From The Blog
-
Microsoft Talks about Now-Patched SIP bypass Bug in macOS
Written by Sean KalinichApple’s System Integrity Protocol (SIP) has been something of a mix bag when it comes to security. It is a great feature from a raw…Written on Wednesday, 31 May 2023 11:51 in News Read 65 times Read more...
-
As Microsoft Deal Slows, Sony Now Under Investigation for Market Abuse
Written by Sean KalinichThere is no such thing as a coincidence, especially in the business world. If you hear of something and the timing seems suspicious, it is…Written on Wednesday, 31 May 2023 09:14 in Game Thoughts Read 90 times Read more...
-
the Google Way to Break Encryption in RCS by Forcing AI
Written by Sean KalinichGoogle has been very interested in pushing new standards for messaging, Rich Communication Services. RCS started in 2007 as a new way to make “texting”…Written on Tuesday, 30 May 2023 14:17 in News Read 158 times Read more...
-
Google’s New Zip Domains Can be Easily Abused for Phishing and Malware Payloads
Written by Sean KalinichThis one will get filed in the “you knew it was going to happen” file. After the announcement of a few new top-level domains (TLDs)…Written on Tuesday, 30 May 2023 10:46 in News Read 315 times Read more...
-
Indirect Prompt Injection Attacks, The least Acknowledged Flaw in AI Today
Written by Sean KalinichWait, another danger of AI article? Yes, another one. Since far too many people and companies are ok with ignoring the dangers simply for the…Written on Thursday, 25 May 2023 16:02 in News Read 350 times Read more...
-
Leaked LockBit and Babuk Ransomware repurposed by Buhti in new Payloads
Written by Sean KalinichThe leak of tools used by threat groups, and spying agencies are events of inestimable importance in both the threat group and security worlds. To…Written on Thursday, 25 May 2023 10:52 in News Read 653 times Read more...
-
The Microsoft Activision Blizzard Deal, Let’s Talk about the Elephant in the Room
Written by Sean KalinichMicrosoft’s $69 Billion wish list includes the acquisition of Activision Blizzard and all the goodies that it controls. This deal has been called the largest…Written on Thursday, 25 May 2023 09:26 in Game Thoughts Read 553 times Read more...
-
Geoffrey Hinton, one of the Godfathers of AI, Says AI is an Imminent Existential Threat
Written by Sean KalinichGeoffrey Hinton, a former engineering fellow at Google and a vice president focusing on AI has made comments after his retirement from Google earlier this…Written on Wednesday, 24 May 2023 14:09 in Editorials Read 266 times Read more...
-
More Malware Discovered in Google Play Store this Time in a Popular Screen Recording App
Written by Sean KalinichThe Google Play Store is and has always been something of a playground for mobile malware groups. Over the past few years hundreds of malicious…Written on Wednesday, 24 May 2023 12:13 in News Read 255 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 115094 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 84176 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 78354 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 77745 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 67320 times Read more...
Yet Another New Attack Method Shows Up From the Group Behind Emotet
Written by Sean Kalinich
Yesterday we told you that the gang behind Emotet was looking to used Excel add-ins as a possible new technique to compromise systems as part of their spamming campaigns. The detected techniques were labeled as potentially being part of research and development efforts on the part of the group TA542 due to changes Microsoft is making in Office (and ones many admins already push). The R&D efforts do not stop there though as multiple security research teams are now saying they have identified another new technique associated with Emotet.
The Group Behind Emotet is Looking to Get Around Microsoft’s VBA Changes
Written by Sean Kalinich
TA542 the wonderful people that brought you Emotet appears to be in the middle of a development and testing cycle on new delivery methods. According to researchers at ProofPoint the creators or the Emotet Botnet are potentially looking to find a new delivery method in response to the, long overdue, default disabling of VBA based Macros by Microsoft in their office products. Although ProofPoint seems to think this is development testing, the activity could also be part of a more targeted campaign.
Amazon’s Awkward Moment as Log4J Fix has an Escalation and Escape Bug
Written by Sean Kalinich
It seems that Amazon’s hotfix for Log4Shell in their AWS environment might have been a bit rushed. According to a review of the hot there are a total of four CVEs specifically related to the hotfix and how it functions. CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, and CVE-2022-0071 have a CVSS score of 8.8 and allow for privilege escalation and container escape. It is not often that a fix for one bad bug contains a potentially worse one, but here we are.
Okta now says Lapsus$ only had 25 Minutes of Fame with Two Clients
Written by Sean Kalinich
The breach of IDAM group Okta in January by the self-promoting group Lapsus$ amidst other high-profile breaches and data leaks this year was a significant concern. The concern rose because when the incident first happened, Okta passed it off as an unsuccessful attempt to breach a third-party vendor’s system that had access to Okta systems. However, in March the Lapsus$ group released screenshots of internal systems including what appeared to be Okta’s superuser system.
There is Good News and Bad news in the Atlassian Outage.
