From The Blog
-
Indirect Prompt Injection Attacks, The least Acknowledged Flaw in AI Today
Written by Sean KalinichWait, another danger of AI article? Yes, another one. Since far too many people and companies are ok with ignoring the dangers simply for the…Written on Thursday, 25 May 2023 16:02 in News Read 307 times Read more...
-
Leaked LockBit and Babuk Ransomware repurposed by Buhti in new Payloads
Written by Sean KalinichThe leak of tools used by threat groups, and spying agencies are events of inestimable importance in both the threat group and security worlds. To…Written on Thursday, 25 May 2023 10:52 in News Read 583 times Read more...
-
The Microsoft Activision Blizzard Deal, Let’s Talk about the Elephant in the Room
Written by Sean KalinichMicrosoft’s $69 Billion wish list includes the acquisition of Activision Blizzard and all the goodies that it controls. This deal has been called the largest…Written on Thursday, 25 May 2023 09:26 in Game Thoughts Read 514 times Read more...
-
Geoffrey Hinton, one of the Godfathers of AI, Says AI is an Imminent Existential Threat
Written by Sean KalinichGeoffrey Hinton, a former engineering fellow at Google and a vice president focusing on AI has made comments after his retirement from Google earlier this…Written on Wednesday, 24 May 2023 14:09 in Editorials Read 217 times Read more...
-
More Malware Discovered in Google Play Store this Time in a Popular Screen Recording App
Written by Sean KalinichThe Google Play Store is and has always been something of a playground for mobile malware groups. Over the past few years hundreds of malicious…Written on Wednesday, 24 May 2023 12:13 in News Read 208 times Read more...
-
Microsoft Announces AI Run Moderation System to Prevent “harmful” Content
Written by Sean KalinichWith some of the news around AI I feel like I should just create a “what could go wrong” series of articles. After all, as…Written on Wednesday, 24 May 2023 10:25 in News Read 379 times Read more...
-
China Targets US Based Micron with a Sales Ban Citing National Security Concerns
Written by Sean KalinichIn what seems to be a tit-for-tat move, Chin has announced a ban on products from US chip maker, Micro. The reasons for this are…Written on Tuesday, 23 May 2023 15:28 in News Read 257 times Read more...
-
Ransomware Group BlackCat Appears to be Developing a New Attack Using Signed Kernel Drivers
Written by Sean KalinichIn the never-ending saga of Ransomware, the threat groups that deploy or leverage this tool for financial gain are always looking for a new method…Written on Tuesday, 23 May 2023 12:59 in News Read 220 times Read more...
-
As System Shock Remake is Underway New Look at the System Shock 2 Enhanced Edition Pips up
Written by Sean KalinichLong, long ago in a development studio far away there was a concept for a game where the protagonist was something more than just another…Written on Monday, 22 May 2023 14:12 in Game Thoughts Read 286 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 115085 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 84156 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 78325 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 77736 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 67302 times Read more...
Apple Pushes Out Patches for Three Zero-Day Vulnerabilities Exploited in the Wild
Written by Sean Kalinich
Apple has rushed to release patches for CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373 all of which are in the WebKit Browser engine and across all Apple platforms (IOS, IpadOS and macOS). These three flaws have also been seen to be actively exploited in the wild. This increases the significance of them and should be remediated as soon as possible by applying any available patches.
Apple Launches ChatGPT app Wile Banning it from Use by Employees
Written by Sean Kalinich
After learning that there were malicious ads containing links to ChatGPT apps (for Windows), Apple launched a legitimate app for IOS. The app brings the very popular LLM to Apple users at a time when some are becoming more hesitant about its use. It has not been that long since Samsung accidentally leaked confidential information via the platform. This prompted both Microsoft (a heavy investor) and OpenAI themselves to start work on private environments where data put into the model is not used to train it.
Well Crap, New Flaw in KeePass Allows Attackers to Recover Master Password via Memory Dump
Written by Sean Kalinich
KeePass has a bit of a memory issue. It seems that the master password is passed in clear text through memory. This tiny little (sarcasm) bug was identified by a security researcher who goes by the name as vdohney. A proof of concept (POC) has already been published which usually leads to in-the-wild exploitation of the flaw (tracked as CVE-2023-32784). Oh, and if you did not know KeePass is a password manager/vault.
More Repo Issues as Malware Found in NPM Node.js Packages
Written by Sean Kalinich
Popular open-source repository NPM is back in the news as a pair of packages were found to have malware in them. The malware in question is TurkoRat. TurkoRat is an open-source information stealer that has a few features attached to it. Among some of the components are things like a wallet grabber (wallets.js) which seems geared towards stealing crypto currency. Other components are ones you would expect from an InforStealer like credential theft etc. The package was found by ReversingLabs after it had been in place for two months.
Apple Rolling out a Feature that Lets Your iPhone Sound Just Like You, What Could Go Wrong
Written by Sean Kalinich
I’ll take stupid features for $500 Alex. It seems that Apple is looking to deploy a feature that would allow your phone to sound and reply just like you do. The feature called “Personal Voice” uses a form of AI to replicate the sound and speech pattern of your voice in as little as 15 minutes (queue GEICO joke here). The feature is part of an update to their built-in accessibility features toolkit and on the surface is intended to help people that have speech challenges. Personal Voice can be used for in-person conversations and via phone calls. This feature will be tied to something called Live Speech which allows someone to type in messages and have them spoken by your phone.
