From The Blog

Facebook makes their money off their users. That is no shock to anyone considering the number of investigations currently ongoing over Facebook’s data collection practices. Of course, Facebook is not the only group collecting this type of information, they just tend to take it a bit farther than most of the other groups. Because of these invasive data collection practices many countries have tightened their laws around what can and cannot be used to develop and send out targeted ads. This has included a whole new category for “intimate” information. Even Apple has decided that this style of data collection might be out of bounds and have change their own privacy policies in iOS.

Microsoft has a history of making solid products that go nowhere. If you look at their history this is very clear from Windows Phone to Zune and more. They build it, fail to focus on penetrating the market and then scrap it despite the many talented people on the teams for each of these. Now history is repeating itself in the form of HoloLens.

Microsoft’s Threat Intelligence team has recently disclosed their discovery and analysis of a new malware family. The malware in question is being tracked as a Trojan named UpdateAgent. The team has been watching as it progressed from a simple information stealer for the macOS to much more sophisticated capabilities including being able to bypass the macOS Gatekeeper security function.

The SolarWinds supply chain attack was and still is one of the most complex and ingenious attacks that has come to light. How it was discovered is also an interesting topic for another conversation. The attack group in question is still being speculated on although one most people tend to gravitate towards is the Russian APT group COZY BEAR (APT29). The actual attack and compromise of the software repository at SolarWinds is the stuff of legend. Once that was completed it allowed the attackers access to a wide swath of business verticals along with government agencies from a single trusted source. They could, almost on a whim, compromise anyone that leveraged the SolarWinds product. Of course, supply chain attacks are nothing new and are not going anywhere. They are complicated to set up and maintain, but once in place they can yield amazing results.

Yesterday we talked about Microsoft’s plans to buy Activision Blizard as well as Sony’ plans to buy Bungie. We covered what these could mean in terms of content control and splitting console ownership into what titles people like. Although both Microsoft and Sony are committed to releasing content for both consoles, once the existing contracts run out, things could be very different. Because of this potential monopoly of content by the Activision Blizzard deal, the FTC is going to take look at it.

We first talked about the using the UEFI firmware as an attack vector (At Def Con 22 in 2014). Since that time there have been three identified and disclosed versions of malware that directly targeted this critical subsystem. That would seem to be a relatively small percentage given the time since it was first uncovered, the number of devices that operate using the UEFI firmware subsystem, and the time between then and now. However, this is only ones identified and in most of the identified cases were found because of the method of delivery for the OS payload. This begs the question, are there more out there that just have not been found?

Tracking users and devices as they browse the web is a common thing these days and has been for many years. The technology has evolved from the original tracking cookie to some of the more advanced methods in use now, but the concept is the same. How can someone identify an object on the internet and follow it. Regardless of whether the information is used for “legitimate” or nefarious purposes, the technology remains and continues to move forward.

Samba has released several updates that patch critical flaws in their popular Sever Message Block (SMB) freeware implementation. SMB is a protocol that allows for simple sharing of network resources and has had its share of critical vulnerabilities in the past. The sharing of network resources is a common target for attackers as it can be a quick an easy way to compromise a system. One of the vulnerabilities includes all versions of Samba before 4.13.17 (CVE-2021-44142).

The war between Microsoft’s Xbox and Sony’s PlayStation has been going on for a while. As the two companies fight it out the consumer, for the most part, has been the winner. Each new generation of console has brought with it new technologies, better performance and really upped the game regardless of which camp you are in. It is true that prices have also gone through the roof, but that has not stopped eager fans from buying out inventory as soon as it hits the shelves.

Monday, 31 January 2022 15:50

All-In Security Consulting

In building a new business, or operating an existing one, there you spend a lot of time figuring out what you are going to sell, why you are going to sell it and or course how you are going to get your goods/services to market (not to mention actually selling it). However, one thing that tends to not be a part of the business planning process is security. As a small or even medium sized business owner this important item can be overlooked during the planning and even the first years.