Chip Childers
@chipchilders.bsky.social
On balance, computers may have been a bad idea. Prove me wrong.
Work on security/compliance/OSS in the tech industry, but this is not work. All opinions mine.
Work on security/compliance/OSS in the tech industry, but this is not work. All opinions mine.
Reposted by Chip Childers
Seems like a good time to repost this…
April 16, 2025 at 3:38 PM
Seems like a good time to repost this…
I truly hope that the USG isn't completely dropping efforts to monitor / defend against foreign disinformation campaigns... but that seems increasingly to be the situation.
April 16, 2025 at 3:48 PM
I truly hope that the USG isn't completely dropping efforts to monitor / defend against foreign disinformation campaigns... but that seems increasingly to be the situation.
New alert from CISA: "Fast flux represents a persistent threat to network security, leveraging rapidly changing infrastructure to obfuscate malicious activity."
www.cisa.gov/news-events/...
www.cisa.gov/news-events/...
NSA, CISA, FBI, and International Partners Release Cybersecurity Advisory on “Fast Flux,” a National Security Threat | CISA
www.cisa.gov
April 3, 2025 at 1:16 PM
New alert from CISA: "Fast flux represents a persistent threat to network security, leveraging rapidly changing infrastructure to obfuscate malicious activity."
www.cisa.gov/news-events/...
www.cisa.gov/news-events/...
"He wants to carve out a specific role for CISA under the expiring 2015 Cybersecurity Information Sharing Act — the subject of a planned hearing next month — and keep CISA involved in administering the expiring $1 billion, four-year state and local grant(s)"
cyberscoop.com/cisa-workfor...
cyberscoop.com/cisa-workfor...
Don’t cut CISA personnel, House panel leaders say, as they plan legislation giving the agency more to do
Reps. Andrew Garbarino and Eric Swalwell said legislative priorities include an expiring information-sharing law and making a threat information-sharing organization permanent.
cyberscoop.com
April 3, 2025 at 1:05 PM
"He wants to carve out a specific role for CISA under the expiring 2015 Cybersecurity Information Sharing Act — the subject of a planned hearing next month — and keep CISA involved in administering the expiring $1 billion, four-year state and local grant(s)"
cyberscoop.com/cisa-workfor...
cyberscoop.com/cisa-workfor...
I guess we'll have to pay to get our B-2's back?
April 3, 2025 at 12:55 PM
I guess we'll have to pay to get our B-2's back?
Does this say something about the gullibility of RT editors, or is the real lesson that even they know their propaganda is utterly ridiculous?
ukdefencejournal.org.uk/uk-defence-j...
ukdefencejournal.org.uk/uk-defence-j...
UK Defence Journal tricks Russian state media
An April Fools’ Day article published by the UK Defence Journal was mistakenly reported as fact by Russian state media outlet RT.
ukdefencejournal.org.uk
April 3, 2025 at 12:41 PM
Does this say something about the gullibility of RT editors, or is the real lesson that even they know their propaganda is utterly ridiculous?
ukdefencejournal.org.uk/uk-defence-j...
ukdefencejournal.org.uk/uk-defence-j...
Reposted by Chip Childers
"The Chinese state-backed threat group Silk Typhoon shifted tactics in late 2024 to broaden access and enable follow-on attacks against downstream customers of its initial targets"
cyberscoop.com/silk-typhoon...
cyberscoop.com/silk-typhoon...
Silk Typhoon shifted to specifically targeting IT management companies
The Chinese state-backed espionage group started targeting third-party IT services in late 2024, Microsoft researchers said.
cyberscoop.com
March 7, 2025 at 3:10 PM
"The Chinese state-backed threat group Silk Typhoon shifted tactics in late 2024 to broaden access and enable follow-on attacks against downstream customers of its initial targets"
cyberscoop.com/silk-typhoon...
cyberscoop.com/silk-typhoon...
"Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025."
thehackernews.com/2025/03/php-...
thehackernews.com/2025/03/php-...
PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors
Hackers exploit CVE-2024-4577 to breach Japanese firms, leveraging Cobalt Strike, PowerShell, and advanced persistence techniques.
thehackernews.com
March 7, 2025 at 2:30 PM
"Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025."
thehackernews.com/2025/03/php-...
thehackernews.com/2025/03/php-...
