Security Talk (147)

News, and Disucssions centered on Security

Black Hat 2023 – Las Vegas. Sitting in one of my favorite bars in the Mandalay Bay Shoppes, 1923 Prohibition Bar, I had an opportunity to sit down and talk with Stuart McClure. For those that do not know, I…
Wednesday, 16 August 2023 14:38

Hacker Summer Camp 2023 Recap and My Thoughts

Written by
Las Vegas – So Black Hat 2023 and Def Con 31 have come and gone, and while the exhaustion that comes from this epic combined event might not be completely gone, I am ready to give my thoughts on the…
As we head into Hacker Summer Camp in Las Vegas, the emails are already flowing freely into my inbox. Some of them are the regular players that I see every year and others are new. Still more are people that…
Hey, remember that supply chain attack on NPM that happened recently? Which one? Yeah, that is sort of the problem with recent supply chain attacks. In particular the ones that are targeting the development pipeline. This is because they are…
If you look at common attack vectors and especially Initial Access Broker attacks, there are a few parts of the attack chain which stand out. These are the pivot through some form of communication/collaboration app to the phishing landing page.…
When I was in the military, one of the things that I noticed was a massive reluctance to create new and unusual scenarios for war games. Instead, we always seemed to train for the last major combat theater. When going…
One of the most commonly asked questions in cybersecurity is “where do I start?” This common question shows just how overwhelmed many organizations are when faced with the reality of the threats that are out there. From ransomware to business…
IoT (Internet of Things) devices have long been a source of security concerns. Back in 2012-2014 we wrote a series of articles following the comedy of errors that is the IoT market. At the time I dubbed it the Internet…
Since Executive Order 14028 came out on May 12th from the Biden Administration there has been a lot of talk about what it means and what are the legal and regulatory ramifications of this order. While the larger conversation is…
This one goes in the “this is why patching is important” file and highlights the need to be able to quickly apply patches for critical flaws found in different devices and software. After the disclosure of a critical vulnerability tracked…
When most people think of malware, they think of binaries that are downloaded to a drive and executed. However, that is only part of the malware world. The other side does not actually download the malicious binary directly to the…
Its seems that the efforts of Ukrainian hacktivists have decided to focus their efforts on a new and interesting target. In addition to other strategic targets, they have gone after one of the central portals for Russian alcohol distribution. The…
in the wild. The patch for this bug is one of 37 that are part of the monthly security release which covers multiple components in the popular mobile OS. This comes at a time when mobile banking malware is on…
The idea of DLL hijacking is a well known one and one that is used by attackers to compromise security tools and even sophisticated anti-malware solutions. DLLs (Dynamic Link Library) are not much more than static files that sit idle…
Ransomware is a huge shadow over many businesses and individuals’ heads. It has loomed as a significant threat since the first stains hit the internet inside malicious zip files masquerading as “Xerox” documents. Since that time ransomware and the groups…
Google is an odd company. They have used the personal vs corporate data ownership line like a jump rope over the years. We have watched them for a long time and all we can say is that their track record…
Page 1 of 10