#tech Archives - Page 2 of 9 - Alireza Gharib Blog

January 9, 2025

Why security teams rely on Microsoft Defender Experts for XDR for managed detection and response

The expanding attack surface is creating more opportunities for exploitation and adding to the pressure on security leaders and teams. Increasingly, organizations are investing in managed detection and response services (MDR) to bolster their security operations center (SOC) and meet the challenge. Demand is growing rapidly: according to Frost & Sullivan, the market for MDR…

#attack, #azure, #cyberattack, #linkedin, #tech
January 9, 2025

LABScon24 Replay | Let Them Eat Cake: “Secure by Upgrade” Software is a National Security Threat

Kymberlee Price reveals the technical chaos facing SMBs as they struggle with solutions aimed at bigger fish in the face of expanding crimeware. Ransomware is doing more to change the security landscape than the last 20 years of Secure Development Lifecycle, DevSecOps, Zero Days, Breaches, or any corporate memo. Pair this with predatory pricing models…

#author, #bug, #ict, #investigation, #tech
January 9, 2025

Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels

Threat actors abused Visual Studio Code and Microsoft Azure infrastructure to target large business-to-business IT service providers in Southern Europe. Executive Summary From late June to mid-July 2024, a suspected China-nexus threat actor targeted large business-to-business IT service providers in Southern Europe, an activity cluster that we dubbed ‘Operation Digital Eye’. The intrusions could have…

#190, #82, #author, #browser, #tech
January 9, 2025

38C3: It’s TOSLINK, Over Long Distance Fibre

If you’ve owned a CD player or other piece of consumer digital audio gear manufactured since the 1980s, the chances are it has a TOSLINK port on the back. This is a fairly simple interface that sends I2S digital audio data down a short length of optical fibre, and it’s designed to run between something…

#data, #tech, #ui, #un
January 9, 2025

FLOSS Weekly Episode 815: You Win Some, You Lose Some

This week, Jonathan Bennett and Randal chat with Matija Šuklje about Open Source and the Law! How do Open Source projects handle liability, what should a Contributor License Agreement (CLA) look like, and where can an individual or project turn for legal help? https://matija.suklje.name/ https://openchainproject.org https://matija.suklje.name/fiduciary-license-agreement-20 Did you know you can watch the live recording…

#tech, #un
January 9, 2025

LABScon24 Replay | PKfail: Supply-Chain Failures in Secure Boot Key Management

Binarly’s Alex Matrosov and Fabio Pagani present PKfail, a firmware supply-chain security issue affecting major device vendors and hundreds of device models. Modern computing heavily relies on establishing and maintaining trust, which begins with trusted foundations and extends through operating systems and applications in a chain-like manner. This ensures that end users can confidently rely…

#attack, #author, #bypass, #secure, #tech
January 9, 2025

LABScon24 Replay | A 30-Year Journey from Compilation Student to Decompilation Pioneer

Dr. Cristina Cifuentes, known as the Mother of Decompilation, reflects on three decades of innovation in reverse engineering in her LABScon 2024 keynote. In 1990, Cristina Cifuentes worked on a machine code interpreter for the Modula-2 programming language as part of her Compilers project. That summer, she integrated it into a mixed GPM Modula-2 compiler/interpreter…

#author, #innovation, #programming, #tech, #un
January 9, 2025

Tech In Plain Sight: Security Envelopes

You probably get a few of these things each week in the mail. And some of them actually do a good job of obscuring the contents inside, even if you hold the envelope up to the light. But have you ever taken the time to appreciate the beauty of security envelope patterns? Yeah, I didn’t…

#190, #go, #tech, #ui, #un
January 9, 2025

BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence

SentinelLabs has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware. Executive Summary SentinelLabs has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware. We assess with high confidence that the same actor is responsible for earlier attacks attributed to BlueNoroff and the RustDoor/ThiefBucket and RustBucket campaigns.…

#attack, #author, #browser, #bypass, #tech
January 9, 2025

Cloud Malware | A Threat Hunter’s Guide to Analysis, Techniques and Delivery

Learn about cloud threats, how to hunt for them and how to analyze them in this post based on Alex Delamotte’s recent LABScon workshop. As many researchers have noticed, malware in the cloud is different. Perhaps more strikingly different than Windows versus Linux threats, cloud services are targeted through entirely different methods altogether. At LABScon…

#attack, #ict, #investigation, #programming, #tech

Tag: #tech