Iranian researchers at Amnpardaz security firm have discovered rootkits in HPs iLO (Integrated Lights-Out) management modules. These optional chips are added to servers for remote management and grant full high-level access to the system. This includes the ability to turn the server on and off, configure hardware and firmware settings, and additional administrator functions. … [Read more...]
Post-Purchase Monetization of the TV and Your Diminishing Privacy
The internet came by storm. Yes, for years it wasn’t accessible to the major populace, but over time it found its way into the office, school, home, and now more specifically into the living room. With the evolution of the internet came few rules. In came the market makers who began to define basic expectations of online privacy, which were next to nothing. Google and Facebook … [Read more...]
Give Us Your SSN, Your Email Password, and Your Dream Job
Every so often, there is a phish that stands out because of its brazenness. Today, we came across a bank phish that requested a few verification details: Username and Password Social Security Number Email address and email password used for 2-Step verification Security Questions: What was your dream job as a child? Who is your favorite sports athlete or player? What was … [Read more...]
Bluetooth Is Safe Enough For You
Politico published a short piece about Kamala Harris’s hesitancy with Bluetooth devices. They considered this a bit amusing, perhaps considering her paranoid based on their tone. While the article's content was light, it did discuss some important security concerns that any Jane Doe might care about. Besides Kamala Harris opting for wired headphones instead of AirPods, she … [Read more...]
Nobelium Threat Group Sets Sights on IT Providers
The Microsoft Threat Intelligence Center (MSTIC) detected attacks by the Nobelium group targeting IT services providers. The intent was to “gain access to downstream customers” such as Cloud Service Providers (CSP) and Managed Service Providers (MSP). If the Nobelium name sounds familiar, it’s because they were the threat actor behind the 2020 SolarWinds compromise. MSTIC … [Read more...]