The Tiberium blog

Recent events, threats, and all things cyber

Burning Down The House

This week, none other than top-flight information security outfit FireEye announced that it had been hacked, claiming that a nation-state with ‘top-tier offensive capabilities’ had stolen its stash of ‘Red Team assessment tools’. Since FireEye acquired the go-to (for large corporate, Enterprises and those with deep pockets at least) incident response firm in 2014, in fact, … Read more

on

Had a CIT0 Day?

This is a story that doesn’t appear to be going anywhere soon, is very intriguing and most importantly seems to be the work of cat stroking, possibly Eastern European or Russian master criminals (mwahahaha), so we thought we would try our best to explain it. Here goes… First a bit of the history. Way back … Read more

on

Mine’s a Double, Trouble

The Ragnar Locker outfit has been right at it over the last few weeks. We have heard of companies large and small being taken out by their devious and despicable activities in which they obviously encrypt as much of the victim’s shizzle that they can get their filthy little paws on and then use a … Read more

on

Nothin’ going on but the rent

If you have worked in the Information Technology business for any time, you will recognise a number of repeating patterns. One is the cycle of large central systems (AKA Mainframes), being replaced by distributed devices and file servers, followed by the three-tier web model, now implemented using shared infrastructure (AKA ‘The Cloud’). One has to … Read more

on

GRU Some

This blog was supposed to be written and posted weeks ago and was originally about the indictment of named Russian GRU officers by the FBI, but we have been crazily busy winning business here at Tiberium Towers, so we humbly apologise for the delay. Now back in the swing of things and having come up … Read more

on

To open source or not to open source

This is one of the most controversial topics in technology – if free open source software is “better” than paid and maintained software. This is a big topic for discussion, but I only want to focus on the security element between Windows/Linux/OS X and iOS/Android. In 2015 I worked for an Apple Premium Reseller, and … Read more

on

MicroHard

Every month, security professionals the World over pucker up and through their collective fingers and accompanied sharp intakes of breath, review the critical (and less so) vulnerabilities that Microsoft has patched on the dreaded ‘Patch Tuesday’. Barely a month goes by without disturbing news. Recently we have had the ZeroLogin debacle – still under active … Read more

on

Not so secret source…

As usual, there have been a number of announcements regarding Microsoft vulnerabilities and risks over the last few weeks. This episode however is different than the usual list of critical patched or patchable issues and brings some serious underlying issues to light. In this blog we will endeavour to put the pieces together in order … Read more

on

An introduction to Open Source Intelligence (OSINT) Gathering

Welcome to the monthly Tiberium Attack Surface spotlight! Each month we will be deep diving on specific topics in this area and most importantly, it will be on what you want to see! (voting via Tiberium Linkedin page). You can jump straight in with a private demo by getting in touch here. So without further … Read more

on