From The Blog
-
ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
Written by Sean KalinichAlthough the news of the infamous ConnectWise flaw which allowed for the creation of admin accounts is a bit cold, it still is one that…Written on Tuesday, 19 March 2024 12:44 in Security Talk Read 707 times Read more...
-
Social Manipulation as a Service – When the Bots on Twitter get their Check marks
Written by Sean KalinichWhen I started DecryptedTech it was to counter all the crap marketing I saw from component makers. I wanted to prove people with a clean…Written on Monday, 04 March 2024 16:17 in Editorials Read 1587 times Read more...
-
To Release or not to Release a PoC or OST That is the Question
Written by Sean KalinichThere is (and always has been) a debate about the ethics and impact of the release of Proof-of-Concept Exploit for an identified vulnerability and Open-Source…Written on Monday, 26 February 2024 13:05 in Security Talk Read 1119 times Read more...
-
There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
Written by Sean KalinichIn what could be called a fantastic move, global law enforcement agencies attacked and took down LockBit’s infrastructure. The day of the event was filled…Written on Thursday, 22 February 2024 12:20 in Security Talk Read 1091 times Read more...
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 2138 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 1861 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 2135 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 2104 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 1897 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 116532 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 87505 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 82046 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 80342 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 71001 times Read more...
Displaying items by tag: NSA
New APT Group targeting iOS Users with Zero-Click Malware, US gets the Blame
There is a new bit of malware targeting iOS users via iMessage from what appears to be a new APT (Advanced Persistent Threat) group. The campaign appears to have been in play since some time in 2019. The malware, according to researchers, leverages iMessage to send the targeted user an attachment that then runs with Root Privileges on the device. The result is a complete takeover of the device in question.
Joint Advisory from the NSA, FBI and CISA Warns of Long-Term Attack by State Actors with Little Detail.
Life would not be the same without new popping up that one state level threat actor or another was attacking and compromising US defense contractors or other businesses linked to US national security and defense. The counties of origin for these actors become a blur over time, although you do see some highlighted depending on current political trends. The two most often bandied about are Russia and China with North Korea getting an honorable mention.
White House Issues Memo to NSA and DoD to Improve Security
It is no secret that the NSA and DoD (Department of Defense) and other Government agencies have an issue with security. Over the last few years their security has been about as effect as using a sieve to carry water. The top 10 list of security faux paus include such wonders as the Snowden leak and the OPM breach. However, when I see the White House (any administration) send out memorandums telling Government agencies to tighten up security I laugh a bit.
Kaspersky; the plot and ridiculousness thickens
A few days ago we published an article that covered a leaked batch of emails that showed Kaspersky has worked with the Russian Government. We also covered that the pieces of the emails that were published were completely out of context, and also are nothing out of the ordinary for a company that has a contract with a Government body. Kaspersky's denial of cooperation is also nothing new, so why the big deal in the media? Well we might have found a few pieces to that puzzle which would certainly explain the big push to discredit Kaspersky.
Anaheim Police caught using DRT Cell Simulators to listen in on calls
Law Enforcement surveillance is a necessary thing. It really is, but what is not necessary is when the agencies in question decide to get lazy or feel their powers extend to a larger group of people than their intended targets. This is when things get messy and from a legal stand point ugly. Over the last ten or so years law enforcement in general has made the decision to extend their surveillance programs into mass collection of data.
NSA mass data collection to stop in 20 days, but just on paper.
In the post-Snowden era the idea that government agencies are spying on us is no longer the real of Movies/TV or conspiracy theorists. It is fairly well documented that this is happening every day. The question has moved from what if this happens, to what we are going to do to change it. Well one of the biggest hurdles has been trying to find people in power that even want this to change. When you consider the fact that the people with the power to stop the mass spying are likely to be the ones that voted to put it in place. This has meant that the average person must try to prove their case in the courts.
CISA passes the Senate, opens the door to more abuse and fails to address security
Cybersecurity is a fairly common buzz word used in Washington these days. It is tossed around to scare people that are ignorant of the way computer systems work so that legislation that is exceptionally pro-corporate friendly and anti-consumer can be pushed through. The latest of these is the Cybersecurity Information Sharing Act. This handy little bit of law just passed through the US senate on the 28th (74 to 21) and allow corporations to share customer data with the US government and other companies without any consequences for doing so. This effectively removes any recourse customers or users have about the sharing of their personal information.
Privacy: it doesn’t mean what you think it means
The term privacy has come to mean a great many things in the last few years. To some the idea of privacy is being able to do or say certain things without the fear of anyone finding out. Most people like to know that what they do on their own time is their business. Where things get a little muddy is when people liken the desire for privacy with a desire to hide wrongdoing. This belief couldn’t be farther from the truth . It is not just that it is wrong, but it is also dangerous. To imply that anyone that wants to have privacy is somehow hiding something illegal sets a dangerous precedent. Keeping this mentality alive will allow for a further erosion of peoples’ rights and grants very worrying powers to agencies that are there to protect, not to oppress.
New Documents Show the NSA's efforst to break encryption and TOR
Edward Snowden is the gift that keeps on giving. After walking out on the NSA with a ton of secret documents detailing the extent that the agency and their partners were digging into ordinary people’s lives he started to release them. Even after the first and very damaging release of documents Snowden promised that there was more and worse to come. We have seen some pretty bad things coming from the classified document stash including a report that was recently published by Der Speigel.
Judge Posner says the NSA should have unfettered access to your data
It would seem that some in the judicial branch of the US government feel that privacy is not really about protecting citizens from unjustified surveillance. They also do not seem to have any fear of the US becoming a place where the government has powers that extend beyond the ones granted by the US constitution. At least this is the opinion of one US Judge; Judge Richard Posner. The interesting thing is that Posner has made more than a few statements in favor of individuals including condemning the existing copyright system and the way that the copyright lobby is trying to enforce it.