From The Blog
-
Microsoft Talks about Now-Patched SIP bypass Bug in macOS
Written by Sean KalinichApple’s System Integrity Protocol (SIP) has been something of a mix bag when it comes to security. It is a great feature from a raw…Written on Wednesday, 31 May 2023 11:51 in News Read 38 times Read more...
-
As Microsoft Deal Slows, Sony Now Under Investigation for Market Abuse
Written by Sean KalinichThere is no such thing as a coincidence, especially in the business world. If you hear of something and the timing seems suspicious, it is…Written on Wednesday, 31 May 2023 09:14 in Game Thoughts Read 87 times Read more...
-
the Google Way to Break Encryption in RCS by Forcing AI
Written by Sean KalinichGoogle has been very interested in pushing new standards for messaging, Rich Communication Services. RCS started in 2007 as a new way to make “texting”…Written on Tuesday, 30 May 2023 14:17 in News Read 157 times Read more...
-
Google’s New Zip Domains Can be Easily Abused for Phishing and Malware Payloads
Written by Sean KalinichThis one will get filed in the “you knew it was going to happen” file. After the announcement of a few new top-level domains (TLDs)…Written on Tuesday, 30 May 2023 10:46 in News Read 315 times Read more...
-
Indirect Prompt Injection Attacks, The least Acknowledged Flaw in AI Today
Written by Sean KalinichWait, another danger of AI article? Yes, another one. Since far too many people and companies are ok with ignoring the dangers simply for the…Written on Thursday, 25 May 2023 16:02 in News Read 350 times Read more...
-
Leaked LockBit and Babuk Ransomware repurposed by Buhti in new Payloads
Written by Sean KalinichThe leak of tools used by threat groups, and spying agencies are events of inestimable importance in both the threat group and security worlds. To…Written on Thursday, 25 May 2023 10:52 in News Read 653 times Read more...
-
The Microsoft Activision Blizzard Deal, Let’s Talk about the Elephant in the Room
Written by Sean KalinichMicrosoft’s $69 Billion wish list includes the acquisition of Activision Blizzard and all the goodies that it controls. This deal has been called the largest…Written on Thursday, 25 May 2023 09:26 in Game Thoughts Read 553 times Read more...
-
Geoffrey Hinton, one of the Godfathers of AI, Says AI is an Imminent Existential Threat
Written by Sean KalinichGeoffrey Hinton, a former engineering fellow at Google and a vice president focusing on AI has made comments after his retirement from Google earlier this…Written on Wednesday, 24 May 2023 14:09 in Editorials Read 266 times Read more...
-
More Malware Discovered in Google Play Store this Time in a Popular Screen Recording App
Written by Sean KalinichThe Google Play Store is and has always been something of a playground for mobile malware groups. Over the past few years hundreds of malicious…Written on Wednesday, 24 May 2023 12:13 in News Read 255 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 115094 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 84176 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 78354 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 77745 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 67320 times Read more...
Just When You Thought It Was Safe to Samba Again, New Vulnerability Allows Remote Code Execution
Written by Sean KalinichSamba has released several updates that patch critical flaws in their popular Sever Message Block (SMB) freeware implementation. SMB is a protocol that allows for simple sharing of network resources and has had its share of critical vulnerabilities in the past. The sharing of network resources is a common target for attackers as it can be a quick an easy way to compromise a system. One of the vulnerabilities includes all versions of Samba before 4.13.17 (CVE-2021-44142).
Microsoft Buys Activision, Sony Buys Bungie the Console Wars Heat Up
Written by Sean KalinichThe war between Microsoft’s Xbox and Sony’s PlayStation has been going on for a while. As the two companies fight it out the consumer, for the most part, has been the winner. Each new generation of console has brought with it new technologies, better performance and really upped the game regardless of which camp you are in. It is true that prices have also gone through the roof, but that has not stopped eager fans from buying out inventory as soon as it hits the shelves.
All-In Security Consulting
In building a new business, or operating an existing one, there you spend a lot of time figuring out what you are going to sell, why you are going to sell it and or course how you are going to get your goods/services to market (not to mention actually selling it). However, one thing that tends to not be a part of the business planning process is security. As a small or even medium sized business owner this important item can be overlooked during the planning and even the first years.