Microsoft Stops Pushing Defender Update That Hid a Bug Due to Bugs
Written by Sean Kalinich
Over the last few months Windows 11 users have dealt with an annoying bug in Windows Defender. The bug was a continuous restart prompt to “enable” LSA protection. The problem is that LSA was enabled the whole time. The system just did not acknowledge that his was complete and had a flag requiring a reboot to finish the configuration. To combat this Microsoft pushed out a patch that was really little more than removing the reboot flag from the registry.
Fake ChatGPT and Midjourney Sites used in Cyber-Attacks *** Updated ***
Written by Sean Kalinich
It was only a matter of time before something like this happened. As services like ChatGPT, Midjourney, Bard and other “AI” platform we viral, threat actors were bound to start trying to get in on the action. ChatGPT and Midjourney were easy targets for this as neither has a standalone app yet. To use them you have to get to their online presence; ChatGPT’s website or Midjourney’s Discord. This gap allowed the threat group known as BatLoader to start impersonating both of them via cleverly crafted Google search ads.
Inside a Ransomware as a Service Operation Shows How Simple and Profitable This can Be
Written by Sean Kalinich
As part of our ongoing (really never ending) series on modern ransomware, we are taking a look at a recent study of one Ransomware as a Service operation. In this case the look is at the Qilin scheme which was brought to light by Group-IB. They were able to infiltrate the group through a conversation with a recruiter (nothing like being invited in). The cybersecurity firm started their inside look in March of 2023 and what they found was eye opening. It shows that RaaS clearly pays well and that services like this make things easy and profitable for people looking to get in on the “fun” but might not have the skill set or infrastructure to do it on their own.
Steam Brings Their Own Version of the Short Attention Span Review
Written by Sean Kalinich
When DecryptedTech was much more hardware and gaming focused we used to have a review style called Short Attention Span. It was a very quick 90-minute test of a game which included first launch, general configuration and any game play that could be accomplished inside a 90-minute window. If the game could capture our attention, we noted it and it got a follow on review. If it did not, usually there was no further mention of it unless we had a direct request for a more complete review. To me the 90-minute window was enough to get a good understanding of how a game worked, what hurdles to actual play time there were and if I would like it or not. It was very subjective with some basic objective observations around game engine, enemy AI, and startup complexity/cut scenes.
Azure Serial Console being Abused for VM Takeover
Written by Sean Kalinich
Google owned Mandiant has released findings on a group known as Roasted 0ktapus, Scattered Spider and UNC3944 (sort of rolls off the tongue there). This group has been seen to abuse the Microsoft Azure Serial Console to push out their own remote management tools in previously compromised environments. The fact that this new technique is not available from outside of an existing environment is a good thing, but it does mean organizations should monitor access and improve controls to avoid account compromise.
More...
Microsoft Visual Studio Marketplace Found to Have Malicious Extensions Targeting Developers
Written by Sean Kalinich
Attackers are always looking to get targets coming and going. As such you have a very rich ecosystem of attack types to cover as much ground as possible. A concerning one has always been direct supply chain attacks. These attacks seek to compromise software during the development stage, so the malicious pieces get bundled into the released code and signed with a trusted certificate. The highly publicized attack on SolarWinds is one of those types of attacks and shows just how effective and dangerous they can be. Supply chain attacks some in multiple flavors including (but certainly not limited to) compromising code repositories, poisoned plugins or open-source packages, and targeting of developer systems.
Microsoft CEO Hints that New Games Might not be Available in the UK While Claiming Pro Competition Stance
Written by Sean Kalinich
Yesterday we talked about how the Microsoft Activision Blizzard deal had been approved by the European Commission (on antitrust) touting licensing deals that were pro competition. As we stated in that article, the licensing agreements only extend to cloud gaming services, they exclude consoles and other non-Microsoft controlled hardware. The EC and Microsoft are calling this very pro-competition even though cloud gaming represents around 1% of the market.
ChatGPT-4 Seems to Show Sparks of Near Human Reasoning
Written by Sean Kalinich
There is a quote from the movie “The Matrix” that has always stuck with me. It was a scene where Morpheus (Lawrence Fishburne) is explaining to Neo (Keanu Reeves) the state of the real world and the history that allowed it to get there. The line is “We marveled at our own magnificence as we gave birth to AI.” There is another important line from the HBO series “From the Earth to the Moon. This line take place when Frank Borman (David Andrews) was asked what caused the Apollo One fire, he replied “A failure of imagination.” These two lines compete for how I view the state of AI development. As we marvel at our own magnificence, we should not stop thinking about the potential risks involved as we push to advance AI. Yet that seems to be what is happening.
Microsoft gets a Green Light from the European Commission on Activision Blizzard Buy
Written by Sean Kalinich
It looks like the folks at the European Commission have decided that Microsoft buying out Activision Blizzard for $69 billion (with a B) is not going to be a violation of their antitrust rules. The approval means that there are only a few roadblocks to the deal going through. South Korea and China have not decided yet, while the US and UK have challenged it. The deal has been called the world’s biggest gaming takeover and is viewed by many as a bad thing for competition as it would leave Microsoft in control of a majority of game development groups.