From The Blog
-
Just When you Thought it was Safe to go Back to the Bank, Microsoft Finds Banking Attacks Targeting Financial Institutions
Written by Sean KalinichAlthough Banking, Mortgage, and other financial institutions are always under attack, it is never a good thing to see a coordinated campaign targeting them. Microsoft…Written on Friday, 09 June 2023 14:59 in News Read 228 times Read more...
-
MOVEit Zero-Day May Have Been Known by Threat Groups Since 2021
Written by Sean KalinichIn today’s episode of why we need to change how we do things; it has come to light that the critical MOVEit zero-day that allowed…Written on Friday, 09 June 2023 11:18 in News Read 321 times Read more...
-
In a Marketplace of Ideas, Censorship is Always Bad Even if Done for the Right Reasons.
Written by Sean KalinichOne thing that has always bothered me is the concept that censoring or hiding certain types of speech, thought, information etc., is somehow going to…Written on Friday, 09 June 2023 10:23 in Editorials Read 106 times Read more...
-
Bring on the Ransomware Beta Test as Royal Begins Seems to be testing a New Encryptor called BlackSuit
Written by Sean KalinichThe fine folks at the Royal ransomware group have begun testing a new flavor of encryptor that is being called BlackSuit (The hat was already…Written on Thursday, 08 June 2023 16:03 in News Read 919 times Read more...
-
Google and Microsoft Share a Zero Day as both Chrome and Edge get Patch Now Guidance.
Written by Sean KalinichGoogle has pushed out a new patch for Chrome to deal with a zero-day vulnerability tracked as CVE-2023-3079. In the patch release Google is clear…Written on Thursday, 08 June 2023 15:12 in News Read 457 times Read more...
-
Barracuda Email Security Gateway Appliances that were Exploited due to Zero-Day Must Be Replaced, not Patched
Written by Sean KalinichAfter the disclosure of a serious Zero-Day that allowed an unauthenticated user to basically own the device. Barracuda is now saying that remediation action for…Written on Thursday, 08 June 2023 12:33 in News Read 253 times Read more...
-
Minecraft Mods stuffed with Malware Used to Target Windows and Linux
Written by Sean KalinichAs we hear more about Supply Chain attacks and the need for Software Build of Materials we are now hearing of an attack on the…Written on Wednesday, 07 June 2023 15:24 in News Read 358 times Read more...
-
Sextortionists Get a Boost from AI and Publicly Available Images
Written by Sean KalinichAs if the internet needed something else bad floating around it seems that groups that engage in extortion schemes involving the threat of releasing images…Written on Wednesday, 07 June 2023 14:24 in News Read 236 times Read more...
-
New PowerShell Malware Dubbed PowerDrop used to Target US Aerospace Industry
Written by Sean KalinichIt is Wednesday, so it is about time to talk about a new strain of malware. In this case one that leverages Microsoft’s PowerShell to…Written on Wednesday, 07 June 2023 13:31 in News Read 235 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 115121 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 84245 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 78435 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 77794 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 67383 times Read more...
Just When you Thought it was Safe to go Back to the Bank, Microsoft Finds Banking Attacks Targeting Financial Institutions
Written by Sean Kalinich
Although Banking, Mortgage, and other financial institutions are always under attack, it is never a good thing to see a coordinated campaign targeting them. Microsoft has disclosed once such campaign using Attacker (Adversary, Man)-in -the-Middle tactics for phishing and BEC (Business Email Compromise) attacks. This style of attack is also not new and one that is often seen in the financial world. These campaigns typically start with one organization that gets popped.
MOVEit Zero-Day May Have Been Known by Threat Groups Since 2021
Written by Sean Kalinich
In today’s episode of why we need to change how we do things; it has come to light that the critical MOVEit zero-day that allowed complete control over targeted file transfer platforms may have been identified by the Cl0p ransomware group as far back as 2021. According to researchers at Kroll, the group appears to have been looking for the right way to properly exploit is as part of a data theft campaign against the Managed File Transfer Utility.
In a Marketplace of Ideas, Censorship is Always Bad Even if Done for the Right Reasons.
Written by Sean Kalinich
One thing that has always bothered me is the concept that censoring or hiding certain types of speech, thought, information etc., is somehow going to change minds and make society better. Simply put, this approach is myopic and bankrupt in such a fundamental way it is staggering how many highly educated people fully believe in it. The concept that you can hide the truth, or shape reality by editing out things you do not like does not exist. The Turth (yes with a capital T) is immutable. It exists outside of any desire to hide or change it regardless of any political affiliation or thought.
Bring on the Ransomware Beta Test as Royal Begins Seems to be testing a New Encryptor called BlackSuit
Written by Sean Kalinich
The fine folks at the Royal ransomware group have begun testing a new flavor of encryptor that is being called BlackSuit (The hat was already taken). First identified in January of this year (2023), Royal is believed to be Conti returned to life. Royal is also a private group, meaning they are not selling their services to anyone else but looking to keep things internal and hoard all their revenue. Royal is who went after the City of Dallas recently and might have poked the bear on that one.