Written by Sean Kalinich
On April 6th news of an outage at Atlassian that affected customers using Jira, Confluence and other products started to surface. The outage started the day before on the 5th and started rumors of everything from a ransomware attack to a potential breach. The rumors were quickly dispelled by Atlassian who stated that a routine maintenance script accidentally “disabled” a small number of customer sites. While their status page showed the status of affected products to be “active Incident”. The messages to customers indicated that restoration of sites would take “several days”, but now a week later there are still people reporting that their sites are still unavailable.
CISA warns that US ICS/SCADA Systems are being Targeted by Threat Groups
Written by Sean Kalinich
CISA has issued another warning that SCADA/ICS systems are being targeted for attack. This time they are in the sights of Nation-State groups and with customized tools. The tools are part of follow-on activities after the initial beachhead has been established. These days gaining initial access to a network, even for infrastructure, does not seem to be a difficult task for nation-state groups.
Law Enforcement Celebrates Another Hacker Forum Takedown as the Seizure of RaidForums is Announced.
Written by Sean Kalinich
2022 has been a busy year for the information security industry on both sides of the playing field. We have seen an increase in target attacks on businesses, a larger number of Zero-Day vulnerabilities disclosed that were being actively exploited in the wild, several major companies had data stollen and leaked, and we cannot forget the threat actor war going on over the Russian Invasion of Ukraine. With all these items, law enforcement agencies have also been very busy with the seizure and shut down of two major “hacker” marketplaces, Hydra and RaidForums.
Open Source Takes Another Hit as 3rd Protestware Shows up in NPM Repository
Written by Sean Kalinich
The Open Source community has been one that many leverage to help build their applications. It has become a great place to find applications packages that make building out a larger application or eco systems less time consuming. We see this in just about every development space from large to small. Having helpful sources of working code can speed up the development lifecycle and allow for greater interoperability as many applications use the same dependencies and core functions. The open source community is a great resource and typically is one that you can trust to pull code from.
Twitter Backtracks on Removing Embedded Tweets from 3rd Party Websites after Deletion for Now
Written by Sean Kalinich
Twitter is an interesting company. On the one hand they act like they are a bastion of free speech and have stood up for the anonymity of some of the users. They have, in the past refused government interference in how their users post information and respond to tweets on their service. They claim to be against bullying and hate. At the same time, they have suspended accounts, removed tweets and permanently banned people for some very arbitrary reasons. They have stood their ground over this even when proven wrong about the original action. They have also left up tweets calling for violence by some while removing others, very confusing.
Leaked Conti Ransomware used in Attacks on Russian Targets
Written by Sean Kalinich
Not that long ago, a Ukrainian security researcher published a vast number of internal chats from the Ransomware group Conti. On top of that treasure trove of information the same researcher also published the source code for the Conti Ransomware. The leak of information came after the Conti group pledged their full support of the Russian invasion of Ukraine and vowed to target anyone they felt was waging cyber-war on Russia. The message was later toned down, but the effect still lingers and was one of the moves that started an interesting threat group war.
More...
Crypto Mining Malware Targeting Amazon Lambda Serverless Environments
Written by Sean Kalinich
Some needs to let Gordan Freeman know that the Xen aliens are attacking Lambda, time to grab a crowbar and go to work. Ok, so there are no invaders from a border dimension coming and the Lambda in question is really Amazon’s Lambda Serverless function in AWS while the threat is a bit of crypto mining malware that appears to have been specifically written for Lambda in Google’s Go.
The State of Banking and Financial Malware on Google’s Play Store is Just Bad
Written by Sean Kalinich
It looks like there has been another round of malware identified on the Google Play sore and, you guessed it, the majority is focused on banks and other financial institutions. The combination of apps found totals around 515,000 downloads. 500,000 of these downloads are being attributed to a new trojan dubbed Octo and appears to be distributed via fake apps uploaded to the Google Play store.
Twitter Moving to Allow Manipulation of Embedded Tweets on 3rd Party Websites
Written by Sean Kalinich
Twitter has been in the new a lot over the last few years. From deleting accounts of people and groups for very flimsy reasons to censoring posts that contain factual, but non-popular information. It seems that they just cannot help themselves when it comes to abusing community standards. The practice has even accelerated after Jack Dorsey left the company as CEO. The seemingly one-sided application of community standards has led to much criticism of the platform. The level of disappointment even led to Elon Musk buying 9.2% of the company and gaining a seat on the board of directors (not that this will accomplish much).
Financial Threat Group, FIN7 Shows Signs of Evolving Tools and Coordination with Ransomware Groups
Written by Sean Kalinich
For some reason, malware, attacker tools, and even the threat groups themselves tend to be viewed and talked about as static objects (outside of the security and threat analytics world). Malware is just Malware, the same with Ransomware strains. Once they get named, they are that way forever. However, that is the farthest thing from reality. Threat Groups evolve their tactics, toolsets, and they even have DevOps around their malware/ransomware.