Kevin Whelan - Chief Research Officer
Microsoft has identified (more) Nation-State supply chain attacks We all know about supply chain attacks, the most recent example being the Solarwinds/FireEye debacle in which parties third, outed as the Russian state-sponsored APT-29 group (also called Nobelium) by none other than the FBI and associated American Government departments (they have so many, it’s too confusing). The long and short of these … Read more
How will SASE, SOAR, Zero Trust and SIEM technologies shake out? If you have been reading this blog regularly, read our note on, or visited Microsoft, Cisco etc. conferences you will be aware of the terms Zero Trust, SASE, SOAR and SIEM. In this blog, we explain (in summary, trying not to fall asleep) what … Read more
At least if you get patching The start of Autumn is always a quiet time for us Cyber bloggers. Presumably having taken time off over the summer to rest and recuperate on their islands with flip-top Volcano lairs or Yachts with a submarine, plane and another boat inside therm, we think that this must be planning … Read more
I can’t call Grandma! Facebook was down Apart from members of the Sentinelese, the most isolated people on the planet, and we are pretty sure that at least one of them will be on TikTok or YouTube, you will have noticed that Facebook, WhatsApp, and Instagram were down on 04/10/21 from about 15:50 UTC until 21:20 UTC. That would be a pretty major … Read more
Domain Name Services – Friend & Foe Every reader of this blog will know that the Domain Name Service is a program/component/server role (depending on how old you are and how you take your poison) which turns the names for Internet resources like websites, mail servers etc. into their registered IP addresses. More technical readers … Read more
Last week, cloud security outfit Wiz announced what they called a ‘secret agent’ group of vulnerabilities that enable takeover and privilege escalation of Linux servers in the Azure cloud. These have now collectively been called ‘OMIGOD’ which has a logo. We all know that means serious. This is. The issue is to do with the automatic installation of a software agent … Read more
Those of you who have read more than one of these missives (thank you, thank you) may have noticed our fascination with the activities of the REvil ransomware group. For those not up to speed, here is a REvil primer. REvil (Ransomware Evil, see what they did there) is a Russian speaking cybercriminal gang that, as the name suggests, focus on encrypting, … Read more
This week, Indonesia has had more than a few serious issues with its Cyber security. After a month or so of communications and rectification, the Indonesian Government came clean, admitting that up to 13 Million records of travellers had been exposed to the public internet due to a poorly, or not at all, secured Elastic database, internet-facing, whoops. The data exposed … Read more
It is always a bit of a shock when an easily exploitable way to gain SYSTEM or root-level privileges comes to light, especially for overworked, underpaid system administrators who have to get to work pronto before man+dog have a go. And so our gast was flabbered this week by a Twitter post by ‘jonhat’ which showed that just by installing a … Read more