Recent Posts

Friday Squid Blogging: SQUID Acronym for Making Conscious Choices

I think the U is forced:

SQUID consists of five steps: Stop, Question, Understand, Imagine, and Decide.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

I think the U is forced:
SQUID consists of five steps: Stop, Question, Understand, Imagine, and Decide.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.Read More

Patch Madness: Vendor Bug Advisories Are Broken, So Broken

Duston Childs and Brian Gorenc of ZDI take the opportunity at Black Hat USA to break down the many vulnerability disclosure issues making patch prioritization a nightmare scenario for many orgs.Duston Childs and Brian Gorenc of ZDI take the opportunity at Black Hat USA to break down the many vulnerability disclosure issues making patch prioritization a nightmare scenario for many orgs.Read More

bootloader

Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders

A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature.
“These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loaderA security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature.
“These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load the vulnerable loaderRead More

Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics

The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.The CISA has seen a resurgence of the malware targeting a range of verticals and critical infrastructure organizations by exploiting RDP, firewall vulnerabilities.Read More

Verdachte ontwikkelaar cryptomixer Tornado Cash aangehouden door FIOD

De FIOD heeft afgelopen woensdag in Amsterdam een 29-jarige man aangehouden die een ontwikkelaar van cryptomixer Tornado Cash …De FIOD heeft afgelopen woensdag in Amsterdam een 29-jarige man aangehouden die een ontwikkelaar van cryptomixer Tornado Cash …Read More

Software Supply Chain Chalks Up a Security Win With New Crypto Effort

GitHub, the owner of the Node Package Manager (npm), proposes cryptographically linking source code and JavaScript packages in an effort to shore up supply chain security.GitHub, the owner of the Node Package Manager (npm), proposes cryptographically linking source code and JavaScript packages in an effort to shore up supply chain security.Read More

RT @defcon: Good morning #DEFCON30 ! The con…is ON. pic.twitter.com/zx0AwQN9T2

RT @defcon: Good morning #DEFCON30 ! The con…is ON. pic.twitter.com/zx0AwQN9T2FZ PljtUYAAjrog