From The Blog
-
ConnectWise Slash and Grab Flaw Once Again Shows the Value of Input Validation We talk to Huntress About its Impact
Written by Sean KalinichAlthough the news of the infamous ConnectWise flaw which allowed for the creation of admin accounts is a bit cold, it still is one that…Written on Tuesday, 19 March 2024 12:44 in Security Talk Read 698 times Read more...
-
Social Manipulation as a Service – When the Bots on Twitter get their Check marks
Written by Sean KalinichWhen I started DecryptedTech it was to counter all the crap marketing I saw from component makers. I wanted to prove people with a clean…Written on Monday, 04 March 2024 16:17 in Editorials Read 1576 times Read more...
-
To Release or not to Release a PoC or OST That is the Question
Written by Sean KalinichThere is (and always has been) a debate about the ethics and impact of the release of Proof-of-Concept Exploit for an identified vulnerability and Open-Source…Written on Monday, 26 February 2024 13:05 in Security Talk Read 1110 times Read more...
-
There was an Important Lesson Learned in the LockBit Takedown and it was Not About Threat Groups
Written by Sean KalinichIn what could be called a fantastic move, global law enforcement agencies attacked and took down LockBit’s infrastructure. The day of the event was filled…Written on Thursday, 22 February 2024 12:20 in Security Talk Read 1082 times Read more...
-
NetSPI’s Offensive Security Offering Leverages Subject Matter Experts to Enhance Pen Testing
Written by Sean KalinichBlack Hat 2023 Las Vegas. The term offensive security has always been an interesting one for me. On the surface is brings to mind reaching…Written on Tuesday, 12 September 2023 17:05 in Security Talk Read 2132 times Read more...
-
Black Kite Looks to Offer a Better View of Risk in a Rapidly Changing Threat Landscape
Written by Sean KalinichBlack Hat 2023 – Las Vegas. Risk is an interesting subject and has many different meanings to many different people. For the most part Risk…Written on Tuesday, 12 September 2023 14:56 in Security Talk Read 1854 times Read more...
-
Microsoft Finally Reveals how they Believe a Consumer Signing Key was Stollen
Written by Sean KalinichIn May of 2023 a few sensitive accounts reported to Microsoft that their environments appeared to be compromised. Due to the nature of these accounts,…Written on Thursday, 07 September 2023 14:40 in Security Talk Read 2123 times Read more...
-
Mandiant Releases a Detailed Look at the Campaign Targeting Barracuda Email Security Gateways, I Take a Look at What this all Might Mean
Written by Sean KalinichThe recent attack that leveraged a 0-Day vulnerability to compromise a number of Barracuda Email Security Gateway appliances (physical and virtual, but not cloud) was…Written on Wednesday, 30 August 2023 16:09 in Security Talk Read 2098 times Read more...
-
Threat Groups Return to Targeting Developers in Recent Software Supply Chain Attacks
Written by Sean KalinichThere is a topic of conversation that really needs to be talked about in the open. It is the danger of developer systems (personal and…Written on Wednesday, 30 August 2023 13:29 in Security Talk Read 1891 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 116522 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 87469 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 82027 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 80335 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 70988 times Read more...
Displaying items by tag: Data Breach
Retail chain Target attacked by hackers
One of the largest US retail chains, Target, founded in 1902 admitted that unknown attackers stolen encrypted PINs from their system. Alienated data contained the names of customers, credit and debit card and CCV numbers that are used to activate the card on Target's webpage.
Adobe Loses 2.9Million User's Data Along with Source Code to Hackers ** Update**
The threat of a data breach is one that every company faces and it is also an eventuality that they all know can happen at any time. The number of daily attempt to penetrate corporate security is staggering as is the number of successful attack where at least some data is taken. It is for this reason that we still a confused when companies want to move to a cloud based or subscription style software agreement. Once all of that billing information is stored in a single spot (even multiple data centers) it becomes a very big target. Adobe has found that out the hard way as they are now reporting a breach that lost the information for approximately 2.9 Million users and source code for Cold Fusion and Acrobat.
