From The Blog
-
ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
Written by Sean KalinichAlthough the news of the infamous ConnectWise flaw which allowed for the creation of admin accounts is a bit cold, it still is one that…Written on Tuesday, 19 March 2024 12:44 in Security Talk Read 696 times Read more...
-
Social Manipulation as a Service – When the Bots on Twitter get their Check marks
Written by Sean KalinichWhen I started DecryptedTech it was to counter all the crap marketing I saw from component makers. I wanted to prove people with a clean…Written on Monday, 04 March 2024 16:17 in Editorials Read 1575 times Read more...
-
To Release or not to Release a PoC or OST That is the Question
Written by Sean KalinichThere is (and always has been) a debate about the ethics and impact of the release of Proof-of-Concept Exploit for an identified vulnerability and Open-Source…Written on Monday, 26 February 2024 13:05 in Security Talk Read 1109 times Read more...
-
There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
Written by Sean KalinichIn what could be called a fantastic move, global law enforcement agencies attacked and took down LockBit’s infrastructure. The day of the event was filled…Written on Thursday, 22 February 2024 12:20 in Security Talk Read 1080 times Read more...
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 2130 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 1850 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 2122 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 2097 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 1890 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 116522 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 87467 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 82025 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 80334 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 70985 times Read more...
Displaying items by tag: Chrome
Google and Microsoft Share a Zero Day as both Chrome and Edge get Patch Now Guidance.
Google has pushed out a new patch for Chrome to deal with a zero-day vulnerability tracked as CVE-2023-3079. In the patch release Google is clear that this vulnerability is actively being exploited in the wild and that users of both Chrome and Edge should update to the latest version as soon as possible. The report of the flaw was from Google’s own threat research team making this an even more urgent event.
32 Malicious Google Chrome Extensions Removed from the Chrome Web Store
Google’s Chrome (and derivatives) is one of the more popular browsers on the market. It reached the height of popularity via a well-orchestrated marketing push, dissatisfaction with Microsoft, and being one of the faster and more secure browsers (at the time). However, the popularity of the browser and some less than stellar security policies in the Chrome Web Store have made it a nice target for attackers.
Goggle recently removed a total of 32 malicious extensions from the store with downloads possibly totaling 75 million.
Google Releases 2nd Patch Now Advisory of 2022 as New Actively Exploited Zero-Day Shows Up.
Google pushed out a n Out-of-band patch for Chrome due to a high-severity on Friday (March 25th, 2022). The patch was pushed out quickly as the vulnerability, tracked as CVE-2022-1096 is being actively exploited in the wild. CVE-2022-1096 is a type confusion vulnerability that exists in the JavaScript Engine used by Chrome and was reported to Google by an Anonymous researcher last week.
It Feels Like 99 Again as Two Digit Bug May Impact Multiple Browsers May be Impacted by Version Change
In mid-1999 software and hardware developers uncovered a bug of sorts that, at first glance, seemed like it would end the computer world as we know it. It was called the Y2K bug and centered around the issue that somehow developers and built their code to with the first two digits of the year input field as hard coded to 19. This mean that when everything rolled over to year 2000, computers and software would see it as 1900. Not exactly where you want to be.
Is Firefox Going away and Taking Privacy Options with It?
Firefox was once one of the leading “alternative” browsers on the internet. After the death of Netscape Firefox came along and offered people an alternative to the building Windows Internet Explorer and even to Safari on macOS. This trend continued into the mobile arena, at least until Google launched the Chrome Browser. Although Chrome had a bit of a rocky start (with clear indications of data collection), it has grown in popularity and gobble up about 64% of the browsing on the internet.
Google Patches the First Zero-Day in Chrome for 2022
Google has announced the release of a new version of Chrome. The new version comes with fixes for eight vulnerabilities. Once of these vulnerabilities CVE-2022-0609, which is describes as a user-after-free vulnerability is already being exploited in the wild. This has led them to advise users to updated Chrome as soon as possible to avoid compromise. The flaws were found by Google’s own Threat Analysis Group.
Flash is certainly on its way out, but will that really fix much?
Last week Google announced that they will no longer be accepting ads that feature Flash. This new should really come as no surprise as Flash (and its spirit brother Java) have taken a beating on the security front for years. Abobe and Oracle have been unable to keep the bad guys from running rampant with their code. Of course the change will not take place overnight so everyone has the chance to swap out that old and insecure Flash for the new and (insecure) HTML5.
Firefox and Chrome add VR Support, Push the Marketing and Sales Angle
If there was ever an indication that virtual reality might make it in the mainstream market it is when the web browsers start to support it. So far we have heard rumblings that Microsoft, Google and even Mozilla will be throwing their lot in with the VR gang. One of the big reasons for this is that Facebook has already pushed into that territory with their purchase of Oculus VR. After buying the virtual reality headset maker there have been multiple rumors of Facebook making a VR social world as an extension of their existing social network.
Microsoft cuts Windows 8.x prices by up to 70%
It seems that Windows 8.x is not selling as well as Microsoft would like it to. After boasting about how game changing the new OS would be for end users, the only game that seems to be changing is Microsoft’s revenue stream. Just before the new OS came out we talked about the impact of Windows 8 on OEMs especially with Microsoft entering into direct competition. Most OEMs were not happy about the licensing costs they would have to pay for Windows 8/RT and felt that Microsoft’s entry would make things even more unfair.
Mozilla launching a completely redesigned Firefox
Mozilla recently launched a pre-beta version of Firefox called Aurora and brought a completely new user interface, greater customization of the touch screen, as well as some new features. Redesign project so far has been designed exclusively for the nightly version of Firefox, and it was in development for two years.