From The Blog
-
ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
Written by Sean KalinichAlthough the news of the infamous ConnectWise flaw which allowed for the creation of admin accounts is a bit cold, it still is one that…Written on Tuesday, 19 March 2024 12:44 in Security Talk Read 706 times Read more...
-
Social Manipulation as a Service – When the Bots on Twitter get their Check marks
Written by Sean KalinichWhen I started DecryptedTech it was to counter all the crap marketing I saw from component makers. I wanted to prove people with a clean…Written on Monday, 04 March 2024 16:17 in Editorials Read 1584 times Read more...
-
To Release or not to Release a PoC or OST That is the Question
Written by Sean KalinichThere is (and always has been) a debate about the ethics and impact of the release of Proof-of-Concept Exploit for an identified vulnerability and Open-Source…Written on Monday, 26 February 2024 13:05 in Security Talk Read 1117 times Read more...
-
There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
Written by Sean KalinichIn what could be called a fantastic move, global law enforcement agencies attacked and took down LockBit’s infrastructure. The day of the event was filled…Written on Thursday, 22 February 2024 12:20 in Security Talk Read 1088 times Read more...
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 2135 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 1860 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 2129 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 2103 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 1896 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 116531 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 87496 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 82042 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 80342 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 71000 times Read more...
Displaying items by tag: Flaw
Progress Software’s MOVEit has yet another Unauthenticated SQL Injection Flaw
Last week Progress Software, the company behind MOVEit file transfer software, announced another SQL injection flaw had been identified and patched. This flaw is just the latest in a series of vulnerabilities that have been identified in the application after the Cl0p ransomware group was found to have exploited a different SQL injection flaw to steal data from multiple MOVEit users. The attacks started in late 2022, but the Cl0p group might have been testing different entry points as far back as June 2022.
New Hack for Aircraft Systems To be Shown off at Black Hat 2014
Security should be a priority in any company, but it should be even more paramount in places where lives are at risk. So we have to wonder how someone ever allowed a security flaw in aircraft inflight systems that would allow for someone to compromise the aircraft. This is the claim of security researcher Ruben Santamarta has made and he plans to prove it at Black Hat 2014.
Are Security Researchers Sitting on Vulnerabilities to Get the Most Money?
A couple of days ago we posted a story about a group of developers that complained to Valve about their lack of a Bug Bounty. In their complaint was an inference that having a form of reward would make people want to identify and report bugs and exploits in a timely manner. On the surface that would seem to make sense, but there is a flip side to this line of thinking. There will also be times when people will wait to report something to ensure they get the most money out of their efforts.
D-Link Flaw Exists in Many Common Residential and SOHO Routers
Yesterday we wrote about a disturbing flaw in some D-Link routers that allow for a malicious individual to access it without a username or password. Shortly after we published the article we were reminded that this flaw does not just exist in D-Link hardware, but is also present in devices from many other companies that have SOHO and Residential products. The string for each might be different and in some cases harder to gain access to, but it is there.
Google Denies There is Any Flaw in Chrome That Exposes User Information
After the general announcement that Google’s Chrome exposes user information to capture, Google has come back with a reply. It seems that Google does not want anyone to know that there is a security hole in their flagship browser. They are continuing to claim that it is “the most secure” browser and that Chrome maintains user data in an encrypted format. They feel that there is nothing wrong and that the information being presented by Information Finders is no big deal. If Chrome is storing data then it will be encrypted… if your OS supports it and that it only collects this information if the user asks it to. It is a very interesting statement to be made given the information presented.
Security Flaw Found in iOS 7 that Allows You to ByPass the Lockscreen
It seems that Apple’s latest and greatest mobile operating system was shipped with a major flaw disguised as a feature. Shortly after the launch of iOS 7 there were the usual reports of bricked phones, problems reactivating the phone once it was installed etc. Most of these are common and more often than not can be traced to user software that is installed including many of the newer mobile device management applications that are in use. However when reports (and videos) started popping up showing how to bypass the lock screen without a password things were not so normal.
FTC Steps in On TRENDNet IP Camera Issue... After TRENDNet Fixes It...
In Mid-2011 it was revealed that many Supervisory Control and Data Acquisition (SCADA) devices were visible on the internet with a simple Google search. What was even more terrifying was that many of these devices still had the default username and password set and were visible in the search results. In 2009 someone with the same idea developed a search engine that was able to find connected devices as a service making it easier to find them and… exploit them. In January of 2012 a security flaw was found in the way that many (if not all) connected IP cameras operated. The flaw was originally found in a TRENDNet’s IP camera (a discontinued one) and it was a serious one.
Facebook flaw allows users to delete any photo
Indian enthusiast Arul Kumar who deals with computer security issues, reported a flaw in the social network Facebook, which allows you to delete any photo on Facebook within one minute. Failure is spotted within Support Dashboard portal that allows users to send complaints regarding violation or offensive content, and monitor whether the individual complaint is processed. Facebook employees handle complaints 24 hours a day, seven days a week.
Facebook Can’t Even Protect Zuckerberg’s Wall
Palestinian security researcher Khalil Shreateh attempted to inform Facebook of a security flaw. Shreateh contacted Facebook with a message stating, “My name is Khalil Shreateh. I finished school with a BA Degreen in Information Systems. I would like to report a bug in your main site (www.facebook.com) which I discovered it… The bug allow Facebook users to share links to others facebook users, I tested it on Sarah Goodin wall and I got success post (sic).” Their lack of interest in asking more questions and denying it was a bug, led to him posting a message directly to Mark Zuckerberg’s wall.
Password Flaw Leaves Some Versions of MySQL and MariaDB Open to Brute Force Attacks
A rather major, but basic flaw in the way that MySQL and MariaDB handle passwords has opened up both of these to brute force attacks and can allow the attacker to gain access in seconds. This flaw which exploits an issue in the way the passwords are checked using the memcmp function can be used as long as the attacker knows at least one user name. Considering that “root” is almost always in existence the password security on many MySQL and MariaDB databases is practically nonexistent.