Most attacks, be they real or from a penetration test, begin with an attempt to compromise a single system, or user. The compromise of a device or user account gives the attacker a small foothold in an environment that they can use to pivot to other areas and begin their complete takeover of the targeted organization. Defenders use many techniques to try to prevent this including complex passwords, complex usernames and, of course multi-factor authentication (MFA). MFA, when done properly, reduces the risk of credential compromise from phishing and spearphshing significantly.

Google has a bit of an issue with malware present in their Play Store as there are reports of another banking trojan targeting users of European banks. Currently, the malware called Xenomorph may have infected as many as 50,000 devices across 56 Banks, all though a malicious app located in the Google Play Store.

There is an old saying that say, what someone can lock, someone else can unlock. This is usually used regarding attackers getting into a network or compromising protected data. It is not often applied to security researchers unlocking information encrypted by a major ransomware threat group. However, this is exactly what has happened as researchers at Kookmin University in South Korea say they have utilized a flaw in the encryption method used by Hive Ransomware to find a way to unlock it.

Blockchain, the immutable public transaction log where many say the future lies and the concept of “code is law” is often bandied about. However, the bank ending utopian promise of block chain and web3.0 has not exactly arrived and it is not as “de”centralized as it was supposed to be. Instead, the power and control of blockchain technologies, especially when is comes to currencies involved have been concentrated in a few groups while theft, scams and crime seem to be the most common things you read about it. So, what happened? The concept of Web 3.0 was not supposed to be like this.

Will someone tell Microsoft (again) that to lead in the industry means not just following the competition? They seem to have lost that message again as we are hearing that they will require a Microsoft account to set up and use future versions of Windows 11 Pro. This frustrating need to be attached to the internet and beholden to Microsoft just to use your operating system has always been an odd choice to me, but it is Microsoft and when they can’t figure out what to do, they tend to just copy features (and bad ones at that) from Apple or Google.

Apache and their open-source tools have gotten a lot of press lately. After the Lgo4Shell vulnerability in their Log4J tool, and the massive response from vendors and security organizations we are now learning that researchers have discovered a remote code execution flaw in the NoSQL database management tool Cassandra. This time, unlike Log4J flaw the disclosure comes with a patch already available for installation.

Google has announced the release of a new version of Chrome. The new version comes with fixes for eight vulnerabilities. Once of these vulnerabilities CVE-2022-0609, which is describes as a user-after-free vulnerability is already being exploited in the wild. This has led them to advise users to updated Chrome as soon as possible to avoid compromise. The flaws were found by Google’s own Threat Analysis Group.

On December 4th, 1981, then President Ronald Regan signed Executive Order 12333. This Order, further amended by EO13284 in 2003, 13355(2004) and 13470(2008), is what grants and governs the collection of intelligence by Federal agencies. These agencies include the NSA, the CIA and to a lesser extent the FBI and Department of Homeland Security. The collection of information includes what is often referred to as signal intelligence. This type of intelligence if the collection of any information that is transmitted via electronic means. This wonderful blanket definition has been the basis of many borderline illegal data collection programs and a few outright illegal ones.

Management and a monitoring software are ubiquitous in the IT operation industry. They are force multipliers that allow for what are usually small teams to manage a large number of assets. By design they need to have elevated permission to accomplish their intended tasks. The problem is that these permissions also make them targets for attackers. This means that developers of these tools need to take extra steps to ensure that they are not vulnerable to attack or become the thing that compromises a network.

According to reports form the Wallstreet Journal, Cisco has attempted to take over Splunk for more than $20 Billion. The acquisition would be the largest in Cisco’s history by far. Cisco has a history of buying technology companies and integrating them into their product suite. The aftereffects of these purchases are not always ideal from a consumer perspective. Although though an offer has been made the two companies are not in active talks.