Apple just got slapped down with a lawsuit against a startup called Corellium. LINK Apples was suing Corellium claiming is virtualization of iOS constituted copyright infringement. If Apple would have won this, it would have been a HUGE legal risk for all security researchers in the future.
I am at a loss of words on the irony here. The Bill and Melinda Gates Foundation founded an initiative called GetSchooled. Well it seems they were schooled in the ways of proper securing of customers data. LINK 930k individuals had the following information stolen: full addresses, schools, full student PII including student phone numbers […]
So Adobe Flash is officially dead now (or will be in a few days…I just know its not getting any more updates). The question is, how to ENSURE its gone. We both know, people will keep using it if its still there. Besides using automated tools to rip it off desktops, how can we be […]
LINK Now…you tell me. A Cruise line that has been in one of the most terrible years because of COVID, cancels a trip with paying customers because of IT? Who here says they got hit with something like Ransomware on the boats? Just my speculation of course.
The Home Appliance juggernaut was hit by Nefilim ransomware. I was not aware, but thanks to BleepingComputer but Whirlpool employs 77,000 people at 59 manufacturing & technology research centers worldwide and generated approximately $20 billion in revenue for 2019 and has the large brand names of KitchenAid, Maytag, Brastemp, Consul, Hotpoint, Indesit, and Bauknecht under […]
Goldman Sachs just purchased the fraud and bot-detection specialists at White Ops to be rolled into their merchant banking division. LINK I find this quite interesting. Is this a new front for them? Of something they are needing to shore up this division for the future…
The Cybersecurity and Infrastructure Security Agency (CISA) has released a PowerShell-based tool that helps detect potentially compromised applications and accounts in Azure/Microsoft 365 environments. This is in relation to: Solorigate AzureAd IOCs and a link earlier about SolarWinds and SAML The tool is called Sparrow and CISA posted it up on GitHub
Looks like an app that was put together by the Vietnam Government Certification Authority (VGCA) that is required to be used that can be used to electronically sign official documents. ESET says that between July 23 and August 5, this year, the two files contained a backdoor trojan named PhantomNet, also known as Smanager. LINK
Somehow I missed this LINK Apple is shipping out out phones that are designed to be friendly to a security researcher to allow them to assist in security research. I found this interesting as they are “on loan” for 12 months, when I presume Apple will request them back. The concept of Apple doing this […]
At this time it looks like someone is targetting Citrix Netscalers with a DDoS using DTLS. Datagram Transport Layer Security (DTLS) is a communications protocol for securing delay-sensitive apps and services that use datagram transport. Only a small number of customers are being targetted. The following sites are confirmed in the attack: 188.8.131.52/24184.108.40.206/24220.127.116.1118.104.22.16822.214.171.124126.96.36.199188.8.131.52 Citrix confirmed […]