DecryptedTech

Thursday30 June 2022

Rate this item
(0 votes)

On April 6th news of an outage at Atlassian that affected customers using Jira, Confluence and other products started to surface. The outage started the day before on the 5th and started rumors of everything from a ransomware attack to a potential breach. The rumors were quickly dispelled by Atlassian who stated that a routine maintenance script accidentally “disabled” a small number of customer sites. While their status page showed the status of affected products to be “active Incident”. The messages to customers indicated that restoration of sites would take “several days”, but now a week later there are still people reporting that their sites are still unavailable.

Rate this item
(0 votes)

CISA has issued another warning that SCADA/ICS systems are being targeted for attack. This time they are in the sights of Nation-State groups and with customized tools. The tools are part of follow-on activities after the initial beachhead has been established. These days gaining initial access to a network, even for infrastructure, does not seem to be a difficult task for nation-state groups.

Rate this item
(0 votes)

2022 has been a busy year for the information security industry on both sides of the playing field. We have seen an increase in target attacks on businesses, a larger number of Zero-Day vulnerabilities disclosed that were being actively exploited in the wild, several major companies had data stollen and leaked, and we cannot forget the threat actor war going on over the Russian Invasion of Ukraine. With all these items, law enforcement agencies have also been very busy with the seizure and shut down of two major “hacker” marketplaces, Hydra and RaidForums.

Rate this item
(0 votes)

The Open Source community has been one that many leverage to help build their applications. It has become a great place to find applications packages that make building out a larger application or eco systems less time consuming. We see this in just about every development space from large to small. Having helpful sources of working code can speed up the development lifecycle and allow for greater interoperability as many applications use the same dependencies and core functions. The open source community is a great resource and typically is one that you can trust to pull code from.

Rate this item
(0 votes)

Twitter is an interesting company. On the one hand they act like they are a bastion of free speech and have stood up for the anonymity of some of the users. They have, in the past refused government interference in how their users post information and respond to tweets on their service. They claim to be against bullying and hate. At the same time, they have suspended accounts, removed tweets and permanently banned people for some very arbitrary reasons. They have stood their ground over this even when proven wrong about the original action. They have also left up tweets calling for violence by some while removing others, very confusing.

Rate this item
(0 votes)

Not that long ago, a Ukrainian security researcher published a vast number of internal chats from the Ransomware group Conti. On top of that treasure trove of information the same researcher also published the source code for the Conti Ransomware. The leak of information came after the Conti group pledged their full support of the Russian invasion of Ukraine and vowed to target anyone they felt was waging cyber-war on Russia. The message was later toned down, but the effect still lingers and was one of the moves that started an interesting threat group war.

Rate this item
(0 votes)

Some needs to let Gordan Freeman know that the Xen aliens are attacking Lambda, time to grab a crowbar and go to work. Ok, so there are no invaders from a border dimension coming and the Lambda in question is really Amazon’s Lambda Serverless function in AWS while the threat is a bit of crypto mining malware that appears to have been specifically written for Lambda in Google’s Go.

Rate this item
(0 votes)

It looks like there has been another round of malware identified on the Google Play sore and, you guessed it, the majority is focused on banks and other financial institutions. The combination of apps found totals around 515,000 downloads. 500,000 of these downloads are being attributed to a new trojan dubbed Octo and appears to be distributed via fake apps uploaded to the Google Play store.

Rate this item
(0 votes)

Twitter has been in the new a lot over the last few years. From deleting accounts of people and groups for very flimsy reasons to censoring posts that contain factual, but non-popular information. It seems that they just cannot help themselves when it comes to abusing community standards. The practice has even accelerated after Jack Dorsey left the company as CEO. The seemingly one-sided application of community standards has led to much criticism of the platform. The level of disappointment even led to Elon Musk buying 9.2% of the company and gaining a seat on the board of directors (not that this will accomplish much).

Rate this item
(0 votes)

For some reason, malware, attacker tools, and even the threat groups themselves tend to be viewed and talked about as static objects (outside of the security and threat analytics world). Malware is just Malware, the same with Ransomware strains. Once they get named, they are that way forever. However, that is the farthest thing from reality. Threat Groups evolve their tactics, toolsets, and they even have DevOps around their malware/ransomware.

Page 2 of 288