From The Blog
-
ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
Written by Sean KalinichAlthough the news of the infamous ConnectWise flaw which allowed for the creation of admin accounts is a bit cold, it still is one that…Written on Tuesday, 19 March 2024 12:44 in Security Talk Read 693 times Read more...
-
Social Manipulation as a Service – When the Bots on Twitter get their Check marks
Written by Sean KalinichWhen I started DecryptedTech it was to counter all the crap marketing I saw from component makers. I wanted to prove people with a clean…Written on Monday, 04 March 2024 16:17 in Editorials Read 1573 times Read more...
-
To Release or not to Release a PoC or OST That is the Question
Written by Sean KalinichThere is (and always has been) a debate about the ethics and impact of the release of Proof-of-Concept Exploit for an identified vulnerability and Open-Source…Written on Monday, 26 February 2024 13:05 in Security Talk Read 1106 times Read more...
-
There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
Written by Sean KalinichIn what could be called a fantastic move, global law enforcement agencies attacked and took down LockBit’s infrastructure. The day of the event was filled…Written on Thursday, 22 February 2024 12:20 in Security Talk Read 1077 times Read more...
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 2126 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 1846 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 2119 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 2093 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 1886 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 116520 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 87457 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 82015 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 80324 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 70972 times Read more...
Displaying items by tag: Hacking
Microsoft Has a Major Announcement Planned for Monday
Microsoft is making a “super-secret” announcement on Monday and it has already invited select members of the press… Wait a minute does this sound familiar to anyone else? Sorry we had a momentary flash back to some of Apple’s announcements. In fact it this this similarity that makes many people believe that the show on Monday June 18th will be the official show for Windows RT (and a Microsoft made tablet).
SpexSec Popped Onto the Scene and... Just Like That, They Are Gone
Things can change just like that in the work of the online hacktivist. As the group SpexSec popped onto the scene and then… just like that they vanished saying they were leaving the hacking world to become a “whitehat”. Now many are left to wonder what in the world all of this is about. It is true that many groups start and then fade away, why the sudden launch onto the scene with three fairly sizable dumps and then after being pestered by someone called @HEX00010 two of the three members announce their retirement.
New Group SpexSec Dumps 600MB of Passport and Visa Information Pokes Fun At the FBI...
There has been another hack of government systems from the sound of things on Your Anon News one of the Anonymous Twitter feeds. According to the post and the pastebin link the dump is a listing of “Passports, Visa’s, etc.” and is the second from the new group SpexSec. The first attack was in retaliation for ignoring security warnings and targeted a single FBI agent, Scott Augenbaum who is the Head of the FBI’s Cybercrime task force according to some information that is available at the time of this writing.
Password Flaw Leaves Some Versions of MySQL and MariaDB Open to Brute Force Attacks
A rather major, but basic flaw in the way that MySQL and MariaDB handle passwords has opened up both of these to brute force attacks and can allow the attacker to gain access in seconds. This flaw which exploits an issue in the way the passwords are checked using the memcmp function can be used as long as the attacker knows at least one user name. Considering that “root” is almost always in existence the password security on many MySQL and MariaDB databases is practically nonexistent.
Author Of Password Hashing Software md5crypt Says Stop Using It
After the breaches and issues with passwords we saw last week we were not surprised to see the creator of a popular password hashing application md5crypt() come out and recommend against using this software. Now if you have followed security then you are probably already aware that the MD5 encryption scheme was broken quite a while ago (2004-2005) and is no longer recommended as an encryption algorithm. So why in 2012 are we only getting a recommendation to stop using md5crypt() now?
LinkedIn Confirms that Some Passwords Have Been Compromised; Apologizes And Increases Security With Hashing and Salting
LinkedIn has confirmed that some of the roughly 6.45 Million (yes Million) user passwords that were stolen by a Russian hacker and posted in a forum (where he asked for help in decrypting them) do correspond to LinkedIn accounts. The breach has come on the heels of recent issues with their mobile app. This caused quite a stir and has caused a few people to stop using the mobile app completely.
Hackers Claim to Have Stolen As Many as Six Million LinkedIn Account Passwords
Just when you thought it was safe to go back in the web waters… It seems that some enterprising hacking group (as of right now not associated with Anonymous) has decided to break into LinkedIn and grab some passwords. According to reports the data is still in encrypted format, but the group that grabbed them is looking for help decrypting them.
Anonymous; Activist Collective or Hacker Group, Hero or Villain?
As someone that has followed the online “hacking” community since its infancy (war dialing anyone) I can say with a fair amount of confidence that the guys what kicked it all off (Like Steve Wozniak) would be proud of where some of the movement has gone. In the early 80’s War Dialing was something of a fun sport, you dialed a range of numbers until a computer answered and then you tried to talk to it. A lot of the activity was aimed at “corrupt businesses and government agencies” right alongside the people looking to just do it because it was something new and exciting.
Stuxnet Was A US Operation... Now the push for SOPA, PIPA and CISPA by Congress Makes a Little More Sense...
In every occasion if you dig deep enough you will find the reasons for someone’s actions, even if they seem completely random. For a while now we have watched as congress has pushed one stupid internet control law after another. For many (us included) we have felt that this was at the request of the MPAA, RIAA and other copyright holders. After all the measures and consequences in the laws were geared toward them and helping them to “prevent piracy”.
Microsemi Responds To Claims Of a Backdoor In Their FPGA Products
So two days ago, we reported on a potential issue with some FPGA (Field Programmable Gate Array) ASICs from Microsemi/Actel; namely the ProASIC3. The issue was discovered by a group of researchers that were looking into a potential security risk with these programmable components. What they claimed to have found was a hidden backdoor that had its own key set which could allow for access into the chip for readback, re-programming and potentially wiping the instructions from the chip itself. You can read the original article here if you have not already