From The Blog
-
ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
Written by Sean KalinichAlthough the news of the infamous ConnectWise flaw which allowed for the creation of admin accounts is a bit cold, it still is one that…Written on Tuesday, 19 March 2024 12:44 in Security Talk Read 585 times Read more...
-
Social Manipulation as a Service – When the Bots on Twitter get their Check marks
Written by Sean KalinichWhen I started DecryptedTech it was to counter all the crap marketing I saw from component makers. I wanted to prove people with a clean…Written on Monday, 04 March 2024 16:17 in Editorials Read 1492 times Read more...
-
To Release or not to Release a PoC or OST That is the Question
Written by Sean KalinichThere is (and always has been) a debate about the ethics and impact of the release of Proof-of-Concept Exploit for an identified vulnerability and Open-Source…Written on Monday, 26 February 2024 13:05 in Security Talk Read 1047 times Read more...
-
There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
Written by Sean KalinichIn what could be called a fantastic move, global law enforcement agencies attacked and took down LockBit’s infrastructure. The day of the event was filled…Written on Thursday, 22 February 2024 12:20 in Security Talk Read 894 times Read more...
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 2071 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 1784 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 2053 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 1955 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 1815 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 116462 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 87358 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 81906 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 80241 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 70859 times Read more...
AI Drone Decided Humans Were an Obstacle to be Removed in Simulated Test
Written by Sean KalinichThe arguments for and against AI as a threat all seem to be centered on the point of AGI (Artificial General Intelligence). This is the point where the reasons skills of AI are on par with the average human brain. When reached it would mark an evolution in AI. The people saying AI is a threat are trying to slow down progress towards this, while those arguing it is harmless all say we are nowhere near that stage. I have argued that this point is irrelevant in terms of assessing the dangers of a blind rush to build and shove AI into everything.
32 Malicious Google Chrome Extensions Removed from the Chrome Web Store
Written by Sean KalinichGoogle’s Chrome (and derivatives) is one of the more popular browsers on the market. It reached the height of popularity via a well-orchestrated marketing push, dissatisfaction with Microsoft, and being one of the faster and more secure browsers (at the time). However, the popularity of the browser and some less than stellar security policies in the Chrome Web Store have made it a nice target for attackers.
Goggle recently removed a total of 32 malicious extensions from the store with downloads possibly totaling 75 million.
Microsoft’s Xbox and Activision Both Considering Pulling Games out of the UK to get around CMA Block
Written by Sean KalinichRemember how the EU regulators said the Microsoft Activision deal was pro competition and pro-consumer? Well, I wonder what they might be thinking now as news is dropping saying that both Microsoft and Activision are considering pulling games out of the UK in order to push the buyout through. The deal all on its own is far from pro-competition and standing on licensing agreements that affect 1% of the market defied logic, but now we see the lengths that Microsoft is willing to go to in order to get their way.
RaaS group Updates their Software with Better Performance and Stealthy Features
Written by Sean KalinichThe group behind BlackCat ransomware seem to be following some good business practices as they have launched a new variant with improved performance (faster encryption) and detection evasion. First identified in February of 2023 the new variant has been given some extra attention after an update to this flavor was seen in April. BlackCat is notable as being the first ransomware written in Rust identified in the wild.
RedFall – How to Enjoy an Awkward, Buggy, and Confusing Game
Written by Sean KalinichFor the second of our game reviews, since returning to covering games, we decided to look at the Microsoft flagship game RedFall. If you have heard of this game, it has probably been in a negative light. Most reviews have already come in and they are not good. Everything from calling the writing and plot “Woke” to buggy graphics, enemy AI, and terrible stylized artwork. So, with this list of negatives already in place, why even bother? Well, I am a glutton for punishment, I like terrible games (at times) and it was free on Game Pass… incidentally I also thought it might be funny to see if this game was as bad as everyone said and add something to the pool of snark surrounding it. For this review we will be covering the Game Pass PC version and playing it on the Xbox One Series X.
RedFall Developers Hoped the Game would get Cancelled Before Launch
Written by Sean KalinichRedFall by Akrane Austin was not a well-received game. It has been pretty much panned by everyone that played it. The complaints range from a bad story line and plot to bad graphics, game lag and terrible AI (you can read our review to see our thoughts). Well, it seems that the developers at Arkane Austin were not happy with the game either and were hoping that Microsoft would step in and alter the course before launch.