New Apps Allow Retrieval of Deleted Message for Users of WhatsApp on Android
Written by Sean KalinichWhatsApp is one of a group of relatively secure messaging services available to both iPhone and Android users. WhatsApp states that it supports full end-to-end encryption, secure deletion of messages (by the sender and receiver) as well as the option to setup disappearing messages. It can also be set to block screen shots of chats which is nice when you want to keep your conversation private.
Direct Carrier Billing Scam Apps Nab 105 Million Users on Mobile Devices
Written by Sean KalinichScammers and threat groups are nothing if not creative. They have time and quite a bit of talent on their hands to figure out ways around security features and gateways to get what they want. Take the recent discovery of Dark Hearing; this lovely mobile malware/scam gem was discovered by Zimnperium and was inserted into several seemingly benign apps. These apps were pushed to Google Play where they were downloaded by hundreds of millions of people.
Services
DecryptedTech provides a variety of consulting services geared towards any sized business. As DecryptedTech is a context aware service we can quickly adapt to your needs and scale well across multiple verticals. We work to make operationalizing your IT infrastructure and security easy to manage and maintain.
Contact us for more information about our Consulting Services
DecryptedTech offers something different: context-aware service. We work to understand not only what you are looking for and need, but also how these items impact your business. It is no longer enough to just buy or install a service or product. The product must work well within your environment and culture.
MFA App on Google Play Store Used to Install Banking Malware
Written by Sean KalinichMobile device security is not where is should be. There is just no way around this fact. The vas majority of people simple download and install an app on their phone or tablet thinking that they are not going to get something nasty. They never review the permissions that new app is asking for or what those permissions might allow it to do. Now it seems that clever threat actors have slipped a malware into a Multi-Factor Authentication (MFA) App.
Security Awareness Training Versus Security Culture Building
Written by Sean KalinichWe have all opened our emails and seen the message “you have annual security awareness training assigned”. This message is one that usually elicits eye-rolls and groans of frustration. Who wouldn’t be annoyed? After all, these trainings are simplistic, boring and they take time out of your day to get done. They also tend to have little to no effect on user security practices. Running phishing and social engineering tests in an environment will almost certainly yield the same groups of people.
Yesterday Apple released several patches for their different operating systems. One that we have talked about before is a core bug in Apple’s WebKit based Safari. This bug could potentially leak personal information regardless of the privacy settings you had enabled. In macOS you could always change to another browser that was not WebKit based. On iOS, iPadOS, watchOS and other app store locked devices there was no option as Apple requires every browser to use WebKit for its render engine.
More...
Meta works to add security to messenger that should have been there
Written by Sean KalinichMetabook has announced some new security features in their messenger app and platform. Many of these are items that competing SMS/MMS applications and services already have, but Meta knows that they need are now facing some solid competition, so they are finally getting around to these. Of course, this does not mean that people are going to flow back to Meta Messenger. None the less, it is good to see these show up.
What’s in a name? Well, quite a bit really. The name of something can be the make or break for a product in many instances. When Facebook decided to rebrand themselves as Meta, most people though it was both presumptuous and rather funny. The ego behind a move like that as well as the “wannabe” feel to it (remember when Google changed their parent company name to ABC?) had the memes flowing.
Phishing Campaign Leverages New Technique to Evade Detection
Written by Sean KalinichResearchers at Morphisec have detailed a new delivery type for AsyncRAT (Remote Access Trojan) used in part of a phishing campaign that has been running since at least September 2021. The phishing part of the campaign is routine, an email with an HTML attachment. The attachment looks like a receipt. When opened, the victim is directed to a webpage that asked them to save a file (an ISO file). On the surface it looks like it would be a regular file download that will go through common security channels. However, things turn out not to be what they expected (read that in Morgan Freeman’s voice).
IAG Prophet Spider Targeting VMWare Horizon Servers Via Log4J Vulnerability
Written by Sean KalinichA shell for me, a shell for you, a shell for everybody in the room. If you have not heard about Log4J and the associated vulnerabilities in versions between 2.0 and 2.16 you might have not been near a computer in quite a while. This Remote Code Execution vulnerability that has several CVEs (common vulnerabilities and exploits) associated with it is commonly lumped into the term Log4Shell. Log4J itself is a Java based Apache logging framework that is in widespread usage in many applications. The list of impacted applications is not, and may never be, known. Many vendors have release complex mitigation steps and patches, but many devices are not getting patched (nothing surprising here). This has allowed this vulnerability to become quickly weaponized and used in targeted attacks.