From The Blog
-
Microsoft Talks about Now-Patched SIP bypass Bug in macOS
Written by Sean KalinichApple’s System Integrity Protocol (SIP) has been something of a mix bag when it comes to security. It is a great feature from a raw…Written on Wednesday, 31 May 2023 11:51 in News Read 72 times Read more...
-
As Microsoft Deal Slows, Sony Now Under Investigation for Market Abuse
Written by Sean KalinichThere is no such thing as a coincidence, especially in the business world. If you hear of something and the timing seems suspicious, it is…Written on Wednesday, 31 May 2023 09:14 in Game Thoughts Read 90 times Read more...
-
the Google Way to Break Encryption in RCS by Forcing AI
Written by Sean KalinichGoogle has been very interested in pushing new standards for messaging, Rich Communication Services. RCS started in 2007 as a new way to make “texting”…Written on Tuesday, 30 May 2023 14:17 in News Read 158 times Read more...
-
Google’s New Zip Domains Can be Easily Abused for Phishing and Malware Payloads
Written by Sean KalinichThis one will get filed in the “you knew it was going to happen” file. After the announcement of a few new top-level domains (TLDs)…Written on Tuesday, 30 May 2023 10:46 in News Read 315 times Read more...
-
Indirect Prompt Injection Attacks, The least Acknowledged Flaw in AI Today
Written by Sean KalinichWait, another danger of AI article? Yes, another one. Since far too many people and companies are ok with ignoring the dangers simply for the…Written on Thursday, 25 May 2023 16:02 in News Read 350 times Read more...
-
Leaked LockBit and Babuk Ransomware repurposed by Buhti in new Payloads
Written by Sean KalinichThe leak of tools used by threat groups, and spying agencies are events of inestimable importance in both the threat group and security worlds. To…Written on Thursday, 25 May 2023 10:52 in News Read 653 times Read more...
-
The Microsoft Activision Blizzard Deal, Let’s Talk about the Elephant in the Room
Written by Sean KalinichMicrosoft’s $69 Billion wish list includes the acquisition of Activision Blizzard and all the goodies that it controls. This deal has been called the largest…Written on Thursday, 25 May 2023 09:26 in Game Thoughts Read 553 times Read more...
-
Geoffrey Hinton, one of the Godfathers of AI, Says AI is an Imminent Existential Threat
Written by Sean KalinichGeoffrey Hinton, a former engineering fellow at Google and a vice president focusing on AI has made comments after his retirement from Google earlier this…Written on Wednesday, 24 May 2023 14:09 in Editorials Read 266 times Read more...
-
More Malware Discovered in Google Play Store this Time in a Popular Screen Recording App
Written by Sean KalinichThe Google Play Store is and has always been something of a playground for mobile malware groups. Over the past few years hundreds of malicious…Written on Wednesday, 24 May 2023 12:13 in News Read 255 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 115094 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 84176 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 78354 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 77745 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 67320 times Read more...
Hacking Groups that Plant Fake Evidence Identified in Trukey and India, Where Else are They?
Written by Sean Kalinich
SentinelOne’s threat team has been tracking a couple of threat groups with an unusual goal. These groups are not looking to steal money or get a ransom, instead they are looking to track, monitor and incriminate specific targets. The targets that have been identified so far have been journalists and activists that oppose government practices. So far, the countries where these groups have been identified are limited to India and Trukey but if threat groups like this have been found there, it is likely they are everywhere.
Russia Shutters Four Marketplaces for Stolen Credit Cards on the Dark Web
Written by Sean Kalinich
The Dark Web (whispered in Letterkenny) is a playground for all kinds of illegal activity. One well traded item is Personal Information including Credit Card numbers. Due to the state of security in most organizations (Stuart!) there is no shortage of personally identifying information and credit cards for sale. There is a lot of money that trades hands around this as well, so it has been and will continue to be a target for law enforcement in the constant battle against the financial threat actor groups.
Linux Attacks and Malware on the Rise as the Workforce Shifts to Remote
Written by Sean Kalinich
The shift to services like AWS, GCP and more have meant that many organizations are also making a shift away from the Microsoft Windows platform and moving to a Linux centric environment and while this is a good move for the most part, it has left many open to exploit due to improper configurations and a lack of proper security tools to protect their environments.
Web Site Data Analytics Gathering May Violate GDPR, Google Analytics Does.
Written by Sean Kalinich
It seems that web site data analytics are now on the radar for privacy regulators in the EU, especially Google Analytics collection tools. Recently data protection regulators in Austria and France have rules that the collection of user data by Google combined with the unregulated transfer of this information out of the country (back to the US in particular) is a violation of GDPR.
