Displaying items by tag: Security

SentinelOne’s threat team has been tracking a couple of threat groups with an unusual goal. These groups are not looking to steal money or get a ransom, instead they are looking to track, monitor and incriminate specific targets. The targets that have been identified so far have been journalists and activists that oppose government practices. So far, the countries where these groups have been identified are limited to India and Trukey but if threat groups like this have been found there, it is likely they are everywhere.

The Dark Web (whispered in Letterkenny) is a playground for all kinds of illegal activity. One well traded item is Personal Information including Credit Card numbers. Due to the state of security in most organizations (Stuart!) there is no shortage of personally identifying information and credit cards for sale. There is a lot of money that trades hands around this as well, so it has been and will continue to be a target for law enforcement in the constant battle against the financial threat actor groups.

The Threat Landscape is an interesting topic of discussion. It is a constantly changing thing and even the best predictions can often fall short of the actual threat. This is because in most cases, the attackers are a step ahead of the defenders. They have the advantage, to coin a D&D phrase, they won the initiative roll. Defenders are always waiting to see what might happen, they plan without really knowing what the attackers are going to do which means they have to be secure everywhere (not really a possibility). To help them put their resources in the right places, most security teams rely on threat intelligence feeds and an understanding of the Threat Landscape.

The news has been abuzz about the $65+ Billion-dollar purchase of Activision/Blizzard by Microsoft. It has been seen as an opening shot in a new stage in the console wars and is, even now, under review by the FTC. However, there are rumors that Mandiant and Microsoft are in talks about a potential acquisition of the Incident Response company. These rumors come on the heels of an announcement by Mandiant that they are partnering with NextGen XDR developer SentinelOne. Where to start on this one…

UEFI (Unified Extensible Firmware Interface) was designed to replace the old and outdated BIOS (Baic Input Output System). The older BIOS setup was slow and not very secure. It gave attackers several entry points for infection and persistence at that level. The older BIOS standard was also susceptible to attack and compromise (think the Chernobyl BIOS virus). Something new needed to be put in place to help speed things up and help account for more complex hardware and software. Hence the UEFI was born.

The concept of the app as opposed to the application is one of those nuanced distinctions that miss many people. When it comes to a mobile device an app is a bundle that that allows the installation of an application and its dependencies like an Android APK or Linux installer package. On Windows this has been a foreign concept as the thick application installer has been the defacto for so long. The .exe and .msi application is just how things get done. With the launch of Windows 8 and the “Microsoft Store” the app came to Windows.

Back in the late 90s’ the first macro viruses appeared on the scene. The leveraged a feature of Microsoft Office that allowed a malware developer to execute programmed instructions via the office interface. This new option opened a lot of avenues for inserting a malicious payload on to a target system. Now some 20+ years later Microsoft is finally really doing something about this hole in their Office product. The are blocking all downloaded/external macros by default.

A vulnerability disclosed and patched in January is rearing its ugly head. Identified as CVE-2022-21882, this vulnerability affects Windows 10, 11 and Windows Server. On its own it is a significant threat since is allows for a privilege escalation that can turn into a complete compromise of the targeted device. Not exactly what you want to leave open. The good news is that Microsoft released a patch for it in January.

The Go Programing Language (Go or Golang) was developed back in 2007 by a few engineers who were working at Google at the time. Go was launched in 2009 as an open-source programing language and it is primarily used in Google’s own production systems. It has been described as Python meets C and has syntax similarities with C and procedural similarities with Python (dynamic-typing etc.). So, you end up with a language that has quickness, security, and structure of a compiled programing language along with the development speed and simplicity of a dynamic language.

Containers are a popular item with cloud-based infrastructure. The idea of running low-cost (from a resource standpoint) systems to handle work loads while maintaining a higher level of security is a nice one. Making this type of decision does not mean that it puts them out of the reach of attackers though. We have seen several methods used by attackers to gain access to and control of the containers that that are in use. One of the latest is due to a 0-Day flaw in the Argo Continuous Deployment tool.