant failure of political will, unity, and patience to enact a strategy.

2 25

Danny Moore @moore.bsky.social · May 29

Interesting! In my book, Offensive Cyber Operations, I talk a lot about the convergence of tactical offensive cyber and electronic warfare.

The resources, approach and desired outcomes are deeply connected.

The UK's move is in line with trends seen elsewhere. Will dive more into it all later.

Shashank Joshi @shashj.bsky.social · May 29

1/ In run-up to SDR, UK has announced a new "Cyber and Electromagnetic Command". Temptation is to focus on offensive tasks. What MoD says is that it will "lead defensive cyber operations" for military networks and "coordinate" offensive ones with the National Cyber Force, which was set up in 2020.

15

Danny Moore @moore.bsky.social · May 26

You could get away with a lot more back then, especially considering that the orgs/people who were targeted had next to nothing for endpoint and network security.

1

Danny Moore @moore.bsky.social · May 26

The most interesting bit here is that the best Western gov cyber outfits overhauled their operational approach after the mid-10s to focus more on avoiding detection.

The era of the "factory ops" was too risky with the rise of threat intel.

Harder to reliably spot 2025's Regin, Careto, Flame, etc

Lorenzo Franceschi-Bicchierai @lorenzofb.bsky.social · May 23

NEW: More than a decade ago, Kaspersky discovered a mysterious "elite" hacking group it called Careto (aka “The Mask”), which then vanished and only resurfaced last year.

We can now reveal that the researchers who investigated it were confident that the Spanish government was behind it.

Mysterious hacking group Careto was run by the Spanish government, sources say | TechCrunch

The elusive hacking group Careto was never publicly linked to a specific government, but TechCrunch has learned researchers concluded privately that the Spanish government was behind the group.

techcrunch.com

1 5 21

Danny Moore @moore.bsky.social · May 20

"the technical team's analysis indicates that the attacker's methods and related technical proficiency were relatively low-level."

Nothing in the article to explain what makes this "cyber warfare".

Catalin Cimpanu @campuscodi.risky.biz · May 20

A threat actor has allegedly breached and disrupted the backend systems of a sci-tech company based out of Guangzhou, China.

Chinese officials claimed the hack had a "clear political background and [showed] distinct signs of cyber warfare."

www.globaltimes.cn/page/202505/...

1 4

Reposted by Danny Moore

John Hultquist @hultquist.bsky.social · May 20

If you’ve been laid off from a cyber intel position, please reach out if you’d like to come to @sleuthcon.bsky.social.

3 47 69

Reposted by Danny Moore

Greg Otto @gregotto.bsky.social · May 15

NEW: Hundreds of victims are surfacing across the world from zero-day cyberattacks on SAP, in a campaign that one leading cyber expert is comparing to the vast Chinese government-linked Salt Typhoon and Volt Typhoon breaches. cyberscoop.com/sap-cyberatt...

SAP cyberattack widens, drawing Salt Typhoon and Volt Typhoon comparisons

Hundreds of victims are surfacing across the world from zero-day cyberattacks on Europe’s biggest software manufacturer and company.

cyberscoop.com

9 11

Reposted by Danny Moore

zeynep tufekci @zey.bsky.social · May 15

Drama over at X/xAI.

Whatever you ask Grok, it pivots to “white genocide” in South Africa.

The last panel is what Grok claims was a “verbatim” system prompt that caused the behavior. Jury out.

It’s now fixed but they haven’t yet bothered explaining.

This, not those AGI fantastical scenarios.

24 110 390

Reposted by Danny Moore

Joseph Cox @josephcox.bsky.social · May 4

New from 404 Media: the Signal clone the Trump administration uses was just hacked. TeleMessage makes a modified version of Signal that archives messages for government agencies, Waltz used it. A hacker got some users' messages, group chats. Hugely significant breach www.404media.co/the-signal-c...

The Signal Clone the Trump Admin Uses Was Hacked

TeleMessage, a company that makes a modified version of Signal that archives messages for government agencies, was hacked.

www.404media.co

160 2.8K 6.1K

Danny Moore @moore.bsky.social · Apr 23

Knowing Betz, he has been on a path leading to this for many years.

2

Danny Moore @moore.bsky.social · Apr 15

The literal birth of my firstborn child was less anxiety inducing than a full week of driving and parking in Tel Aviv.

