From The Blog
-
ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
Written by Sean KalinichAlthough the news of the infamous ConnectWise flaw which allowed for the creation of admin accounts is a bit cold, it still is one that…Written on Tuesday, 19 March 2024 12:44 in Security Talk Read 699 times Read more...
-
Social Manipulation as a Service – When the Bots on Twitter get their Check marks
Written by Sean KalinichWhen I started DecryptedTech it was to counter all the crap marketing I saw from component makers. I wanted to prove people with a clean…Written on Monday, 04 March 2024 16:17 in Editorials Read 1577 times Read more...
-
To Release or not to Release a PoC or OST That is the Question
Written by Sean KalinichThere is (and always has been) a debate about the ethics and impact of the release of Proof-of-Concept Exploit for an identified vulnerability and Open-Source…Written on Monday, 26 February 2024 13:05 in Security Talk Read 1112 times Read more...
-
There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
Written by Sean KalinichIn what could be called a fantastic move, global law enforcement agencies attacked and took down LockBit’s infrastructure. The day of the event was filled…Written on Thursday, 22 February 2024 12:20 in Security Talk Read 1084 times Read more...
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 2133 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 1855 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 2124 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 2098 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 1891 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 116524 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 87479 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 82031 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 80335 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 70988 times Read more...
There is Good News and Bad news in the Atlassian Outage.
Written by Sean Kalinich
On April 6th news of an outage at Atlassian that affected customers using Jira, Confluence and other products started to surface. The outage started the day before on the 5th and started rumors of everything from a ransomware attack to a potential breach. The rumors were quickly dispelled by Atlassian who stated that a routine maintenance script accidentally “disabled” a small number of customer sites. While their status page showed the status of affected products to be “active Incident”. The messages to customers indicated that restoration of sites would take “several days”, but now a week later there are still people reporting that their sites are still unavailable.
CISA warns that US ICS/SCADA Systems are being Targeted by Threat Groups
Written by Sean Kalinich
CISA has issued another warning that SCADA/ICS systems are being targeted for attack. This time they are in the sights of Nation-State groups and with customized tools. The tools are part of follow-on activities after the initial beachhead has been established. These days gaining initial access to a network, even for infrastructure, does not seem to be a difficult task for nation-state groups.
Law Enforcement Celebrates Another Hacker Forum Takedown as the Seizure of RaidForums is Announced.
Written by Sean Kalinich
2022 has been a busy year for the information security industry on both sides of the playing field. We have seen an increase in target attacks on businesses, a larger number of Zero-Day vulnerabilities disclosed that were being actively exploited in the wild, several major companies had data stollen and leaked, and we cannot forget the threat actor war going on over the Russian Invasion of Ukraine. With all these items, law enforcement agencies have also been very busy with the seizure and shut down of two major “hacker” marketplaces, Hydra and RaidForums.
Open Source Takes Another Hit as 3rd Protestware Shows up in NPM Repository
Written by Sean Kalinich
The Open Source community has been one that many leverage to help build their applications. It has become a great place to find applications packages that make building out a larger application or eco systems less time consuming. We see this in just about every development space from large to small. Having helpful sources of working code can speed up the development lifecycle and allow for greater interoperability as many applications use the same dependencies and core functions. The open source community is a great resource and typically is one that you can trust to pull code from.
Twitter Backtracks on Removing Embedded Tweets from 3rd Party Websites after Deletion for Now
Written by Sean Kalinich
Twitter is an interesting company. On the one hand they act like they are a bastion of free speech and have stood up for the anonymity of some of the users. They have, in the past refused government interference in how their users post information and respond to tweets on their service. They claim to be against bullying and hate. At the same time, they have suspended accounts, removed tweets and permanently banned people for some very arbitrary reasons. They have stood their ground over this even when proven wrong about the original action. They have also left up tweets calling for violence by some while removing others, very confusing.