Claimed EDR Killer Found to be a Vulnerable AV Driver Similar to Past Evasion Techniques
Written by Sean KalinichA couple of days ago an email was sent to me about a new tool kit being sold on the darker side of the internet. The claim what that this new tool could kill the processes behind “any” AV, EDR, or XDR running on Windows 7 and newer. The same email included a link to what was supposed to be proof of its efficacy. I opened the link in a sandbox on a controlled VM just to be sure the link was not malicious all on its own. What I saw was nothing all that new, although it was a bit worrying.
Gigabyte Shipped Millions of Motherboards with a Massively Insecure UEFI Patch Function
Written by Sean KalinichThis one goes in both the “failure of imagination” and “this is why we can’t have nice things” category. It seems that Gigabyte, for some reason, decided to embed an insecure update function into the UEFI BIOS of their motherboards, then shipped roughly 7 million of them to customers. The fatal flaw? Well, this is an update function that runs on startup. It writes a file to disk, reaches out to update servers over open HTTP then downloads any updates and installs them.
Cuba Ransomware Group Linked RomCom Being Spread Through Ads for Real and Fake Software
Written by Sean KalinichThe RomCom backdoor malware appears to have a new campaign running. The new campaign is using impersonation attacks for different software packages (some real, some not). The goal is to trick the unwary into downloading, and hopefully launching malicious payloads. This type of campaign leverages ad services like Google Ads as a “trusted” platform using ads for software that is either often sought after or currently very popular, like ChatGPT, PDF readers, Remote Management software, etc. They are also, at times, leveraged as links in targeted or blanket phishing and social engineering attacks to get the malware on the targeted systems.
The Barracuda Zero Day Flaw Shows Us Why Mean Time to Remediation Matters
Written by Sean KalinichOn May 19th 2023 Barracuda disclosed that there was a critical vulnerability in their Email Security Gateway appliances. This vulnerability is tracked under CVE-2023-2868 and is listed as a remote command injection vulnerability. The flaw is present in software versions 5.1.3.001 up to 9.2.0.006 for the ESG appliances only. As this was disclosed as a Zero-Day vulnerability there was an accelerated patch release schedules with the first patches made available on May 20th.
More...
Microsoft Talks about Now-Patched SIP bypass Bug in macOS
Written by Sean KalinichApple’s System Integrity Protocol (SIP) has been something of a mix bag when it comes to security. It is a great feature from a raw and basic security viewpoint, but the same feature also has created challenges for the installation of third-party anti-malware and other security tools since its launch. All that aside, Microsoft, of all people, has shared details on a vulnerability that can be used by attackers to completely bypass the protections that SIP is supposed to offer.
As Microsoft Deal Slows, Sony Now Under Investigation for Market Abuse
Written by Sean KalinichThere is no such thing as a coincidence, especially in the business world. If you hear of something and the timing seems suspicious, it is because someone pushed something in the right direction at the right time. This is the case that we see here with Sony now being under investigation by the Romanian Competition Council for possible market abuse at a time when Microsoft is trying to gain a market advantage. If this news does not seem odd to you, you might not be paying attention.
the Google Way to Break Encryption in RCS by Forcing AI
Written by Sean KalinichGoogle has been very interested in pushing new standards for messaging, Rich Communication Services. RCS started in 2007 as a new way to make “texting” more functional and complete. This included things like read receipts, response indictors (typing icon) and more. It was a way to make standard android messaging services on par with apps like Signal, WhatsApp, and Telegram. In and of itself it is a great feature and one that enhances standard SMS and MMS functionality. Along the journey Google and others started to add encryption (end-to-end) as a way of protecting the message content (which was a core component of RCS).
Google’s New Zip Domains Can be Easily Abused for Phishing and Malware Payloads
Written by Sean KalinichThis one will get filed in the “you knew it was going to happen” file. After the announcement of a few new top-level domains (TLDs) including .zip and .mov by Google the security world silently shook its head. The concept of using file extensions as TLDs is one that defies logic. As soon as I read about these new domains, I knew someone was going to create phishing or malware attacks with URLs that look like common file names. These attacks can leverage modern web design to make a target think they are using an application to run or open the file when they are really executing commands in the background to compromise their systems. Lo and behold! We now have file archiver in the browser as shown off by mr.d0x.