From The Blog
-
Just When you Thought it was Safe to go Back to the Bank, Microsoft Finds Banking Attacks Targeting Financial Institutions
Written by Sean KalinichAlthough Banking, Mortgage, and other financial institutions are always under attack, it is never a good thing to see a coordinated campaign targeting them. Microsoft…Written on Friday, 09 June 2023 14:59 in News Read 254 times Read more...
-
MOVEit Zero-Day May Have Been Known by Threat Groups Since 2021
Written by Sean KalinichIn today’s episode of why we need to change how we do things; it has come to light that the critical MOVEit zero-day that allowed…Written on Friday, 09 June 2023 11:18 in News Read 431 times Read more...
-
In a Marketplace of Ideas, Censorship is Always Bad Even if Done for the Right Reasons.
Written by Sean KalinichOne thing that has always bothered me is the concept that censoring or hiding certain types of speech, thought, information etc., is somehow going to…Written on Friday, 09 June 2023 10:23 in Editorials Read 119 times Read more...
-
Bring on the Ransomware Beta Test as Royal Begins Seems to be testing a New Encryptor called BlackSuit
Written by Sean KalinichThe fine folks at the Royal ransomware group have begun testing a new flavor of encryptor that is being called BlackSuit (The hat was already…Written on Thursday, 08 June 2023 16:03 in News Read 930 times Read more...
-
Google and Microsoft Share a Zero Day as both Chrome and Edge get Patch Now Guidance.
Written by Sean KalinichGoogle has pushed out a new patch for Chrome to deal with a zero-day vulnerability tracked as CVE-2023-3079. In the patch release Google is clear…Written on Thursday, 08 June 2023 15:12 in News Read 482 times Read more...
-
Barracuda Email Security Gateway Appliances that were Exploited due to Zero-Day Must Be Replaced, not Patched
Written by Sean KalinichAfter the disclosure of a serious Zero-Day that allowed an unauthenticated user to basically own the device. Barracuda is now saying that remediation action for…Written on Thursday, 08 June 2023 12:33 in News Read 262 times Read more...
-
Minecraft Mods stuffed with Malware Used to Target Windows and Linux
Written by Sean KalinichAs we hear more about Supply Chain attacks and the need for Software Build of Materials we are now hearing of an attack on the…Written on Wednesday, 07 June 2023 15:24 in News Read 383 times Read more...
-
Sextortionists Get a Boost from AI and Publicly Available Images
Written by Sean KalinichAs if the internet needed something else bad floating around it seems that groups that engage in extortion schemes involving the threat of releasing images…Written on Wednesday, 07 June 2023 14:24 in News Read 253 times Read more...
-
New PowerShell Malware Dubbed PowerDrop used to Target US Aerospace Industry
Written by Sean KalinichIt is Wednesday, so it is about time to talk about a new strain of malware. In this case one that leverages Microsoft’s PowerShell to…Written on Wednesday, 07 June 2023 13:31 in News Read 255 times Read more...
Recent Comments
- Sean, this is a fantastic review of a beautiful game. I do agree with you… Written by Jacob 2023-05-19 14:17:50 Jedi Survivor – The Quick, Dirty, and Limited Spoilers Review
- Great post. Very interesting read but is the reality we are currently facing. Written by JP 2023-05-03 02:33:53 The Dangers of AI; I Think I Have Seen this Movie Before
- I was wondering if you have tested the microphone audio frequency for the Asus HS-1000W? Written by Maciej 2020-12-18 14:09:33 Asus HS-1000W wireless headset impresses us in the lab
- Thanks for review. I appreciate hearing from a real pro as opposed to the blogger… Written by Keith 2019-06-18 04:22:36 The Red Hydrogen One, Possibly One of the Most “misunderstood” Phones Out
- Have yet to see the real impact but in the consumer segment, ryzen series are… Written by sushant 2018-12-23 10:12:12 AMD’s 11-year journey to relevance gets an epic finish.
Most Read
- Microsoft Fail - Start Button Back in Windows 8.1 But No Start Menu Written on Thursday, 30 May 2013 15:33 in News Be the first to comment! Read 115121 times Read more...
- We take a look at the NETGEAR ProSafe WNDAP360 Dual-Band Wireless Access Point Written on Saturday, 07 April 2012 00:17 in Pro Storage and Networking Be the first to comment! Read 84248 times Read more...
- Synology DS1512+ Five-Bay NAS Performance Review Written on Tuesday, 12 June 2012 20:31 in Pro Storage and Networking Be the first to comment! Read 78444 times Read more...
- Gigabyte G1.Sniper M3 Design And Feature Review Written on Sunday, 19 August 2012 22:35 in Enthusiast Motherboards Be the first to comment! Read 77795 times Read more...
- The Asus P8Z77-M Pro Brings Exceptional Performance and Value to the Lab Written on Monday, 23 April 2012 13:02 in Consumer Motherboards Be the first to comment! Read 67387 times Read more...
Displaying items by tag: OpenSSL
Potential New Exploit found in OpenSSL gets around latest hotfix
It seems that someone may have found a way around at least one of the latest hot fixes for OpenSSL. According to some talk around the darker places on the internet, a rehash of metadata can allow a malicious individual to get around the latest hot fix designed to stop someone from bypassing the CA check in OpenSSL. The original flaw was found to exist during certificate validation. When OpenSSL checks the certificate chain it will try to build an alternate route if the first attempt fails. Due to a flaw in the way this is done can allow a “bad guy” to actually force some of the secondary checks to be bypassed and allow an invalid cert to pass.
Less than Half of Heartbleed Vulnerable Systems Patched - 309,000 Still Open
Over the course of the years you have read many (many, many) articles about security. These articles have ranged from details on specific breaches to general security information. One of the big areas that we cover is the lack of motivation to maintain proper security in the cloud and also on the internet. We have talked at length about the way many businesses treat security from a planning view or even in the face of a real threat.
Ouch, Six New Bugs Found in OpenSSL
After taking a pretty big hit from the HeartBleed bug OpenSSL I back in the new for an additional six bugs that put user data at risk. Security researchers have discovered a number of additional bugs in OpenSSl that can be used to allow malicious persons to spy on communication. Fortunately for the masses (about two thirds of internet sites use OpenSSL) these new bugs are not as easy to exploit as Heartbleed was.