Google and Microsoft Share a Zero Day as both Chrome and Edge get Patch Now Guidance.
Written by Sean Kalinich
Google has pushed out a new patch for Chrome to deal with a zero-day vulnerability tracked as CVE-2023-3079. In the patch release Google is clear that this vulnerability is actively being exploited in the wild and that users of both Chrome and Edge should update to the latest version as soon as possible. The report of the flaw was from Google’s own threat research team making this an even more urgent event.
Barracuda Email Security Gateway Appliances that were Exploited due to Zero-Day Must Be Replaced, not Patched
Written by Sean Kalinich
After the disclosure of a serious Zero-Day that allowed an unauthenticated user to basically own the device. Barracuda is now saying that remediation action for any device that was compromised is a full replacement regardless of the firmware version. It seems that once an attacker gets their malware into the device, it is done. There is not a clean way to remove it and simply patching it does not disable the control that the attacker has on the device. It also seems that at factory resent does not clear it out.
Minecraft Mods stuffed with Malware Used to Target Windows and Linux
Written by Sean Kalinich
As we hear more about Supply Chain attacks and the need for Software Build of Materials we are now hearing of an attack on the popular game, Minecraft. It seems that attackers are leveraging popular Modding platforms to push out information stealing malware (Fractureiser). They are accomplishing this by injecting malicious code into modifications that are then uploaded to different platforms. These are then downloaded and installed by unwary gamers.
Sextortionists Get a Boost from AI and Publicly Available Images
Written by Sean Kalinich
As if the internet needed something else bad floating around it seems that groups that engage in extortion schemes involving the threat of releasing images of a sexual nature are now getting help from AI image creation tools. Sextortion emails are nothing new, in many cases the blackmail is little more than an effort to get a target to click on a malicious file (disguised as an image or video file) in order to get ransomware on a system if the original blackmail is not good enough.
New PowerShell Malware Dubbed PowerDrop used to Target US Aerospace Industry
Written by Sean Kalinich
It is Wednesday, so it is about time to talk about a new strain of malware. In this case one that leverages Microsoft’s PowerShell to do its dirty work. Primarily a post-exploitation tool, PowerDrop is leveraged after access is obtained by other means. According to researchers at Adlumin, the tool also seems to focus on information gathering/theft. The attack also used WMI (Windows Management instrumentation) to execute the PowerShell commands which could be a move to living off the land.
More Ransomware as a Service Fun as Cyclops Gang Now Offers Value Add Information Stealer
Written by Sean Kalinich
Anyone that does not think that cybercrime is now a bug business has been living under a rock. The news related to different cybercrime-as-a-service groups, especially ransomware, has never been more frequent. We have seen groups offer larger profit sharing, special tools, access to customization tools and now we hear that the Cyclops group is even offering an information stealer as something of a value add if you use their services.
More...
Why SBOM is in the News and Why it is Important
Written by Sean Kalinich
Since Executive Order 14028 came out on May 12th from the Biden Administration there has been a lot of talk about what it means and what are the legal and regulatory ramifications of this order. While the larger conversation is one for a later (and much longer) article the overall tone of the EO is one that highlights a desire to centralize control over cybersecurity at the federal level, but not a lot of direct regulatory changes. Everything is recommendations, or guidelines. There is nothing in EO14038 that makes any real changes. Now that is both a good thing and a bad thing. On the one hand it means that organizations have time to adapt to the tone and general message of the EO and new cybersecurity requirements, and on the other hand, as we are already in an election cycle, many companies are likely to adopt a wait and see attitude towards any changes. One area is around SBOM, or Software Build of Materials.
Attackers Drop Card Stealing Scripts into Legitimate eCommerce Sites
Written by Sean Kalinich
So, there you are, you have found the one thing in all the internet that will make your object drive life complete. You put the fabulous object into your cart, giddily fumble out your credit card and enter those embossed numbers into the checkout screen and click to start the journey of your newfound treasure. Unbeknownst to you, attackers had previously injected skimming scripts into the site and captured all your card data for use later, or to sell in bulk on a dark web marketplace later.
MOVEit Transfer Zero Day gets added to the KEV and a Cool New Web Shell
Written by Sean Kalinich
Spring, the time of renewal, the time when nature wakes up. It is also a time when Zero-Day flaws hit the web. This year has been no different with many Zero-Day flaws identified in April and May 2023. The reasons for this are varied, but commonly we see Zero-Day flaws identified after everyone comes back from their Holiday vacations and after budgets are done, the money is available and initiatives for thew new year start. One of the more interesting zero-days for 2023 was a flaw found in MOVEit Transfer software.
Google’s Verification Feature in Gmail already Abused by Scammers and Phishers
Written by Sean Kalinich
The news that a feature in Gmail that shows a verification check mark for a sender is being abused by attackers should come as a surprise to no one. After all attackers have coopted, code singing certificates, legitimate web sites, and more as part of their attack processes, why wouldn’t a simple blue check mark be difficult? The new feature was introduced last month and, on the surface, looks like a great idea. Show that the sender of an email is who they say they are.