Displaying items by tag: Security

As we head into Hacker Summer Camp in Las Vegas, the emails are already flowing freely into my inbox. Some of them are the regular players that I see every year and others are new. Still more are people that I hear from each year but with new faces to talk to. This is part of what I love about going out to Black Hat, talking new people, talking to well known people in the industry and then getting an understanding of what everyone thinks is the “big thing” for cybersecurity. This year, by far, it is AI and automation.

Supply chain attacks are all the rage right now (although certainly not new). These attacks are part of what appears to be a multi-pronged shift in the threat landscape. While attacks on the endpoint and users are still happening, we are also seeing expanded efforts in targeting edge devices, networking equipment, and an increased focus on open-source repositories. Recently a new campaign was discovered that is leveraging open-sourced software supply chain attacks in an effort to target the banking sector.

Diver Signing requirements in Windows is a feature that is intended to help prevent the Windows Operating system from being compromised through malicious software posing as legitimate drivers. The policy was implemented way back in early versions of the 64-bit flavor of Windows XP and became a defacto security policy very quickly after that. Since its implementation and enforcement threat groups have found multiple ways around this policy including the use of compromised certificate issuing groups, purchasing actually legitimate certificates, and certificate theft.

Yesterday (July 5, 2023) Social Networking Giant, Meta launched their competitor to Twitter. This new app is a companion app to Instagram called threads. Ironically, Twitter had a lot of buzz about the new app including from people that routinely talk about how terrible Twitter is under Elon Musk. These Twitter detractors have been posting count down timers, information on how to ensure you can be on threads as soon as it launches and more. It is interesting, if not a bit funny, to see the dialog there. However, there is a very dark cloud (heavy black and pendulous) over the green pastures of Meta’s Threads. This is the very serious concern about Privacy and Security.

It has been a few days since we talked about NPM and node.js. The popular repository has been taking a bit of a beating in recent months as attackers, hacktivists, and others seek to compromise their packages as part of a general supply chain attack. Supply chain attacks are in vouge right now and are part of the reason you might be seeing the acronym SBOM (Software Build of Materials) so much. Sure, SBOM is not a new term, but the push for it and the rise of an entire vertical in the cybersecurity industry is new and should be a bit of an indicator that there is a problem.

There is nothing like an unresolved security flaw in a major product. Especially when the flaw is one that the developer knows about but does not consider important enough to fix in a timely manner. If the flaw is in a commonly used product, it is even better. In this case we are talking about a flaw we covered back on the 23rd of June. This is a bug that can allow an attacker to mimic an internal sender to get around file handling from external senders. In our opinion, it is significant, but Microsoft has no plans to remediate it any time soon. I guess they have other things on their plate like Privacy Investigations in the EU (Over Teams and Office) and the pending Activision/Blizzard deal in court in the US.

You have to love Microsoft Teams. Teams is the Frankenstein Monster of Microsoft’s Lync, which then became Skype for Business, and then morphed into the problematic service we now know as Teams. The journey from Lync to Teams has been a mishmash of features added in and removed while trying to maintain the semblance of feature parity with the products that came before it. One of the big pushes for teams was the integration of SharePoint for file storage and collection. SharePoint integration has been and continues to be a HUGE push from Microsoft in all of their MS365 products and it is not always for the better.

IoT (Internet of Things) devices have long been a source of security concerns. Back in 2012-2014 we wrote a series of articles following the comedy of errors that is the IoT market. At the time I dubbed it the Internet of Fails simply because the companies making these internet connected devices were leaving them so open to compromise. Everything from a lack of encrypted communication with cloud services, to no passwords on administrative functions, to using images that had open files and folders in the firmware were found in popular connected products that were shipped to customers. Supply chain compromises were also found in generous quantities, making the mad rush to connect everything a serious concern.

Remember the iMessage flaw that allowed for a zero click installation of malware? You know, the one that was discovered by Russian cybersecurity firm Kaspersky which was allegedly targeting Russian Apple devices? The one that Russia said was a US cyber op? Yeah, that one. Well, it seems that Apple has rolled out a patch for this flaw which was part of an operation dubbed Triangulation with the backdoor actually being called TriangleBD.

As I have often said, the idea that an operating system, or brand of computer is somehow immune to attack or malware is just a false one. We have seen time and time again where attackers are all too capable of compromising what was once considered “secure”. Now security researchers have found evidence of a sophisticated cross platform toolkit which could indicate an increased focus on macOS.