Universal Plug and Play UPnP) is one of those technology decisions that make you wonder what people were thinking. The concept is fairly clear, find a way to make things easy for someone to just connect a device to a network and have it function without interaction. Devices like the Xbox Series X|S require this for their remote play feature as the ports and IP addresses needed to function would be overly complicated for most users to set up. So, you enable UPnP on your router and just plug the Xbox in. Sound great, but as with anything that create convenience, it also brings about risk.

Facebook makes their money off their users. That is no shock to anyone considering the number of investigations currently ongoing over Facebook’s data collection practices. Of course, Facebook is not the only group collecting this type of information, they just tend to take it a bit farther than most of the other groups. Because of these invasive data collection practices many countries have tightened their laws around what can and cannot be used to develop and send out targeted ads. This has included a whole new category for “intimate” information. Even Apple has decided that this style of data collection might be out of bounds and have change their own privacy policies in iOS.

Microsoft’s Threat Intelligence team has recently disclosed their discovery and analysis of a new malware family. The malware in question is being tracked as a Trojan named UpdateAgent. The team has been watching as it progressed from a simple information stealer for the macOS to much more sophisticated capabilities including being able to bypass the macOS Gatekeeper security function.

The SolarWinds supply chain attack was and still is one of the most complex and ingenious attacks that has come to light. How it was discovered is also an interesting topic for another conversation. The attack group in question is still being speculated on although one most people tend to gravitate towards is the Russian APT group COZY BEAR (APT29). The actual attack and compromise of the software repository at SolarWinds is the stuff of legend. Once that was completed it allowed the attackers access to a wide swath of business verticals along with government agencies from a single trusted source. They could, almost on a whim, compromise anyone that leveraged the SolarWinds product. Of course, supply chain attacks are nothing new and are not going anywhere. They are complicated to set up and maintain, but once in place they can yield amazing results.