From The Blog
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 683 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 320 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 660 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 487 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 621 times Read more...
-
Leaked Data from Duolingo incident Shows US is most Impacted
Written by Sean KalinichDuolingo, is a language learning site (not to be confused with an LLM) and has a very large base of users. The site is a…Written on Tuesday, 29 August 2023 19:12 in Security Talk Read 1036 times Read more...
-
We talk about the Ransomware Threat Landscape with SecureWorks at Black Hat 2023
Written by Sean KalinichBlack Hat 2023 – Las Vegas, NV – One of my personal focuses is understanding the “Why” behind changes in the threat landscape. In simple…Written on Tuesday, 29 August 2023 18:26 in Security Talk Read 544 times Read more...
-
Now Patched Flaw Leverages Abandoned Reply URL found in Entra ID allows for Privilege Escalation
Written by Sean KalinichMicrosoft has not been having the greatest of months. First it was identified that a stollen MSA signing key was used by a Nation State…Written on Monday, 28 August 2023 15:39 in Security Talk Read 1266 times Read more...
-
Qrypt Looking to Attack the Inefficiencies in Quantum Encryption to make Quantum Secure Communication a Reality Today
Written by Sean KalinichBlack Hat 2023, Las Vegas – At Black Hat one of my favorite things to do is see what the latest buzzword(s)/phrases are. One of…Written on Monday, 28 August 2023 12:53 in Security Talk Read 769 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 115413 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 85150 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 79472 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 78449 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 68296 times Read more...
Security Talk (144)
News, and Disucssions centered on Security
Monday, 14 February 2022 12:07
Network Management Software from Moxa Has Five Critical Bugs that Could Allow for an RCE Attack
Written by Sean Kalinich
Management and a monitoring software are ubiquitous in the IT operation industry. They are force multipliers that allow for what are usually small teams to manage a large number of assets. By design they need to have elevated permission to…
Read 737 times
Published in
Security Talk
Monday, 14 February 2022 07:38
Hacking Groups that Plant Fake Evidence Identified in Trukey and India, Where Else are They?
Written by Sean Kalinich
SentinelOne’s threat team has been tracking a couple of threat groups with an unusual goal. These groups are not looking to steal money or get a ransom, instead they are looking to track, monitor and incriminate specific targets. The targets…
Read 941 times
Published in
Security Talk
Friday, 11 February 2022 12:40
Russia Shutters Four Marketplaces for Stolen Credit Cards on the Dark Web
Written by Sean Kalinich
The Dark Web (whispered in Letterkenny) is a playground for all kinds of illegal activity. One well traded item is Personal Information including Credit Card numbers. Due to the state of security in most organizations (Stuart!) there is no shortage…
Read 874 times
Published in
Security Talk
Friday, 11 February 2022 06:53
Linux Attacks and Malware on the Rise as the Workforce Shifts to Remote
Written by Sean Kalinich
The shift to services like AWS, GCP and more have meant that many organizations are also making a shift away from the Microsoft Windows platform and moving to a Linux centric environment and while this is a good move for…
Read 655 times
Published in
Security Talk
Friday, 11 February 2022 04:49
Web Site Data Analytics Gathering May Violate GDPR, Google Analytics Does.
Written by Sean Kalinich
It seems that web site data analytics are now on the radar for privacy regulators in the EU, especially Google Analytics collection tools. Recently data protection regulators in Austria and France have rules that the collection of user data by…
Read 939 times
Published in
Security Talk
Thursday, 10 February 2022 11:21
Strategy, Tactics, and Logistics. How They Fit into the Threat Landscape
Written by Sean Kalinich
The Threat Landscape is an interesting topic of discussion. It is a constantly changing thing and even the best predictions can often fall short of the actual threat. This is because in most cases, the attackers are a step ahead…
Read 671 times
Published in
Security Talk
Wednesday, 09 February 2022 16:31
Activision is Not the Only Purchase Microsoft is Eying as Rumors Pop Up Around a Mandiant Buy
Written by Sean Kalinich
The news has been abuzz about the $65+ Billion-dollar purchase of Activision/Blizzard by Microsoft. It has been seen as an opening shot in a new stage in the console wars and is, even now, under review by the FTC. However,…
Read 848 times
Published in
Security Talk
Wednesday, 09 February 2022 14:01
UEFI Bootkits and Malware are Becoming More Common as Attackers Refine their Techniques.
Written by Sean Kalinich
UEFI (Unified Extensible Firmware Interface) was designed to replace the old and outdated BIOS (Baic Input Output System). The older BIOS setup was slow and not very secure. It gave attackers several entry points for infection and persistence at that…
Read 602 times
Published in
Security Talk
Tuesday, 08 February 2022 12:34
Microsoft Begins Blocking their Own App Web Installer Files
Written by Sean Kalinich
The concept of the app as opposed to the application is one of those nuanced distinctions that miss many people. When it comes to a mobile device an app is a bundle that that allows the installation of an application…
Read 795 times
Published in
Security Talk
Tuesday, 08 February 2022 10:46
Android Banking Trojan Medusa Piggybacking on FluBot’s Deliver System
Written by Sean Kalinich
The rise of the smart device meant that more and more people were going to be using these for more than just communication. Mobile banking, mobile home automation, mobile car monitoring, you name it, there is probably an app for…
Read 787 times
Published in
Security Talk
Tuesday, 08 February 2022 07:29
Microsoft is Finally Blocking Downloaded Macros by Default in Office
Written by Sean Kalinich
Back in the late 90s’ the first macro viruses appeared on the scene. The leveraged a feature of Microsoft Office that allowed a malware developer to execute programmed instructions via the office interface. This new option opened a lot of…
Read 683 times
Published in
Security Talk
Monday, 07 February 2022 12:43
CISA Sends “Patch Now” Notice on MS Vulnerability Patched in January
Written by Sean Kalinich
A vulnerability disclosed and patched in January is rearing its ugly head. Identified as CVE-2022-21882, this vulnerability affects Windows 10, 11 and Windows Server. On its own it is a significant threat since is allows for a privilege escalation that…
Read 949 times
Published in
Security Talk
Monday, 07 February 2022 10:41
Golang Becoming a Primary Language in the Attacker’s Tool Kit
Written by Sean Kalinich
The Go Programing Language (Go or Golang) was developed back in 2007 by a few engineers who were working at Google at the time. Go was launched in 2009 as an open-source programing language and it is primarily used in…
Read 545 times
Published in
Security Talk
Monday, 07 February 2022 08:32
New Bug in Container Deployment Tool, Argo, Puts Container Environments at Risk
Written by Sean Kalinich
Containers are a popular item with cloud-based infrastructure. The idea of running low-cost (from a resource standpoint) systems to handle work loads while maintaining a higher level of security is a nice one. Making this type of decision does not…
Read 503 times
Published in
Security Talk
Friday, 04 February 2022 11:44
Recent North Korean Internet Outages Potentially Caused by One Person with a Grudge
Written by Sean Kalinich
In early January 2021 North Korean hackers were in the midst of a campaign targeting western security researchers. They were looking to gather tools, vulnerability information and anything else of value they could get. The US, after learning about this…
Read 751 times
Published in
Security Talk
Friday, 04 February 2022 10:23
First provable SHA-1 Collision Happened Five Years Ago Yet SHA-1 is Still an Option.
Written by Sean Kalinich
On February 23rd, 2017, Google published a paper on their security blog that showed how a SHA-1 collision was possible. It proved that the aging cryptographic and hashing standard was no longer a safe or secure method. Google showed that…
Read 703 times
Published in
Security Talk
Page 7 of 9