From The Blog
-
ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
Written by Sean KalinichAlthough the news of the infamous ConnectWise flaw which allowed for the creation of admin accounts is a bit cold, it still is one that…Written on Tuesday, 19 March 2024 12:44 in Security Talk Read 352 times Read more...
-
Social Manipulation as a Service – When the Bots on Twitter get their Check marks
Written by Sean KalinichWhen I started DecryptedTech it was to counter all the crap marketing I saw from component makers. I wanted to prove people with a clean…Written on Monday, 04 March 2024 16:17 in Editorials Read 1271 times Read more...
-
To Release or not to Release a PoC or OST That is the Question
Written by Sean KalinichThere is (and always has been) a debate about the ethics and impact of the release of Proof-of-Concept Exploit for an identified vulnerability and Open-Source…Written on Monday, 26 February 2024 13:05 in Security Talk Read 714 times Read more...
-
There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
Written by Sean KalinichIn what could be called a fantastic move, global law enforcement agencies attacked and took down LockBit’s infrastructure. The day of the event was filled…Written on Thursday, 22 February 2024 12:20 in Security Talk Read 687 times Read more...
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 1908 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 1398 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 1838 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 1602 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 1610 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 116255 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 87103 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 81638 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 80001 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 70418 times Read more...
Displaying items by tag: Data Security
Ionic Security wants to turn the way we think about protecting our data on its head...
Black Hat 2014 Las Vegas, NV - The thought of a network breach or targeted attack is what keeps most systems admins up at night and constantly irritated to boot. The need to man the walls and make sure the moat is filled all the time is exhausting and nearly impossible in today’s moderns and increasingly distributed networks and business models. It makes the thought of a breach not a “what if”, but a “when”. This is becoming the new way of thinking about security. As we have talked about in the past people are no longer thinking they can keep everyone out, but are concentrating on quickly identifying and mitigating the inevitable breach.
The State of Data Security is Unlikey to Change Unless Consumers Demand It.
This morning as I was cursing through the internet news sites I noticed a trend. I saw multiple articles about the state of security all of them claiming that the bad guys a winning or lamenting about the increase in cyber-attacks. Both of these themes are very true, we are seeing an increase in the number of attacks per day (in 2012 it was roughly 1 per day) and the “bad guys” seem to be able to penetrate security with ease. So if this is the case, why do we see more and more efforts to move data and services into the cloud?
Current Security Methods are seriously Outdated... Time for a new Model.
Malware and breaches are inevitable. Anyone that has been in security knows that this is a simple fact. Every day there are hundreds of attempted (and successful) attacks executed against businesses, consumers, and the government. These attacks have been traditionally met with an incident-response thought process. IT departments monitor their networks for suspicious activity and respond when/if they find someone who is either attempting to or actually has broken in. Sadly, this is probably not the best way to handle security.
Reckz0r Returns After a Week Off With a Hack of 79 Banks
About five days ago a hacker that goes by the name of Reckz0r kicked off a new group called SpexSec which created quite a stir. We talked about the group’s appearance and just as sudden disappearance. They showed up made three dumps of data and after a short exchange with someone on Twitter all three of the SpexSec members announced their retirements.
Most Breaches In 2011 Were Simple Exploits That Should Not Have Happened
You know, back a very long time ago (sometime in 2007 or so) I wrote an article on how dangerous the idea of cloud computing was (and is). The article centered around the fact that in almost 99 cases out of 100 the company that is responsible for the security of your information and services are going to spend as little as possible on maintaining them and securing them. They are banking on the hope that no one tries that simple exploit or can even find the servers in question. Or for that matter they put their trust in other companies to manage their security for them. These companies then do the same thing all over again all to make sure they keep the best profit ratio possible.
Path is not the only app that has access to contact list data...
A couple of weeks ago there was an uproar over the data collection practices of the iPhone social networking app Path. This app was intended to allow users to have a more intimate social networking experience. Well like an intimate partner they appear to have been going through some of their users personal information. In fact Path was requesting and uploading users contacts lists; including phone numbers, email addresses, physical addresses, and anything else that was attached to the contact in question (there is a lot you can put in a contact entry).