Sunday29 January 2023

Sean Kalinich

Sean Kalinich

Google has announced the release of a new version of Chrome. The new version comes with fixes for eight vulnerabilities. Once of these vulnerabilities CVE-2022-0609, which is describes as a user-after-free vulnerability is already being exploited in the wild. This has led them to advise users to updated Chrome as soon as possible to avoid compromise. The flaws were found by Google’s own Threat Analysis Group.

On December 4th, 1981, then President Ronald Regan signed Executive Order 12333. This Order, further amended by EO13284 in 2003, 13355(2004) and 13470(2008), is what grants and governs the collection of intelligence by Federal agencies. These agencies include the NSA, the CIA and to a lesser extent the FBI and Department of Homeland Security. The collection of information includes what is often referred to as signal intelligence. This type of intelligence if the collection of any information that is transmitted via electronic means. This wonderful blanket definition has been the basis of many borderline illegal data collection programs and a few outright illegal ones.

Management and a monitoring software are ubiquitous in the IT operation industry. They are force multipliers that allow for what are usually small teams to manage a large number of assets. By design they need to have elevated permission to accomplish their intended tasks. The problem is that these permissions also make them targets for attackers. This means that developers of these tools need to take extra steps to ensure that they are not vulnerable to attack or become the thing that compromises a network.

According to reports form the Wallstreet Journal, Cisco has attempted to take over Splunk for more than $20 Billion. The acquisition would be the largest in Cisco’s history by far. Cisco has a history of buying technology companies and integrating them into their product suite. The aftereffects of these purchases are not always ideal from a consumer perspective. Although though an offer has been made the two companies are not in active talks.

SentinelOne’s threat team has been tracking a couple of threat groups with an unusual goal. These groups are not looking to steal money or get a ransom, instead they are looking to track, monitor and incriminate specific targets. The targets that have been identified so far have been journalists and activists that oppose government practices. So far, the countries where these groups have been identified are limited to India and Trukey but if threat groups like this have been found there, it is likely they are everywhere.

The Dark Web (whispered in Letterkenny) is a playground for all kinds of illegal activity. One well traded item is Personal Information including Credit Card numbers. Due to the state of security in most organizations (Stuart!) there is no shortage of personally identifying information and credit cards for sale. There is a lot of money that trades hands around this as well, so it has been and will continue to be a target for law enforcement in the constant battle against the financial threat actor groups.

The shift to services like AWS, GCP and more have meant that many organizations are also making a shift away from the Microsoft Windows platform and moving to a Linux centric environment and while this is a good move for the most part, it has left many open to exploit due to improper configurations and a lack of proper security tools to protect their environments.

It seems that web site data analytics are now on the radar for privacy regulators in the EU, especially Google Analytics collection tools. Recently data protection regulators in Austria and France have rules that the collection of user data by Google combined with the unregulated transfer of this information out of the country (back to the US in particular) is a violation of GDPR.

In September 2020 Nvidia announced that it was in talks to acquire ARM Holdings from SoftBank Group Corp. The deal was not surprising, but it did send waves through the industry. The concerns around this deal were and are the same as the ones currently surrounding the Microsoft-Activision deal. Given the level of competition in the industry, would Nvidia use its new purchase to create roadblocks for their competition? Nvidia has always maintained that they would never do anything like this, but their assurances were never enough to get past regulators.

The Threat Landscape is an interesting topic of discussion. It is a constantly changing thing and even the best predictions can often fall short of the actual threat. This is because in most cases, the attackers are a step ahead of the defenders. They have the advantage, to coin a D&D phrase, they won the initiative roll. Defenders are always waiting to see what might happen, they plan without really knowing what the attackers are going to do which means they have to be secure everywhere (not really a possibility). To help them put their resources in the right places, most security teams rely on threat intelligence feeds and an understanding of the Threat Landscape.

Page 10 of 210