
Sean Kalinich
Open Source Community Takes a Hit as One Developer Pushes Destructive Content as a Form of Protest
Since the beginning of the Russian invasion of Ukraine we have seen a massive increase in what can only be called cyber warfare. This battle is not just being fought at the state level though. Even APT groups have gotten involved as they take sides in the conflict. One step down from that (and only a very small step) we see the hacktivists jumping into the fray on both sides. Now, we see a new and unexpected form of protest from the open source community.
MFA Flaw used by State Threat Actors to Move Around your Network
Multi-Factor Authentication is often seen as an answer to account compromise, or at least a partial answer to this issue. The problem is that MFA is that while it can help with account compromise, it is certainly not the end all of account protection and, like any other software control, it is potentially vulnerable to coding mistakes and other flaws that attackers can leverage. According to a recent FBI report state-backed attackers have found a way to abuse certain default configurations to register their own devices.
Microsoft Says Ads in Windows 11 File Explorer Were Not Meant for Us to See
Yesterday we reported that insider builds of Microsoft’s Windows 11 were displaying ads for other Microsoft services inside File Explorer. Like most people, we felt this was not a good thing and the news went around the internet at a pace typical of things that are bad. In response to this Microsoft release a statement saying, “This was an experimental banner that was not intended to be published externally and was turned off,” Basically the marketing equivalent of a 5-year-old saying they got the cookie for you.
Phishing Campaign Targeting Ukraine uses Fake AntiMalware Update
Ukrainian Security Officials are warning of an active phishing campaign. The campaign involves emails that impersonate government agencies and include links to what appear to be critical security updates. The payload of the campaign delivers Cobalt Strike and a few other things to complete the set and compromise the computer.
Microsoft Testing Ads in File Explorer as Part of Preview Builds of Windows 11
Microsoft, famous for bad marketing moves, is looking to make another one. In this case the mistake has not hit the general public but is in a preview build of Windows 11. The mistake is shoveling ads to people for other Microsoft products as part of the Windows File Explorer. To say that this move caused some concern with testers is a bit of an understatement. Some even called it “one of the worst places to show ads”
The Slippery Slope of Censorship Happening Around the Russian Invasion of Ukraine
The internet is a great thing. It has allowed peoples of different nations and geographical locations to meet, talk, share information and ideas. The massively connected world we live thanks to the internet is one where information of all kinds is literally at our fingertips. Hovering over all these good things has always been the shadow of censorship, control and digital spying. It has also given rise to crime on a massive scale, multiple new types of bullying, harassment, and assault. Still the idea of massive censorship and information control is one that most would agree is a bad thing.
Why the ZuckerVerse is not the Wonderful Thing Some Might Think it is
The concept of an immersive virtual reality world is one that is often talked and written about. It also has been the subject of several movies. When it is the topic of books and movies, it is rarely a good thing. So, when we hear about the creation of a fully immersive world, we view it with a healthy bit of skepticism. Especially when the person behind it is Mark Zuckerberg and his company, Facebook. You might ask why, and there is an easy answer. Facebook ceased being a communication platform a very, very long time ago and is now nothing more than a way to collect information and push ads.
DuckDuckGo Makes Changes after Increased Pressure from US Lawmakers
DuckDuckGo, the privacy-focused search engine and browser company, has come under a lot of negative press recently and now are facing pressure from the US government. They have already been labeled as a search engine for “conspiracy theorists” by many media outlets despite not really catering to any one group of people. The reality of the search engine is that it is attractive to people that are not happy with increased data collection from groups like Google, Facebook, and many, many others. A benefit of this is that, until now, DuckDuckGo has also not altered or censored search results based on current political motivations or narratives.
New Report Shows WordPress Sites leave 30% of Critical Vulnerabilities Unpatched.
Emotet’s Comeback Shows no Sign of Slowing as Bot Number Exceeds 100,000
Emotet, (not to be confused with Imhotep the ancient Egyptian Polymath) was originally identified in 2014 and quickly became one of the top threats of the decade. After an early start as a banking trojan, the group amassed a huge number of bots that it was able to leverage to execute attacks on targets. This bot infrastructure was then sold as a service to other groups as part of a malware-as-a-Service model. The prevalence and reach of Emotet was enough that in early 2021 the global law enforcement and cyber security community targeted Emotet’s infrastructure and people that had been identified as part of the group. It was a significant hit to the organization.