Search the Portal

[image] Yesterday, the Biden Administration unveiled a new initiative to help improve the cybersecurity stance of the industrial control systems (ICS) that manage the nation’s critical infrastructure. As recent events (like the Colonial Pipeline...

[image] This week on the podcast we cover the latest Microsoft Windows privilege escalation vulnerability, SeriousSAM aka HaveNightmare. Before that, we discuss NSO Group and their spyware software known as Pegasus and whether private...

[image] With the White House announcing this month that it plans to investigate potential changes to Section 230, the safe harbor laws that enable websites to moderate content without risk of liability for content they fail to remove, we wanted...

[image] Many of the recent high-profile ransomware attacks like those against Acer, JBS and more recently, customers of Kaseya, have been the work of the ransomware as a service group REvil. After the most recent attack that exploited multiple...

[image] Update 1: Third PrintNightmare CVE published (July 16th, 2021): Microsoft published CVE-2021-34481 on July 15th for a local privilege escalation vulnerability. The third Print Spooler service vulnerability is considered separate from...

[image] This week on the podcast we cover the Kaseya mass ransomware incident from July 7. While the event is still ongoing, we already have evidence for how the attack occurred and exactly what the threat actors did on affected endpoints. In...

[image] We recorded this episode before news of the massive attack against Kasaye users broke on Friday. Suffice to say, next week’s episode will give a full debrief of the incident including how it happened, who it affected, and what all MSPs...

[image] Managed Service Providers (MSPs), especially ones using Kaseya VSA, should read this and take action as soon as possible. High-level Summary: On Friday, July 2, some MSPs using the on-premises version of Kaseya VSA suffered ransomware...

[image] What is malware? Its goal is to bypass computer defenses, infect a target, and often remain on the system if possible. A variety of evasion techniques depend on a mix between the skill of the author and the defenses of the intended...

[image] We normally think of malware and threats coming from executables, packages, and scripts. Researchers recently found a supply chain attack using a different method. Programs use Python scripts to manage and run services. You especially...

[image] It has been 11 years since the Google Doodle Pac-Man game was published. Many of us may remember this Google Doodle as it was the first interactive Google Doodle made. Unfortunately, like many fun things, there are those who see...

[image] This week on the podcast we discuss an often overlooked item for sale on underground forums, authentication cookies. Before that though, we’ll cover a few surprising stats from a recent ransomware study by Cybereason and an update...

[image] This week on the podcast, we discuss operation Trojan Shield, a multi-year program where the FBI in partnership with international law enforcement agencies developed and distributed an encrypted communications application on the...

[image] In an operation headed by the US Federal Bureau of Investigation (FBI) and Australian Federal Police (AFP), international law enforcement agencies managed to gather 27 million encrypted messages used for criminal communications, through...

[image] A KickAss hacking group member (not the Torrent group) who goes by Leakbook claims to have the full FIFA 21 source code, which they have listed for sale on a popular hacking forum. In addition to the FIFA 21 source code they also claim...

[image] This week on the podcast, we take a look at how soldiers unknowingly leaked highly-sensitive information about the United States’ foreign nuclear arsenal and discuss how we can reprogram humans to not make similar mistakes. We also cover...

[image] A few years ago, in 2017, researchers Mathy Vanhoef and Frank Piessens published a whitepaper showcasing serious vulnerabilities within practically all modern protected Wi-Fi networks. The vulnerabilities lie within the Wi-Fi standard...

[image] This week on the podcast we cover an epic battle between a video game giant and a tech behemoth that has the potential to change mobile security forever. After that, we cover updates to several recent security events including the...