From The Blog
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 728 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 362 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 715 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 534 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 658 times Read more...
-
Leaked Data from Duolingo incident Shows US is most Impacted
Written by Sean KalinichDuolingo, is a language learning site (not to be confused with an LLM) and has a very large base of users. The site is a…Written on Tuesday, 29 August 2023 19:12 in Security Talk Read 1080 times Read more...
-
We talk about the Ransomware Threat Landscape with SecureWorks at Black Hat 2023
Written by Sean KalinichBlack Hat 2023 – Las Vegas, NV – One of my personal focuses is understanding the “Why” behind changes in the threat landscape. In simple…Written on Tuesday, 29 August 2023 18:26 in Security Talk Read 589 times Read more...
-
Now Patched Flaw Leverages Abandoned Reply URL found in Entra ID allows for Privilege Escalation
Written by Sean KalinichMicrosoft has not been having the greatest of months. First it was identified that a stollen MSA signing key was used by a Nation State…Written on Monday, 28 August 2023 15:39 in Security Talk Read 1306 times Read more...
-
Qrypt Looking to Attack the Inefficiencies in Quantum Encryption to make Quantum Secure Communication a Reality Today
Written by Sean KalinichBlack Hat 2023, Las Vegas – At Black Hat one of my favorite things to do is see what the latest buzzword(s)/phrases are. One of…Written on Monday, 28 August 2023 12:53 in Security Talk Read 804 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 115436 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 85227 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 79555 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 78521 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 68364 times Read more...
As Work from Home Increases with COVID-19 Cases are We Looking at a Playground for Threat Actors? Featured
Written by Sean Kalinich
In December 2019 a new virus was detected in Wuhan China, this virus (COVID-19 or the Coronavirus) has spread rapidly through out China and the rest of the world. With its apparent ease of transmission and difficulty in detecting (early stages can look like the Flu), many companies are looking into allowing employees to work from home more in an effort to slow down the spread of this potentially deadly virus. The question is, are these companies really ready to have so many people connecting in from home, or are we potentially opening or a massive hole that threat actors are bound to exploit.
With More and More Hardware Flaws Found, How Will the Security Industry Respond? Featured
Written by Sean Kalinich
The IT Security industry has spent billions of dollars on software to keep you “safe” from malware and attackers. Whether that money was spent in marketing or actual product improvement is up for debate. Still the fact remains that each year we hear about new advances that can keep you and your systems safe from Malware and or threat actors. Almost all of these systems rely on software to do their job and in most cases cannot even see beyond the OS they reside on. This focus has caused the development of a massive blind spot, hardware-based attacks.
New Tech, Stale Tech, and the Diminishing Security Skill Set Featured
Written by Sean Kalinich
Although not a new subject here at DecryptedTech we thought it was time for us to dive into three of serious issues in the security world (out of many). The three we are covering today are emerging technologies, stale technologies and how the security, and IT, skill set seems to be diminishing. All three are cause for concern and often seen as at least contributing factors in breaches. What make this more interesting is that in many cases the three are connected.
When updates go wrong, horribly wrong Featured
Written by Sean Kalinich
When you think about operating system updates you probably do not think about the security team. Sure, there are security patches and such, but those are on the operations team and not really pushed out by the security team. Well, that is when they are done properly by the OS vendor.
We take a look at the Pico Pro Home Brewing Machine Featured
Written by Sean Kalinich
Technology has brought us a ton of interesting and fun devices. We have smart phones, Smart TVs, Wireta… I mean home personal assistants and even home automated brewing systems. The latter is going to be the subject of our review toady. The concept of home brewing is not new at all. People have been spending lots of money to boil grain (and adding hops) to ferment it into the magnificent substance we call beer. However, boiling grain and inserting hops into your different mash stages can be both boring and time consuming for many. Enter IoT and the concept of the connected device. Beer enthusiasts realized that they could use a certain level of technology to pre-program temperature, mash time, bittering etc. all into a computer and push that information to the cloud. There are a few products on the market that fit this bill, today we will be looking at one of the more popular and efficient systems, the Pico Pro. The Pico Pro is not new technology, but I felt it was time to take look at this from both a “it makes beer” and a technology perspective.
The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out Featured
Written by Sean Kalinich
When Red Digital Cinema first announced they were looking to build a phone many people were very interested. The idea that the company who turned the world of cinema cameras on its head taking on the stagnant world of smartphones with mediocre cameras was a big one. Sadly, after the announcement there were significant delays for the new device. Happily, for the rest of the smartphone world, newer generations of cameras and camera software began to up their game on what we can do with our smartphone cameras. Still, this is Red we are talking about here, so despite these advances they were sure to have a significant product. If you read most of the “reviews” out there you would not think that was the case. Personally, I was not deterred by the reviews as most of them came off as incomplete. I decided to take it for a spin, but not a quick 15 minutes, but a 30-day plus test run including taking it around to get reactions from other people. So, with that in mind, let’s see what we found.
