From The Blog
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 711 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 348 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 700 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 516 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 643 times Read more...
-
Leaked Data from Duolingo incident Shows US is most Impacted
Written by Sean KalinichDuolingo, is a language learning site (not to be confused with an LLM) and has a very large base of users. The site is a…Written on Tuesday, 29 August 2023 19:12 in Security Talk Read 1064 times Read more...
-
We talk about the Ransomware Threat Landscape with SecureWorks at Black Hat 2023
Written by Sean KalinichBlack Hat 2023 – Las Vegas, NV – One of my personal focuses is understanding the “Why” behind changes in the threat landscape. In simple…Written on Tuesday, 29 August 2023 18:26 in Security Talk Read 573 times Read more...
-
Now Patched Flaw Leverages Abandoned Reply URL found in Entra ID allows for Privilege Escalation
Written by Sean KalinichMicrosoft has not been having the greatest of months. First it was identified that a stollen MSA signing key was used by a Nation State…Written on Monday, 28 August 2023 15:39 in Security Talk Read 1290 times Read more...
-
Qrypt Looking to Attack the Inefficiencies in Quantum Encryption to make Quantum Secure Communication a Reality Today
Written by Sean KalinichBlack Hat 2023, Las Vegas – At Black Hat one of my favorite things to do is see what the latest buzzword(s)/phrases are. One of…Written on Monday, 28 August 2023 12:53 in Security Talk Read 787 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 115430 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 85200 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 79535 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 78508 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 68346 times Read more...
Security Talk (144)
News, and Disucssions centered on Security
Thursday, 20 July 2023 17:53
Cybersecurity needs to Stop Fighting the “Last War” as Attackers Pivot easily Between Vectors
Written by Sean Kalinich
When I was in the military, one of the things that I noticed was a massive reluctance to create new and unusual scenarios for war games. Instead, we always seemed to train for the last major combat theater. When going…
Read 466 times
Published in
Security Talk
Tuesday, 18 July 2023 15:25
How to Start Building or Improving Your Cybersecurity Program
Written by Sean Kalinich
One of the most commonly asked questions in cybersecurity is “where do I start?” This common question shows just how overwhelmed many organizations are when faced with the reality of the threats that are out there. From ransomware to business…
Read 443 times
Published in
Security Talk
Friday, 23 June 2023 11:31
Crypto Mining Malware Targeting Linux and Linux Based IoT Devices Show How Little we have Progressed in IoT Security
Written by Sean Kalinich
IoT (Internet of Things) devices have long been a source of security concerns. Back in 2012-2014 we wrote a series of articles following the comedy of errors that is the IoT market. At the time I dubbed it the Internet…
Read 1129 times
Published in
Security Talk
Tuesday, 06 June 2023 11:43
Why SBOM is in the News and Why it is Important
Written by Sean Kalinich
Since Executive Order 14028 came out on May 12th from the Biden Administration there has been a lot of talk about what it means and what are the legal and regulatory ramifications of this order. While the larger conversation is…
Read 338 times
Published in
Security Talk
Monday, 09 May 2022 13:11
Attackers are Actively Exploiting Recent Vulnerabilities Found in F5 BIG-IP
Wiley Sikes
This one goes in the “this is why patching is important” file and highlights the need to be able to quickly apply patches for critical flaws found in different devices and software. After the disclosure of a critical vulnerability tracked…
Read 1363 times
Published in
Security Talk
Monday, 09 May 2022 09:52
New Advanced Fileless Malware Found Using Windows Event Logs
Written by Sean Kalinich
When most people think of malware, they think of binaries that are downloaded to a drive and executed. However, that is only part of the malware world. The other side does not actually download the malicious binary directly to the…
Read 1477 times
Published in
Security Talk
Friday, 06 May 2022 12:34
Ukrainian Hacktivists Hit Russia Where It Hurts, Alcohol.
Written by Sean Kalinich
Its seems that the efforts of Ukrainian hacktivists have decided to focus their efforts on a new and interesting target. In addition to other strategic targets, they have gone after one of the central portals for Russian alcohol distribution. The…
Read 1310 times
Published in
Security Talk
Friday, 06 May 2022 08:29
Another Bug Found in Android, This One Actively Exploited
Written by Sean Kalinich
in the wild. The patch for this bug is one of 37 that are part of the monthly security release which covers multiple components in the popular mobile OS. This comes at a time when mobile banking malware is on…
Read 1305 times
Published in
Security Talk
Thursday, 05 May 2022 10:02
DLL Hijacking used Against Ransomware to Stop Encryption Process
Written by Sean Kalinich
The idea of DLL hijacking is a well known one and one that is used by attackers to compromise security tools and even sophisticated anti-malware solutions. DLLs (Dynamic Link Library) are not much more than static files that sit idle…
Read 1290 times
Published in
Security Talk
Wednesday, 04 May 2022 09:48
Chat Logs Expose Ransomware Groups Methods and Styles of Interactions with Victims
Written by Sean Kalinich
Ransomware is a huge shadow over many businesses and individuals’ heads. It has loomed as a significant threat since the first stains hit the internet inside malicious zip files masquerading as “Xerox” documents. Since that time ransomware and the groups…
Read 1358 times
Published in
Security Talk
Monday, 02 May 2022 12:15
Google Says they Will Fight Doxxing, With Some Conditions of Course
Written by Sean Kalinich
Google is an odd company. They have used the personal vs corporate data ownership line like a jump rope over the years. We have watched them for a long time and all we can say is that their track record…
Read 1234 times
Published in
Security Talk
Monday, 02 May 2022 08:39
Cloud Services Suffer the Same Issue as On Prem Services, they just Hide it Better
Written by Sean Kalinich
It Cloud services are exceptionally popular as a cost effective and simple method to maintain common operational needs. Everything from email to fully fledged infrastructures can be maintained in the “cloud”. All of these can be accomplished at lower overall…
Read 1342 times
Published in
Security Talk
Friday, 29 April 2022 08:36
Conti has a New Toy as Bumblebee Malware Replaces BazarLoader
Written by Sean Kalinich
April must be the month for new malware tools to be released, or at least announced as we have already heard about new forms of attack/infection from the group behind Emotet and now we hear that Conti has replaced BazarLoader…
Read 1122 times
Published in
Security Talk
Wednesday, 27 April 2022 11:07
More Flaws Found in NPM Allowing Attackers to Attach Malicious Packages to Known Good Devs.
Written by Sean Kalinich
A new flaw has been identified in the Node.js package manager, NPM. The flaw is being described as a logical flaw, but in reading over the data it seems more like a permissions flaw. The good news is that as…
Read 857 times
Published in
Security Talk
Wednesday, 27 April 2022 06:30
Yet Another New Attack Method Shows Up From the Group Behind Emotet
Written by Sean Kalinich
Yesterday we told you that the gang behind Emotet was looking to used Excel add-ins as a possible new technique to compromise systems as part of their spamming campaigns. The detected techniques were labeled as potentially being part of research…
Read 1004 times
Published in
Security Talk
Tuesday, 26 April 2022 09:31
The Group Behind Emotet is Looking to Get Around Microsoft’s VBA Changes
Written by Sean Kalinich
TA542 the wonderful people that brought you Emotet appears to be in the middle of a development and testing cycle on new delivery methods. According to researchers at ProofPoint the creators or the Emotet Botnet are potentially looking to find…
Read 1065 times
Published in
Security Talk
Page 2 of 9