KeePass has a bit of a memory issue. It seems that the master password is passed in clear text through memory. This tiny little (sarcasm) bug was identified by a security researcher who goes by the name as vdohney. A proof of concept (POC) has already been published which usually leads to in-the-wild exploitation of the flaw (tracked as CVE-2023-32784). Oh, and if you did not know KeePass is a password manager/vault.

Popular open-source repository NPM is back in the news as a pair of packages were found to have malware in them. The malware in question is TurkoRat. TurkoRat is an open-source information stealer that has a few features attached to it. Among some of the components are things like a wallet grabber (wallets.js) which seems geared towards stealing crypto currency. Other components are ones you would expect from an InforStealer like credential theft etc. The package was found by ReversingLabs after it had been in place for two months.

I’ll take stupid features for $500 Alex. It seems that Apple is looking to deploy a feature that would allow your phone to sound and reply just like you do. The feature called “Personal Voice” uses a form of AI to replicate the sound and speech pattern of your voice in as little as 15 minutes (queue GEICO joke here). The feature is part of an update to their built-in accessibility features toolkit and on the surface is intended to help people that have speech challenges. Personal Voice can be used for in-person conversations and via phone calls. This feature will be tied to something called Live Speech which allows someone to type in messages and have them spoken by your phone.

Over the last few months Windows 11 users have dealt with an annoying bug in Windows Defender. The bug was a continuous restart prompt to “enable” LSA protection. The problem is that LSA was enabled the whole time. The system just did not acknowledge that his was complete and had a flag requiring a reboot to finish the configuration. To combat this Microsoft pushed out a patch that was really little more than removing the reboot flag from the registry.

It was only a matter of time before something like this happened. As services like ChatGPT, Midjourney, Bard and other “AI” platform we viral, threat actors were bound to start trying to get in on the action. ChatGPT and Midjourney were easy targets for this as neither has a standalone app yet. To use them you have to get to their online presence; ChatGPT’s website or Midjourney’s Discord. This gap allowed the threat group known as BatLoader to start impersonating both of them via cleverly crafted Google search ads.

As part of our ongoing (really never ending) series on modern ransomware, we are taking a look at a recent study of one Ransomware as a Service operation. In this case the look is at the Qilin scheme which was brought to light by Group-IB. They were able to infiltrate the group through a conversation with a recruiter (nothing like being invited in). The cybersecurity firm started their inside look in March of 2023 and what they found was eye opening. It shows that RaaS clearly pays well and that services like this make things easy and profitable for people looking to get in on the “fun” but might not have the skill set or infrastructure to do it on their own.

When DecryptedTech was much more hardware and gaming focused we used to have a review style called Short Attention Span. It was a very quick 90-minute test of a game which included first launch, general configuration and any game play that could be accomplished inside a 90-minute window. If the game could capture our attention, we noted it and it got a follow on review. If it did not, usually there was no further mention of it unless we had a direct request for a more complete review. To me the 90-minute window was enough to get a good understanding of how a game worked, what hurdles to actual play time there were and if I would like it or not. It was very subjective with some basic objective observations around game engine, enemy AI, and startup complexity/cut scenes.

Google owned Mandiant has released findings on a group known as Roasted 0ktapus, Scattered Spider and UNC3944 (sort of rolls off the tongue there). This group has been seen to abuse the Microsoft Azure Serial Console to push out their own remote management tools in previously compromised environments. The fact that this new technique is not available from outside of an existing environment is a good thing, but it does mean organizations should monitor access and improve controls to avoid account compromise.

Attackers are always looking to get targets coming and going. As such you have a very rich ecosystem of attack types to cover as much ground as possible. A concerning one has always been direct supply chain attacks. These attacks seek to compromise software during the development stage, so the malicious pieces get bundled into the released code and signed with a trusted certificate. The highly publicized attack on SolarWinds is one of those types of attacks and shows just how effective and dangerous they can be. Supply chain attacks some in multiple flavors including (but certainly not limited to) compromising code repositories, poisoned plugins or open-source packages, and targeting of developer systems.

Yesterday we talked about how the Microsoft Activision Blizzard deal had been approved by the European Commission (on antitrust) touting licensing deals that were pro competition. As we stated in that article, the licensing agreements only extend to cloud gaming services, they exclude consoles and other non-Microsoft controlled hardware. The EC and Microsoft are calling this very pro-competition even though cloud gaming represents around 1% of the market.