From The Blog

Apache and their open-source tools have gotten a lot of press lately. After the Lgo4Shell vulnerability in their Log4J tool, and the massive response from vendors and security organizations we are now learning that researchers have discovered a remote code execution flaw in the NoSQL database management tool Cassandra. This time, unlike Log4J flaw the disclosure comes with a patch already available for installation.

Meta (Facebook) has a long history of privacy and other abuses of the platform they control. We have seen everything from abusing facial recognition technology to tracking users’ internet history after existing the platform. These types of abuses are concerning for both obvious and not so obvious reasons. On the surface the collection of personal information outside of actual platform use by Facebook is not a good thing, but when you also roll in the fact that large tech groups like Facebook also share information with government agencies freely and without recourse it makes the problem larger.

Google has announced the release of a new version of Chrome. The new version comes with fixes for eight vulnerabilities. Once of these vulnerabilities CVE-2022-0609, which is describes as a user-after-free vulnerability is already being exploited in the wild. This has led them to advise users to updated Chrome as soon as possible to avoid compromise. The flaws were found by Google’s own Threat Analysis Group.

On December 4th, 1981, then President Ronald Regan signed Executive Order 12333. This Order, further amended by EO13284 in 2003, 13355(2004) and 13470(2008), is what grants and governs the collection of intelligence by Federal agencies. These agencies include the NSA, the CIA and to a lesser extent the FBI and Department of Homeland Security. The collection of information includes what is often referred to as signal intelligence. This type of intelligence if the collection of any information that is transmitted via electronic means. This wonderful blanket definition has been the basis of many borderline illegal data collection programs and a few outright illegal ones.

Management and a monitoring software are ubiquitous in the IT operation industry. They are force multipliers that allow for what are usually small teams to manage a large number of assets. By design they need to have elevated permission to accomplish their intended tasks. The problem is that these permissions also make them targets for attackers. This means that developers of these tools need to take extra steps to ensure that they are not vulnerable to attack or become the thing that compromises a network.

According to reports form the Wallstreet Journal, Cisco has attempted to take over Splunk for more than $20 Billion. The acquisition would be the largest in Cisco’s history by far. Cisco has a history of buying technology companies and integrating them into their product suite. The aftereffects of these purchases are not always ideal from a consumer perspective. Although though an offer has been made the two companies are not in active talks.

SentinelOne’s threat team has been tracking a couple of threat groups with an unusual goal. These groups are not looking to steal money or get a ransom, instead they are looking to track, monitor and incriminate specific targets. The targets that have been identified so far have been journalists and activists that oppose government practices. So far, the countries where these groups have been identified are limited to India and Trukey but if threat groups like this have been found there, it is likely they are everywhere.

The Dark Web (whispered in Letterkenny) is a playground for all kinds of illegal activity. One well traded item is Personal Information including Credit Card numbers. Due to the state of security in most organizations (Stuart!) there is no shortage of personally identifying information and credit cards for sale. There is a lot of money that trades hands around this as well, so it has been and will continue to be a target for law enforcement in the constant battle against the financial threat actor groups.

The shift to services like AWS, GCP and more have meant that many organizations are also making a shift away from the Microsoft Windows platform and moving to a Linux centric environment and while this is a good move for the most part, it has left many open to exploit due to improper configurations and a lack of proper security tools to protect their environments.

It seems that web site data analytics are now on the radar for privacy regulators in the EU, especially Google Analytics collection tools. Recently data protection regulators in Austria and France have rules that the collection of user data by Google combined with the unregulated transfer of this information out of the country (back to the US in particular) is a violation of GDPR.