“By possessing detailed profiles of key targets, social networks, and voter psychographics, threat actors are almost certainly enhancing their capabilities to conduct targeted influence and espionage campaigns”
therecord.media/canada-cyber...
therecord.media/canada-cyber...
Canadian intelligence agency warns of threat AI poses to upcoming elections
Influence and espionage campaigns, boosted by AI, are likely to be aimed at Canada's upcoming elections, says a new report from the CSE, the country's signals and cyber intelligence agency.
therecord.media
March 7, 2025 at 2:27 PM
“By possessing detailed profiles of key targets, social networks, and voter psychographics, threat actors are almost certainly enhancing their capabilities to conduct targeted influence and espionage campaigns”
therecord.media/canada-cyber...
therecord.media/canada-cyber...
"The US Justice Department on Wednesday announced charges against members of the Chinese-backed i-Soon 'secret' APT and APT27, the latter implicated in January's Treasury breach."
www.darkreading.com/threat-intel...
www.darkreading.com/threat-intel...
Under Pressure: US Charges China's APT-for-Hire Hackers
The US Justice Department on Wednesday announced charges against members of the Chinese-backed i-Soon "secret" APT and APT27, the latter implicated in January's Treasury breach.
www.darkreading.com
March 7, 2025 at 2:24 PM
"The US Justice Department on Wednesday announced charges against members of the Chinese-backed i-Soon 'secret' APT and APT27, the latter implicated in January's Treasury breach."
www.darkreading.com/threat-intel...
www.darkreading.com/threat-intel...
I think this is the first public pushback on Putin / Russia since he took office... This is a good thing. More of this.
March 7, 2025 at 2:22 PM
I think this is the first public pushback on Putin / Russia since he took office... This is a good thing. More of this.
France is really starting to wake up
Macron will give a speech - another "Adresse aux Français" at 20:00. Here's the link to the livestream, and I will add major takeaways to this thread: 🇫🇷🧵
www.elysee.fr/emmanuel-mac...
www.elysee.fr/emmanuel-mac...
Adresse aux Français.
Le Président Emmanuel Macron s'adressera aux Français ce mercredi 5 mars à 20h depuis le Palais de l'Élysée.
www.elysee.fr
March 5, 2025 at 7:23 PM
France is really starting to wake up
1939 Charles Lindbergh would be so proud of his movement today.
1942 Charles Lindbergh would be pretty upset.
1942 Charles Lindbergh would be pretty upset.
March 5, 2025 at 6:13 PM
1939 Charles Lindbergh would be so proud of his movement today.
1942 Charles Lindbergh would be pretty upset.
1942 Charles Lindbergh would be pretty upset.
I doubt Mike Johnson is speaking from a position of authority on this topic. I know he is getting direct pressure from GOP reps that are in the "pro-Ukraine" camp. This is his way to act like he's in the know.
⚡️ US military aid freeze to Ukraine temporary, linked to Zelensky-Trump clash.
The pause in U.S. military aid to Ukraine is temporary and tied to the fallout from President Volodymyr Zelensky's heated Oval Office exchange with U.S. President Donald Trump, House Speaker Mike Johnson said on March 4.
The pause in U.S. military aid to Ukraine is temporary and tied to the fallout from President Volodymyr Zelensky's heated Oval Office exchange with U.S. President Donald Trump, House Speaker Mike Johnson said on March 4.
US military aid freeze to Ukraine is 'temporary,' linked to Trump-Zelensky exchange, Speaker Johnson says
The pause in U.S. military aid to Ukraine is temporary and tied to the fallout from Ukrainian President Volodymyr Zelensky's heated Oval Office exchange with U.S. President Donald Trump, House Speaker...
kyivindependent.com
March 4, 2025 at 5:32 PM
I doubt Mike Johnson is speaking from a position of authority on this topic. I know he is getting direct pressure from GOP reps that are in the "pro-Ukraine" camp. This is his way to act like he's in the know.
Sigh... Sweden is attempting to demand the same "backdoor" capabilities for encrypted communication apps that the UK tried to get from Apple.
www.svt.se/nyheter/inri...
www.svt.se/nyheter/inri...
