From The Blog
-
ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
Written by Sean KalinichAlthough the news of the infamous ConnectWise flaw which allowed for the creation of admin accounts is a bit cold, it still is one that…Written on Tuesday, 19 March 2024 12:44 in Security Talk Read 579 times Read more...
-
Social Manipulation as a Service – When the Bots on Twitter get their Check marks
Written by Sean KalinichWhen I started DecryptedTech it was to counter all the crap marketing I saw from component makers. I wanted to prove people with a clean…Written on Monday, 04 March 2024 16:17 in Editorials Read 1489 times Read more...
-
To Release or not to Release a PoC or OST That is the Question
Written by Sean KalinichThere is (and always has been) a debate about the ethics and impact of the release of Proof-of-Concept Exploit for an identified vulnerability and Open-Source…Written on Monday, 26 February 2024 13:05 in Security Talk Read 1043 times Read more...
-
There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
Written by Sean KalinichIn what could be called a fantastic move, global law enforcement agencies attacked and took down LockBit’s infrastructure. The day of the event was filled…Written on Thursday, 22 February 2024 12:20 in Security Talk Read 887 times Read more...
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 2069 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 1782 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 2047 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 1952 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 1812 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 116459 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 87350 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 81902 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 80238 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 70856 times Read more...
Displaying items by tag: Hacking
badBIOS: worst Malware to date, or Social Experiment
While it is commonly understood that Malware is a major threat to anyone with a computer, tablet or phone, what is not acknowledged is that Malware is much more than that. In the late-1990s a bit or Malware was released that actually infected the basic operating system that runs every computer, the BIOS (Basic Input/Output System). This bit of malware called Chernobyl was designed to wipe a systems BIOS on a preset date.
Adobe Breach Now Confirmed to Have Affected 38 Million Users
Recently Adobe had a security breach where they claimed that roughly 3 million user accounts were affected. At the time they said that some accounts even had encrypted credit/debit card information stolen. When the announcement came out Adobe sent out a mass e-mail informing the people affected that their accounts were compromised. The breach was a blow to Adobe’s Creative Cloud service which moves their software from a onetime purchase to a monthly subscription.
Embedded devices come with embedded flaws – IZON IP Cameras Open to attack
About a month ago we reported on an statement by the FTC in regards to a security flaw in certain models of TRENDNet IP cameras. The statement was a “what he said” move considering that all of the items they talked about have already been done by TRENDNet. We also noted that the FTC was less concerned about the actual presence of flaws than they were with a product being labeled as secure when it was not. At the time of the statement we remarked that the flaws found in TREDNNet products were very common in embedded devices. In fact we recently reported that a similar flaw exists in many residential firewalls and routers. It seems that companies building products with an embedded OS just do not know how to keep things secure.
Infected GTA V Torrent Snags Thousands of Eager Fans
Every so often demand for a product out paces people’s common sense. In the past we have watched as people have happily downloaded malware thinking they are getting something early or for free. It is not an unknown or uncommon happening. This time the product in question is GTA V for PC and the consequences for,… let’s call it eagerness, is not good at all.
There’s gold in them thar exploits
In a career that has spanned over 20 years in IT I have met a lot of people from different industries. Many of these people I have not kept in contact with and some I have. Occasionally when talking to some of them something will be said that might not hit home until a little later. This was the case with something that was said to be by an acquaintance who just happens to work as a technical manager at a security consulting company. During our talk I mentioned that it seemed like systems were getting much more insecure, and he joked saying: why would any security company want to work themselves out of business?
Some D-Link Routers Have Flaw In Embedded Webserver that Allows Remote Control
Remember the issue with IP Cameras where users were able to by-pass security and view camera input all thanks to a flaw in the way the internal webserver was setup? Well it looks like a similar flaw is showing up in some D-Link routers. The first news of the flaw popped up on a blog dedicated to hacking embedded devices. The post was interesting in that it followed the same pattern used for the hack that allowed access to a number of IP cameras.
Google's Chrome Browser Stores Private Data In Unprotected Cache Including Banking Information
In keeping with our recent focus on security we have some bad news for users of Google’s Chrome Web Browser. It would seem that the way Chrome caches web pages to deliver performance also exposes that information to malicious individuals. Security researchers at Identity Finders confirmed something that we have suspected since the launch of the browser many years ago. Chromes cache stores user information including names, email and mailing addresses, credit card, bank account phone and even social security numbers if entered into the browser.
Blackhole Malware ToolKit will live on even if the original developer, "Paunch", is gone
Security, physical or data, is the type of job that never ends. There is no point that you can sit back and say “Ok, I am done”. Threats evolve existing protections are made obsolete by changing business requirements and, of course, the bad guys just keep getting smarter. This means that even if you protect from one attack, you have to bank on the knowledge that someone else will be behind that guy. In fact if you have followed the happenings of the collective Anonymous that is one of the things they say whenever any of their members are arrested.
Did Adobe suffer a second breach?
On October 4th Adobe was forced to send out almost three million emails with the unfortunate news that their network had been attacked, breached and data stolen. The data from that theft included account IDs as well as encrypted passwords and credit/debit card information and even source code for Adobe products. The attack happened not all that long after Adobe pushed their users to a subscription based license for their products. Once a large number of people had joined the Creative Cloud service Adobe was an even more attractive target and due to their history or ignoring security the attackers were able to get in and grab what they wanted.
The NSA has been trying to break into the TOR Netwotk since at least 2007
There is a pretty interesting story about how the NSA has been targeting the TOR Network for the last couple of days. The news is just another piece of the much larger tapestry of US government surveillance being performed by the National Security Agency. Some of this surveillance appears to be at the behest of the administration while others pieces seem to be generated from within the agency and possibly outside their charter and license. It seems that the NSA is determined to bring all forms of communication under their domain. This is why we were not surprised to hear that the NSA has been working on being able to identify people using the TOR Network since at least 2007 (possibly before that).