Over the last week we saw 70 million AT&T customers and 53 million T-Mobile customers have their personal data leaked to hackers. While we didn’t find any connections between these two breaches the timing of the incidents is strange. AT&T has so far denied the breach involving their customers. While we don't have confirmation from the hackers who breached AT&T, … [Read more...]
Supply Chain Attacks Through an IDE
David Dworken, a Google security researcher, presented a recent Defcon talk about how he found over 30 vulnerabilities in various Integrated Development Environments (IDEs) over the course of a few months of research. Many believe that source code on its own is benign as long as you don’t compile and run it, but as Dworken proved, simply loading code into an IDE can cause … [Read more...]
Defcon Talk Timeless-Timing-Attacks
A recent Defcon talk by Tom Van Goethem and Mathy Vanhoef, "Timeless Timing Attacks" made significant progress on ways to create timing attacks over a network. Timing attacks work by extracting data form devices based on how long it takes to respond. To successfully run a timing attack, the attacker usually must be directly connected to the computer since the smallest … [Read more...]
REvil Hasn’t Gone Anywhere (Probably)
Many of the recent high-profile ransomware attacks like those against Acer, JBS and more recently, customers of Kaseya, have been the work of the ransomware as a service group REvil. After the most recent attack that exploited multiple zero-day vulnerabilities in Kaseya’s VSA software and left thousands of organizations encrypted, REvil appears to have gone dark. The ransomware … [Read more...]
Python Modules: Not As Safe As You Think
We normally think of malware and threats coming from executables, packages, and scripts. Researchers recently found a supply chain attack using a different method. Programs use Python scripts to manage and run services. You especially see this in Unix-based operating systems. When it comes to security many professionals use Python to automate tasks. Because of the … [Read more...]