Signal lämnar Sverige om regeringens förslag på datalagring klubbas
Den krypterade meddelandeappen Signal växer – nu använder till och med Försvarsmakten appen. Men regeringen vill tvinga bolaget att införa en teknisk bakdörr åt Polisen och Säpo. – Om det blir verklig...
www.svt.se
March 3, 2025 at 5:21 PM
Sigh... Sweden is attempting to demand the same "backdoor" capabilities for encrypted communication apps that the UK tried to get from Apple.
www.svt.se/nyheter/inri...
www.svt.se/nyheter/inri...
Presented with no comment
March 3, 2025 at 1:32 PM
Presented with no comment
Interesting statement from CISA, given the press reports to the contrary.
March 3, 2025 at 2:27 AM
Interesting statement from CISA, given the press reports to the contrary.
And I’m sure Ukraine will happily accept once Russians go the hell home, give them their children back, and stop launching drones / missies / bombs at Ukrainian cities.
❗️🇺🇸 Trump says he insists on immediate ceasefire in Ukraine.
February 28, 2025 at 10:38 PM
And I’m sure Ukraine will happily accept once Russians go the hell home, give them their children back, and stop launching drones / missies / bombs at Ukrainian cities.
This is absolutely wild. We’re entering a new era of disinformation, and the current era has demonstrated how completely unprepared we are as a species to withstand disinformation campaigns.
Technological leaps are making it MUCH worse.
This is going to be very bad.
Technological leaps are making it MUCH worse.
This is going to be very bad.
To conclude, the Don Jr audio clip is definitely fake.
But worryingly, it's one of the best AI-generated audio clips I've ever heard. It's almost unrecognisable from Don Jr's real voice.
Gen AI is rapidly improving, and the online information space is going to become even more confusing.
But worryingly, it's one of the best AI-generated audio clips I've ever heard. It's almost unrecognisable from Don Jr's real voice.
Gen AI is rapidly improving, and the online information space is going to become even more confusing.
February 27, 2025 at 1:15 AM
This is absolutely wild. We’re entering a new era of disinformation, and the current era has demonstrated how completely unprepared we are as a species to withstand disinformation campaigns.
Technological leaps are making it MUCH worse.
This is going to be very bad.
Technological leaps are making it MUCH worse.
This is going to be very bad.
"Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized software."
unit42.paloaltonetworks.com/new-linux-ba...
unit42.paloaltonetworks.com/new-linux-ba...
Auto-Color: An Emerging and Evasive Linux Backdoor
The new Linux malware named Auto-color uses advanced evasion tactics. Discovered by Unit 42, this article cover its installation, evasion features and more. The new Linux malware named Auto-color uses advanced evasion tactics. Discovered by Unit 42, this article cover its installation, evasion features and more.
unit42.paloaltonetworks.com
February 25, 2025 at 6:19 PM
"Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized software."
unit42.paloaltonetworks.com/new-linux-ba...
unit42.paloaltonetworks.com/new-linux-ba...
When it comes to offensive cyber operations, the question of strategic ambiguity vs. transparent application of capabilities is an important one, but I'm fairly confident the answer is that we (the US) need both. cyberscoop.com/aggressive-c...
Trump and others want to ramp up cyber offense, but there’s plenty of doubt about the idea
Amid rising cyber threats, experts and lawmakers debate the effectiveness of the United States' aggressive offensive cyber strategies.
cyberscoop.com
February 24, 2025 at 3:36 PM
When it comes to offensive cyber operations, the question of strategic ambiguity vs. transparent application of capabilities is an important one, but I'm fairly confident the answer is that we (the US) need both. cyberscoop.com/aggressive-c...
Really interesting write up of China’s attribution of a breach to the NSA.
www.inversecos.com/2025/02/an-i...
www.inversecos.com/2025/02/an-i...
An inside look at NSA (Equation Group) TTPs from China’s lense
www.inversecos.com
February 23, 2025 at 8:37 PM
Really interesting write up of China’s attribution of a breach to the NSA.
www.inversecos.com/2025/02/an-i...
www.inversecos.com/2025/02/an-i...