Leaked Conti Ransomware used in Attacks on Russian Targets
Written by Sean Kalinich
Not that long ago, a Ukrainian security researcher published a vast number of internal chats from the Ransomware group Conti. On top of that treasure trove of information the same researcher also published the source code for the Conti Ransomware. The leak of information came after the Conti group pledged their full support of the Russian invasion of Ukraine and vowed to target anyone they felt was waging cyber-war on Russia. The message was later toned down, but the effect still lingers and was one of the moves that started an interesting threat group war.
Crypto Mining Malware Targeting Amazon Lambda Serverless Environments
Written by Sean Kalinich
Some needs to let Gordan Freeman know that the Xen aliens are attacking Lambda, time to grab a crowbar and go to work. Ok, so there are no invaders from a border dimension coming and the Lambda in question is really Amazon’s Lambda Serverless function in AWS while the threat is a bit of crypto mining malware that appears to have been specifically written for Lambda in Google’s Go.
The State of Banking and Financial Malware on Google’s Play Store is Just Bad
Written by Sean Kalinich
It looks like there has been another round of malware identified on the Google Play sore and, you guessed it, the majority is focused on banks and other financial institutions. The combination of apps found totals around 515,000 downloads. 500,000 of these downloads are being attributed to a new trojan dubbed Octo and appears to be distributed via fake apps uploaded to the Google Play store.
Twitter Moving to Allow Manipulation of Embedded Tweets on 3rd Party Websites
Written by Sean Kalinich
Twitter has been in the new a lot over the last few years. From deleting accounts of people and groups for very flimsy reasons to censoring posts that contain factual, but non-popular information. It seems that they just cannot help themselves when it comes to abusing community standards. The practice has even accelerated after Jack Dorsey left the company as CEO. The seemingly one-sided application of community standards has led to much criticism of the platform. The level of disappointment even led to Elon Musk buying 9.2% of the company and gaining a seat on the board of directors (not that this will accomplish much).
Financial Threat Group, FIN7 Shows Signs of Evolving Tools and Coordination with Ransomware Groups
Written by Sean Kalinich
For some reason, malware, attacker tools, and even the threat groups themselves tend to be viewed and talked about as static objects (outside of the security and threat analytics world). Malware is just Malware, the same with Ransomware strains. Once they get named, they are that way forever. However, that is the farthest thing from reality. Threat Groups evolve their tactics, toolsets, and they even have DevOps around their malware/ransomware.
More...
New Tactic Could be Used to Impact Charging Stations for Electronic Vehicles
Written by Sean Kalinich
Imagine you are standing at a charging station charging your shiny new EV. You smugly look at all the antiquated gas-powered cars as they pay large amounts of money to keep their old, polluting, conveyances functional. Suddenly your charging station just stops working. No reason is given just that you need to try again. You plug it in, and it happens again.
Hackers Compromise MailChimp to Pivot to Crypto and Finance
Written by Sean Kalinich
Over the weekend news surfaced that indicated users of Trezor hardware crypto wallets had received emails claiming Trezor had been breached and urging the user to reset their PIN as soon as possible. The emails turned out to be a phishing campaign that leveraged the compromise of MailChimp marketing tools. The latter was confirmed by MailChimp on Sunday after Trezor made the statement following the large number of reports on the phishing emails.
So, today is April 1st and with the net full of clever ideas to play a joke on readers it can be fun to sort through what is real and what is not. Because of this, we are going to take a day off to teak some confiigurations, maybe reload an system or two and just have some good bourbon in the process.
We will pick up our normal repoting tomorrow and will be throwing in some how-to's and explantions of different components, tools and more.
For any news letter subscribers, we are aware that our current system might not be sending them out properly and will be using this time to address that issue.
Thanks and have fun today!
FBI Sent out an Advisory Alleging a Targeted Campaign Against State Election Officials
Written by Sean Kalinich
The FBI, on March 29th, released a Private Industry Notification with vague details on a potential Phishing campaign targeting election officials in at least nine US states. The information in the advisory gives very broad information without really saying much. There is no information in the notification on which states were targeted and the phishing campaign sounds a lot like ones that are sent out to millions of people every day.