Hacking Sentence Halved for Pirate Bay Founder, But He is Not Out of the Woods Yet
Pirate Pay founder Gottfird Svartholm has managed to successfully appeal the two year sentence imposed after he was found guilty of hacking Logica, a Swedish IT company (as well as aggravated fraud and attempted aggravated fraud). Although throughout the trial Svartholm maintained his innocence the court (Nacka District) still felt he was responsible for at least hacking the IT company. Svartholm was also found guilty of hacking a local bank (Nordea). The court sentenced him to two years in prison.
League of Legends accounts in danger
On the pages of the popular MOBA title League of Legends warning appeared which states that the date of the players from the North American servers are in danger. According to the statement, unknown perpetrators have come up with user names, e-mail address, masked passwords and some full names.
After 30 Years of "Hacking" Data Security Has Not Changed Much
Data security (and privacy) has been in the news a lot lately as if it is a new and troubling issue. In fact this has been a major topic of discussion going back to the mid-1980s when the first consumer available modems hit the market. This started the practice of war dialing where phone phreaks would dial random numbers to see if any would answer to their computers. One of the more famous phone phreaks is none other than Steve Wozniak, Co-Founder of Apple Computers. These are the guys that pioneered the hacking scene (and in some cases the piracy scene as well). Back then security was primitive and usually consisted nothing more than a login and a password. Fast forward more than 30 years and the security of some places is little better than what it was back in the war dialing days.
Apple Admits to Breach in Developers' Portal
Today (Sunday July 21 2013) Apple officially admitted that someone had hacked their developer site. The notification came out as a warning that some information including names, addresses and email information might have been accessed. What we find interesting is that this announcement comes on the heels of a multi-day outage to the same site. It looks like Apple might have known about the breach earlier and not told anyone until they confirmed that user data was compromised (in which case they might have been compelled to). This is not exactly what you want to hear from a company that prides themselves on the security and safety of their operating system AND their ecosystem.
Human Security, Relearning How to Act on the Internet
Security is a huge issue and has always been one ever since the first person decided they wanted to protect what they owned. Through the centuries the art of security has evolved and a multitude of inventions have blossomed on the scene to help us keep our property safe and secure. Once the data age started we had new concerns and our fertile minds came up with new and more creative ways to protect our new digital property. These two separate (yet dependent) fields are broken down into physical and digital security. The problem is that neither of these are effective unless we apply human security. This is the practice of securing people (humans) against being the largest security hole in any network or location.
Military Contractors Say The Risk is Worth Saving the Cost of Security
Over the last few years we have followed the sorry state of cyber security in both corporate and governmental systems and have always been surprised at the solutions that they have presented. For some reason these groups want to remove responsibility from themselves for making sure their data (which in some cases is your data) is secure. This lack of corporate responsibility has led to misguided bills, acts and other nonsense that will still not do anything to stem the tide of security breaches. One of the most famous examples of this is QinetiQ.
Twitter, Microsoft and Others Finally Adopt Two-Step Authentication
In 2012 there was more than 1 data breach per day and of these 365 plus breaches about 80% managed to get some sort of data. This is a pretty scary number when you think about it, but it actually pales by comparison to the number of personal accounts that are compromised due to poor security, weak passwords, and malware designed to steal passwords. So what do you do to help prevent this? A simple answer is to just not have any online accounts so there is no chance of getting your account compromised. However, we know that this is not really a viable solution so it is fortunate that many companies are finally turning to two-step authentication to help mitigate this type of attack.
nVidia Developer Zone and Android Forums Get Added To The List of Attacked Sites with Possible Data Theft
We have two additional hacks to report this morning. The first was a little shocking as it has been learned that nVidia’s Developer Zone form was under attack. Although details of this attack are small it does appear that nVidia recognized that there was an attack on the forum and shut it down to prevent additional attack. However nVidia warns that the hashed passwords for the forum may have been accessed. Right now the forum is still down with only a canned message in its place warning users about the attack and advising them to change their passwords especially any passwords that might be identical across multiple sites.