2

Danny Moore @moore.bsky.social · Apr 13

New tech class, new vulnerability class

David D. Levine @daviddlevine.com · Apr 12

LLMs hallucinating nonexistent software packages with plausible names leads to a new malware vulnerability: "slopsquatting."

LLMs can't stop making up software dependencies and sabotaging everything

: Hallucinated package names fuel 'slopsquatting'

www.theregister.com

2 1 9

Reposted by Danny Moore

Raphael Satter @raphae.li · Apr 11

THREAD: When @thekrebscycle.bsky.social and his workplace, @sentinelone.com, were singled out by Donald Trump on Wednesday, I thought it was an opportunity to weigh the cybersecurity industry's rhetoric against their real world actions.

6 73 130

Danny Moore @moore.bsky.social · Apr 11

Cybersecurity is built on trust, I can only imagine how CISA staff must be feeling.

Kevin Collier @kevincollier.bsky.social · Apr 10

New: Current CISA employees — picture patriotic, hardworking nerds not used to the spotlight, often with narrow focuses like identifying how hackers break into the industrial control systems that run our water and electric facilities — are sick of Trump's cuts and the politicization of their work.

U.S. cyber defenders shaken by Trump's attack on their former boss

“Every day feels somehow more bizarre than the last. It is incredibly difficult to focus on our mission,” one current Cybersecurity and Infrastructure Security Agency employee said.

www.nbcnews.com

10

Reposted by Danny Moore

Eric Geller @ericjgeller.com · Apr 10

👀 China reportedly acknowledged to outgoing Biden officials in December that it was responsible for the Volt Typhoon critical infrastructure intrusions, linking them to "increasing U.S. policy support for Taiwan." www.wsj.com/politics/nat...

2 21 51

Reposted by Danny Moore

Katie Moussouris (she/her/she-hulk/she-ra)🌻 @k8em0.bsky.social · Apr 9

I was there. It was meant literally.

“JD Work — now on the US NSC — shocked some by warning that the US would take lethal action against malicious actors in commercial cyber operations.
Participants who heard [it said] they were unsure if it was meant literally or figuratively”

The Record @therecordmedia.bsky.social · Apr 9

The Pall Mall Process — a diplomatic initiative designed to reform the commercial spyware and hacking market — has added more nations as it confronts an industry that is more complex than ever. https://therecord.media/pall-mall-process-commercial-spyware-hacking-paris-diplomacy

As spyware market continues to expand, diplomatic Pall Mall Process hits a pivot point

The Pall Mall Process — a diplomatic initiative designed to reform the commercial spyware and hacking market — has added more nations as it confronts an industry that is more complex than ever.

therecord.media

5 30 82

Reposted by Danny Moore

Ulrike Franke @rikefranke.bsky.social · Mar 27

The Swiss population doesn’t want to buy the F35 anymore, given everything that’s going on in Trump’s US.
In 2020, a 50,1% majority had voted for the acquisition in a referendum.

www.watson.ch/schweiz/wirt...

13 73 280

Reposted by Danny Moore

Kim Zetter @kimzetter.bsky.social · Mar 11

Why is the headline on all X outage stories about Musk blaming Ukraine for the DDoS? Why aren't media outlets putting the emphasis on the security lapse that allowed script kiddies (or whoever) to launch the attack against X as well as the lack of any evidence that the traffic came from Ukraine IPs?

11 28 81

Danny Moore @moore.bsky.social · Mar 10

DDoS attacks frequently use compromised or otherwise co-opted IP addresses. The global distribution helps avoid geofencing defenses.

Public high-confidence attribution takes time and effort. So take any quickfire claims with healthy skepticism.

Kevin Collier @kevincollier.bsky.social · Mar 10

Updated with Musk's claim about the apparent DDoS: The IP addresses originated in "the Ukraine area."

Besides the geographical ambiguity (isn't Russia in the Ukraine area?), this is also total nonsense. A big DDoS uses hacked devices from around the world. Says nothing about where the attacker is.

X sees major outages as Musk claims 'massive cyberattack' hit platform

Three separate outages appear to have hit the social media site Monday.

www.nbcnews.com

8

Danny Moore @moore.bsky.social · Mar 7

מסכים לגמרי, האמירות האלו מתעלמות מהמגבלות האינהרנטיות של LLMs. יש הבדל בין עיבוד וניסוח תוכן מורכב לבין חשיבה יוצרת

2