Amateur Security Archaeologists, trying not to break things.

Tag: Cyber (Page 4 of 6)

What’s causing Mike’s Indigestion now? Infrastructure Weak! (19 Jan 2024)

Good morning folks! I had a great time leading a Threat Hunting Workshop at my alma mater, RIT, and meeting some awesome customers, but in my travels I gathered some updates on the threat & vuln side of things that we all should be aware of. And before we get started, I meant to spell “Weak” that way – so let’s get started!:

Continue reading

What’s causing Mike’s Indigestion now? Happy New Fear! (12 Jan 2024)

Good morning folks! I had a great time in Boston this week hanging out with a cool partner, but in my travels I gathered some updates on the threat side of things that we all should be aware of:

Score one for the good guys!

Cisco Talos and Avast teamed up with Dutch authorities to take down the Babuk Torilla ransomware strain’s key folks, and they have also worked together to provide a decryptor for potential victims.

Continue reading

What’s causing Mike’s Indigestion now? I’ll be Pwn for the Christmas! (22 Dec 2023)

Good day folks! I’m prepping for my holiday shutdown here at Cisco, but before I do, I have a threat update including some interesting developments on vulnerability hoarding that would make the Grinch cringe. But first:

Continue reading

What’s causing Mike’s Indigestion now? Cozy Bear Blizzards! (15 Dec 2023)

Good morning folks! I have some updates on the threat side of things that we all should be aware of:

In our first update, Russian SVR-backed pests known as APT29, CozyBear, NOBELIUM or the MS name of “Midnight Blizzard” are following the lead of North Korean adversaries. They’re exploiting a really bad JetBrains TeamCity vuln (CVE-2023-42793/9.8 CVSS) to manipulate source code, sign certs, and push updates. TeamCity is a CI/CD tool that helps run DevOps, sort of like Travis CI, Jenkins, CircleCI, and more. So it has the potential to be like SolarWinds issues a couple of years ago. Now appears they have patiently used it to get into more of the supply chain and gain as-of-yet dormant footholds. They are even using Dropbox to help mask their C2 – Yikes!

Continue reading

What’s causing Mike’s Indigestion now? AI & Elections! (8 Dec 2023)

Good morning folks! I have a lot of updates on the threat side of things, some talk of elections & AI, and more that we all should be aware of:

Cisco’s Talos just released an awesome 2023 Year In Review that helps break down the trends and strains that kept them up late at night changed the threat landscape. Of note?

Continue reading
« Older posts Newer posts »
Verified by MonsterInsights