Displaying items by tag: Cybersecurity

Diver Signing requirements in Windows is a feature that is intended to help prevent the Windows Operating system from being compromised through malicious software posing as legitimate drivers. The policy was implemented way back in early versions of the 64-bit flavor of Windows XP and became a defacto security policy very quickly after that. Since its implementation and enforcement threat groups have found multiple ways around this policy including the use of compromised certificate issuing groups, purchasing actually legitimate certificates, and certificate theft.

Published in News

Social engineering efforts via voice calls (Vishing) is nothing new. The use of phone calls for malicious activity is pretty old and include such popular scams as extended car warranties, IRS collection attempts, and the ever popular “there is a complaint against you”. These are just a few of the consumer scams that have been in play and are still in play. On the corporate side there are even more which target general employees and support personnel to either gain entry or enable some form of financial fraud. Sadly, this pivot is also seriously under managed by most organizations, with few providing any preventative training and most not testing this attack vector to determine exposure.

Published in News

Last week Progress Software, the company behind MOVEit file transfer software, announced another SQL injection flaw had been identified and patched. This flaw is just the latest in a series of vulnerabilities that have been identified in the application after the Cl0p ransomware group was found to have exploited a different SQL injection flaw to steal data from multiple MOVEit users. The attacks started in late 2022, but the Cl0p group might have been testing different entry points as far back as June 2022.

Published in News

It has been a few days since we talked about NPM and node.js. The popular repository has been taking a bit of a beating in recent months as attackers, hacktivists, and others seek to compromise their packages as part of a general supply chain attack. Supply chain attacks are in vouge right now and are part of the reason you might be seeing the acronym SBOM (Software Build of Materials) so much. Sure, SBOM is not a new term, but the push for it and the rise of an entire vertical in the cybersecurity industry is new and should be a bit of an indicator that there is a problem.

Published in News

There is nothing like an unresolved security flaw in a major product. Especially when the flaw is one that the developer knows about but does not consider important enough to fix in a timely manner. If the flaw is in a commonly used product, it is even better. In this case we are talking about a flaw we covered back on the 23rd of June. This is a bug that can allow an attacker to mimic an internal sender to get around file handling from external senders. In our opinion, it is significant, but Microsoft has no plans to remediate it any time soon. I guess they have other things on their plate like Privacy Investigations in the EU (Over Teams and Office) and the pending Activision/Blizzard deal in court in the US.

Published in News

Microsoft’s Azure AD, the cloud-based flavor of the on-premises service is an interesting construct. On the surface you think that it has some decent protections enabled by default. The sad truth of the matter is that this is not the case and many options for security are very lacking until you hit much higher security levels. If you add to this equation the likelihood of vulnerabilities and other flaws that can allow an attacker to bypass the security options that are already there it is a bit of a mess. This wonderful thought is what brings us to today’s flaw. According to security researchers, there is a flaw in how Microsoft Azure AD processes its implementation of OAuth (Open Authentication).

Published in News

As I have often said, the idea that an operating system, or brand of computer is somehow immune to attack or malware is just a false one. We have seen time and time again where attackers are all too capable of compromising what was once considered “secure”. Now security researchers have found evidence of a sophisticated cross platform toolkit which could indicate an increased focus on macOS.

Published in News

According to a statement that Microsoft released on Friday, several outrages in their Azure environment were caused by a large-scale Distributed Denial of Service attack. The attack began in early June 2023 when “surges in traffic” began causing availability impacts. Microsoft began an investigation into the incident and are now tracking a potentially new threat group (Storm-1359). The new group is using a somewhat different attack vector although most of the moving parts behind the attack are common.

Published in News

There is a new threat in town from the ChamelGang. This new threat is a Linux backdoor that just been identified and shows that the threat group is expanding their capabilities. Identified by Stairwell and dubber ChamelDoH (for DNS over HTTPS), this new malware is written in C++, which is not all that unusual even if the method of communication is not completely normal. ChamelGang was first identified in 2021 and was associated with attacks on energy, fuel, and aviation industries in multiple countries including the US, Russia, Nepal, Japan, Taiwan, and India.

Published in News

A 20-year-old Russian National Magomedovich Astamirov was arrested in Arizona and had his initial appearance in court yesterday. The arrest and charges come after a lengthy investigation into the Ransomware as a Service Group, LockBit. This is the second arrest in six months related to the group’s activities with a third warrant/indictment issued for another individual, Mikhail Pavlovich Matveev, who is still at large. According to the DOJ press release Astamirov is suspected of conspiring with other LockBit members to attack multiple organizations in the US and around the globe. Astamirov is believed to have managed various IP and Email addresses used for ransomware deployment and communication with the victims of attacks.

Published in News
Page 3 of 5