Security Talk (147)

News, and Disucssions centered on Security

Google has announced the release of a new version of Chrome. The new version comes with fixes for eight vulnerabilities. Once of these vulnerabilities CVE-2022-0609, which is describes as a user-after-free vulnerability is already being exploited in the wild. This…
Management and a monitoring software are ubiquitous in the IT operation industry. They are force multipliers that allow for what are usually small teams to manage a large number of assets. By design they need to have elevated permission to…
SentinelOne’s threat team has been tracking a couple of threat groups with an unusual goal. These groups are not looking to steal money or get a ransom, instead they are looking to track, monitor and incriminate specific targets. The targets…
The Dark Web (whispered in Letterkenny) is a playground for all kinds of illegal activity. One well traded item is Personal Information including Credit Card numbers. Due to the state of security in most organizations (Stuart!) there is no shortage…
The shift to services like AWS, GCP and more have meant that many organizations are also making a shift away from the Microsoft Windows platform and moving to a Linux centric environment and while this is a good move for…
It seems that web site data analytics are now on the radar for privacy regulators in the EU, especially Google Analytics collection tools. Recently data protection regulators in Austria and France have rules that the collection of user data by…
The Threat Landscape is an interesting topic of discussion. It is a constantly changing thing and even the best predictions can often fall short of the actual threat. This is because in most cases, the attackers are a step ahead…
The news has been abuzz about the $65+ Billion-dollar purchase of Activision/Blizzard by Microsoft. It has been seen as an opening shot in a new stage in the console wars and is, even now, under review by the FTC. However,…
UEFI (Unified Extensible Firmware Interface) was designed to replace the old and outdated BIOS (Baic Input Output System). The older BIOS setup was slow and not very secure. It gave attackers several entry points for infection and persistence at that…
The concept of the app as opposed to the application is one of those nuanced distinctions that miss many people. When it comes to a mobile device an app is a bundle that that allows the installation of an application…
The rise of the smart device meant that more and more people were going to be using these for more than just communication. Mobile banking, mobile home automation, mobile car monitoring, you name it, there is probably an app for…
Back in the late 90s’ the first macro viruses appeared on the scene. The leveraged a feature of Microsoft Office that allowed a malware developer to execute programmed instructions via the office interface. This new option opened a lot of…
A vulnerability disclosed and patched in January is rearing its ugly head. Identified as CVE-2022-21882, this vulnerability affects Windows 10, 11 and Windows Server. On its own it is a significant threat since is allows for a privilege escalation that…
The Go Programing Language (Go or Golang) was developed back in 2007 by a few engineers who were working at Google at the time. Go was launched in 2009 as an open-source programing language and it is primarily used in…
Containers are a popular item with cloud-based infrastructure. The idea of running low-cost (from a resource standpoint) systems to handle work loads while maintaining a higher level of security is a nice one. Making this type of decision does not…
In early January 2021 North Korean hackers were in the midst of a campaign targeting western security researchers. They were looking to gather tools, vulnerability information and anything else of value they could get. The US, after learning about this…
Page 7 of 10