News and Editorials (3538)
Friday, 22 April 2022 10:13
Amazon’s Awkward Moment as Log4J Fix has an Escalation and Escape Bug
Written by Sean Kalinich
It seems that Amazon’s hotfix for Log4Shell in their AWS environment might have been a bit rushed. According to a review of the hot there are a total of four CVEs specifically related to the hotfix and how it functions.…
Read 948 times
Published in
Security Talk
Thursday, 21 April 2022 05:37
Okta now says Lapsus$ only had 25 Minutes of Fame with Two Clients
Written by Sean Kalinich
The breach of IDAM group Okta in January by the self-promoting group Lapsus$ amidst other high-profile breaches and data leaks this year was a significant concern. The concern rose because when the incident first happened, Okta passed it off as…
Read 840 times
Published in
Security Talk
Friday, 15 April 2022 06:08
There is Good News and Bad news in the Atlassian Outage.
Written by Sean Kalinich
On April 6th news of an outage at Atlassian that affected customers using Jira, Confluence and other products started to surface. The outage started the day before on the 5th and started rumors of everything from a ransomware attack to…
Read 1054 times
Published in
In Other News
Thursday, 14 April 2022 16:51
CISA warns that US ICS/SCADA Systems are being Targeted by Threat Groups
Written by Sean Kalinich
CISA has issued another warning that SCADA/ICS systems are being targeted for attack. This time they are in the sights of Nation-State groups and with customized tools. The tools are part of follow-on activities after the initial beachhead has been…
Read 849 times
Published in
Security Talk
Wednesday, 13 April 2022 05:13
Law Enforcement Celebrates Another Hacker Forum Takedown as the Seizure of RaidForums is Announced.
Written by Sean Kalinich
2022 has been a busy year for the information security industry on both sides of the playing field. We have seen an increase in target attacks on businesses, a larger number of Zero-Day vulnerabilities disclosed that were being actively exploited…
Read 601 times
Published in
Security Talk
Tuesday, 12 April 2022 09:11
Open Source Takes Another Hit as 3rd Protestware Shows up in NPM Repository
Written by Sean Kalinich
The Open Source community has been one that many leverage to help build their applications. It has become a great place to find applications packages that make building out a larger application or eco systems less time consuming. We see…
Read 844 times
Published in
Security Talk
Monday, 11 April 2022 09:26
Twitter Backtracks on Removing Embedded Tweets from 3rd Party Websites after Deletion for Now
Written by Sean Kalinich
Twitter is an interesting company. On the one hand they act like they are a bastion of free speech and have stood up for the anonymity of some of the users. They have, in the past refused government interference in…
Read 947 times
Published in
In Other News
Monday, 11 April 2022 07:45
Leaked Conti Ransomware used in Attacks on Russian Targets
Written by Sean Kalinich
Not that long ago, a Ukrainian security researcher published a vast number of internal chats from the Ransomware group Conti. On top of that treasure trove of information the same researcher also published the source code for the Conti Ransomware.…
Read 1023 times
Published in
Security Talk
Friday, 08 April 2022 09:49
Crypto Mining Malware Targeting Amazon Lambda Serverless Environments
Written by Sean Kalinich
Some needs to let Gordan Freeman know that the Xen aliens are attacking Lambda, time to grab a crowbar and go to work. Ok, so there are no invaders from a border dimension coming and the Lambda in question is…
Read 787 times
Published in
Security Talk
Friday, 08 April 2022 05:13
The State of Banking and Financial Malware on Google’s Play Store is Just Bad
Written by Sean Kalinich
It looks like there has been another round of malware identified on the Google Play sore and, you guessed it, the majority is focused on banks and other financial institutions. The combination of apps found totals around 515,000 downloads. 500,000…
Read 718 times
Published in
Security Talk
Thursday, 07 April 2022 08:13
Twitter Moving to Allow Manipulation of Embedded Tweets on 3rd Party Websites
Written by Sean Kalinich
Twitter has been in the new a lot over the last few years. From deleting accounts of people and groups for very flimsy reasons to censoring posts that contain factual, but non-popular information. It seems that they just cannot help…
Read 921 times
Published in
In Other News
Tuesday, 05 April 2022 10:32
Financial Threat Group, FIN7 Shows Signs of Evolving Tools and Coordination with Ransomware Groups
Written by Sean Kalinich
For some reason, malware, attacker tools, and even the threat groups themselves tend to be viewed and talked about as static objects (outside of the security and threat analytics world). Malware is just Malware, the same with Ransomware strains. Once…
Read 729 times
Published in
Security Talk
Tuesday, 05 April 2022 05:22
New Tactic Could be Used to Impact Charging Stations for Electronic Vehicles
Written by Sean Kalinich
Imagine you are standing at a charging station charging your shiny new EV. You smugly look at all the antiquated gas-powered cars as they pay large amounts of money to keep their old, polluting, conveyances functional. Suddenly your charging station…
Read 599 times
Published in
Security Talk
Monday, 04 April 2022 15:18
Hackers Compromise MailChimp to Pivot to Crypto and Finance
Written by Sean Kalinich
Over the weekend news surfaced that indicated users of Trezor hardware crypto wallets had received emails claiming Trezor had been breached and urging the user to reset their PIN as soon as possible. The emails turned out to be a…
Read 714 times
Published in
Security Talk
So, today is April 1st and with the net full of clever ideas to play a joke on readers it can be fun to sort through what is real and what is not. Because of this, we are going to…
Read 860 times
Published in
In Other News
Wednesday, 30 March 2022 15:01
FBI Sent out an Advisory Alleging a Targeted Campaign Against State Election Officials
Written by Sean Kalinich
The FBI, on March 29th, released a Private Industry Notification with vague details on a potential Phishing campaign targeting election officials in at least nine US states. The information in the advisory gives very broad information without really saying much.…
Read 801 times
Published in
Security Talk
Page 7 of 222