Dell and others move to disable Intel's Management Engine
Written by Sean Kalinich
It seems that PC makers are not happy with the Intel’s Management Engine (IME) and the flaws that keep being found in it. The original flaw allowed attackers a clean way to compromise a system including uploading malware and exfiltrating data. This could be done in a way that bypassed most security systems and even allowed for tampering with the UEFI BIOS if the attacker was sophisticated enough. To their credit, Intel did warn people and manufacturers about this and patched it fairly quickly. The problem is, now that the cat is out of the bag about one flaw; there are sure to be more.
Root7 Pink Himalayan Salt Shot Glasses Up on Test Bar... Featured
Written by Sean Kalinich
Every now and then, we get a chance to take a look at something that is a little outside of the tech world. A few months ago as I was contemplating a vlog series entitled “Bits, Bytes and Beer”; we received a very cool package in the mail. It was a set of shot glasses made from Himalayan Pink Rock Salt. It seemed a very fortuitous product to hit our lab and one that we certainly want to go into detail on now. So, let’s take a quick look at the Root7 Pink Himalayan Rock Salt shot glasses.
Voice is an often overlooked big threat vector as phone fraud rises – part I Featured
Written by Sean Kalinich
Def Con 25, Las Vegas, NV –
Your phone rings and you check the number as a precaution against marketing calls and it looks like it is from your office. The voice on the other end says that there is an issue on the network and they need your assistance to troubleshoot. The person is calm, friendly and helpful so you agree to assist. By the time it is all done you have in advertently given away vital information about your network to a potential attacker.
Illusive Networks says that deception everywhere is the way to go Featured
Written by Sean Kalinich
Black Hat 2017, Las Vegas, NV -
When an attacker gains a foothold in a network the first thing they need to do is learn the lay of the land. They have done some research on the target to gather information about possible systems they might encounter. In reality, they do not truly know what is going on. They are likely to have hit an exposed system with little true access into the good parts of the network. They are going to need to check shares, network connections and also scrape memory for and stored credentials. With these in had they begin the process of moving around the network and building their map of the target environment.
More...
CloudPassage Looks to secure your entire cloud infrastructure Featured
Written by Sean Kalinich
Black Hat 2017, Las Vegas, NV -
The cloud has become one of those buzz words that people like to use when they want you to put your data or workloads on someone else’s computers and network. Amazon Web Services (AWS), Microsoft Azure, and some lesser known systems. The problem is that once you put your information into their network there is a lot that you have to do to ensure that your information or workloads are secure. Amazon, Microsoft and others are only going to take security so far for you and that leave you vulnerable.
Vera jumps into the document control market with both feet Featured
Written by Sean Kalinich
Black Hat USA 2017 – Las Vegas, NV
Three years ago we talked with a company that had something of a change in thought process on how to protect your data. Instead of building bigger walls they wanted to make the items behind those walls unusable to anyone that did not actually have access to them. This year at Black Hat we have talked with multiple companies that have the same, or a similar idea. One of the companies we talked to about this is Vera. Vera is another in a growing group of companies that understand that the traditional security posture is just not enough.
Attivo Networks rolls in incident response and controls into their deception Featured
Written by Sean Kalinich
Black Hat USA 2017 - Las Vegas, NV.
Another company that we have the chance to sit down with was Attivo Networks. Attivo, if you are not familiar with them specialize in network deception through the use of projected systems. These are systems that do not really exist in the network but that occupy space and would appear real to someone looking at the network from behind the scenes. They use different methods to make these systems appear to be real including mapped drives (that are invisible to an actual user). This way when a system on the network is compromised an attacker might be fooled into interacting with a deception system and give themselves away.
Dell talks security, document control, and air gapped networks at Black Hat 2017 Featured
Written by Sean Kalinich
Black Hat USA 2017 - Las Vegas, NV
When you think of Dell you might get many different images that come to mind. For some they might think about the 90s and the “you’re getting a Dell Dude” guy. Others might think about servers, or corporate desktops. In recent years, you might think about Dell’s push back into the performance market. However, for a large number of people you would not think about Security when the Dell name gets tossed out. This would be a mistake though as Dell does have a large team of people that work on security. This is not just for Dell products, but also for other products that are outside of the Dell realm. While at Black Hat 2017 I had the chance to site down with Brett Hansen, VIce President of Dell Data Security and we talked about some of the security offerings that Dell has.