Nvidia-ARM Deall off Citing Regulatory Challenges
Written by Sean Kalinich
In September 2020 Nvidia announced that it was in talks to acquire ARM Holdings from SoftBank Group Corp. The deal was not surprising, but it did send waves through the industry. The concerns around this deal were and are the same as the ones currently surrounding the Microsoft-Activision deal. Given the level of competition in the industry, would Nvidia use its new purchase to create roadblocks for their competition? Nvidia has always maintained that they would never do anything like this, but their assurances were never enough to get past regulators.
Strategy, Tactics, and Logistics. How They Fit into the Threat Landscape
Written by Sean Kalinich
The Threat Landscape is an interesting topic of discussion. It is a constantly changing thing and even the best predictions can often fall short of the actual threat. This is because in most cases, the attackers are a step ahead of the defenders. They have the advantage, to coin a D&D phrase, they won the initiative roll. Defenders are always waiting to see what might happen, they plan without really knowing what the attackers are going to do which means they have to be secure everywhere (not really a possibility). To help them put their resources in the right places, most security teams rely on threat intelligence feeds and an understanding of the Threat Landscape.
Activision is Not the Only Purchase Microsoft is Eying as Rumors Pop Up Around a Mandiant Buy
Written by Sean Kalinich
The news has been abuzz about the $65+ Billion-dollar purchase of Activision/Blizzard by Microsoft. It has been seen as an opening shot in a new stage in the console wars and is, even now, under review by the FTC. However, there are rumors that Mandiant and Microsoft are in talks about a potential acquisition of the Incident Response company. These rumors come on the heels of an announcement by Mandiant that they are partnering with NextGen XDR developer SentinelOne. Where to start on this one…
UEFI Bootkits and Malware are Becoming More Common as Attackers Refine their Techniques.
Written by Sean Kalinich
UEFI (Unified Extensible Firmware Interface) was designed to replace the old and outdated BIOS (Baic Input Output System). The older BIOS setup was slow and not very secure. It gave attackers several entry points for infection and persistence at that level. The older BIOS standard was also susceptible to attack and compromise (think the Chernobyl BIOS virus). Something new needed to be put in place to help speed things up and help account for more complex hardware and software. Hence the UEFI was born.
Facebook’s History Gives Concerns about Social Stalking and Abuse in the Metaverse
Written by Sean Kalinich
Facebook has not had the best history when it comes to handling online bullying, social stalking and even sexual abuse and exploitation. They do have and are continuing to develop tools to fight against this, but for the most part they do not take a very proactive role in policing this type of behavior. To some it seems that they spend more time “fact checking” and policing opinions than they do addressing any truly bad behavior. It is up to the user to make sure they are practicing good and safe habits when using Facebook or Instagram, not the platform.
Follow Us
More...
Microsoft Begins Blocking their Own App Web Installer Files
Written by Sean Kalinich
The concept of the app as opposed to the application is one of those nuanced distinctions that miss many people. When it comes to a mobile device an app is a bundle that that allows the installation of an application and its dependencies like an Android APK or Linux installer package. On Windows this has been a foreign concept as the thick application installer has been the defacto for so long. The .exe and .msi application is just how things get done. With the launch of Windows 8 and the “Microsoft Store” the app came to Windows.
Android Banking Trojan Medusa Piggybacking on FluBot’s Deliver System
Written by Sean Kalinich
The rise of the smart device meant that more and more people were going to be using these for more than just communication. Mobile banking, mobile home automation, mobile car monitoring, you name it, there is probably an app for it. With this new and powerful accessibility there comes risk. Attackers know that mobile security is not exactly where it should be, and that people are more trusting on their phones than they might be on their laptops and desktops (maybe). We also have the issue with how mobile apps access the information they have permissions to and display it to the user. To call mobile device security a mess would be a gross understatement.
Microsoft is Finally Blocking Downloaded Macros by Default in Office
Written by Sean Kalinich
Back in the late 90s’ the first macro viruses appeared on the scene. The leveraged a feature of Microsoft Office that allowed a malware developer to execute programmed instructions via the office interface. This new option opened a lot of avenues for inserting a malicious payload on to a target system. Now some 20+ years later Microsoft is finally really doing something about this hole in their Office product. The are blocking all downloaded/external macros by default.
Meta’s $10 Billion Metaverse losses, Are They Normal or an Indication?
Written by Sean Kalinich
There has been a lot of talk about Meta’s The Reality Labs department losing $10 Billion on devilment of Metaverse. Mant articles have focused on the negative and the overall amount of money lost while others have chosen to focus on more positive or normalized effects of the loss and what is means long term. The argument seems to be split in a couple of ways. The first is that $10 Billion is not a devastating loss in terms of R&D on a potential defining product for a company that made $117+ Billion in 2021. The second is that a $10 Billion dollar loss on a new product is a bad thing and might be an indication of a lack of true acceptance.