Alireza Gharib Blog Security, Linux, and DevOps

January 9, 2025

LABScon24 Replay | PKfail: Supply-Chain Failures in Secure Boot Key Management

Binarly’s Alex Matrosov and Fabio Pagani present PKfail, a firmware supply-chain security issue affecting major device vendors and hundreds of device models. Modern computing heavily relies on establishing and maintaining trust, which begins with trusted foundations and extends through operating systems and applications in a chain-like manner. This ensures that end users can confidently rely…

#attack, #author, #bypass, #secure, #tech
January 9, 2025

Running AI Locally Without Spending All Day on Setup

There are many AI models out there that you can play with from companies like OpenAI, Google, and a host of others. But when you use them, you get the experience they want, and you run it on their computer. There are a variety of reasons you might not like this. You may not want…

#data, #hack, #remote, #un, #windows
January 9, 2025

LABScon24 Replay | A 30-Year Journey from Compilation Student to Decompilation Pioneer

Dr. Cristina Cifuentes, known as the Mother of Decompilation, reflects on three decades of innovation in reverse engineering in her LABScon 2024 keynote. In 1990, Cristina Cifuentes worked on a machine code interpreter for the Modula-2 programming language as part of her Compilers project. That summer, she integrated it into a mixed GPM Modula-2 compiler/interpreter…

#author, #innovation, #programming, #tech, #un
January 9, 2025

Tech In Plain Sight: Security Envelopes

You probably get a few of these things each week in the mail. And some of them actually do a good job of obscuring the contents inside, even if you hold the envelope up to the light. But have you ever taken the time to appreciate the beauty of security envelope patterns? Yeah, I didn’t…

#go, #tech, #ui, #un
January 9, 2025

CyberVolk | A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks

A loose collective of mostly low-skilled actors, CyberVolk absorbs and adapts a wide array of destructive malware for use against political targets. Executive Summary CyberVolk/GLORIAMIST is a hacktivist collective originating in India with pro-Russia leanings. Between June and October 2024, CyberVolk claimed responsibility for multiple ransomware attacks. The main objective of CyberVolk and related groups…

#attack, #author, #browser, #bug, #opjp
January 9, 2025

Remotely Controlled Vehicles Over Starlink

Modern remote control (RC) radios are capable of incredible range, but they’re still only made for line-of-sight use. What if you want to control a vehicle that’s 100s of kilometers away, or even on the other side of the planet? Cellular is an option, but is obviously limited by available infrastructure — good luck getting…

#ccas, #go, #remote, #ui, #un
January 9, 2025

DPRK IT Workers | A Network of Active Front Companies and Their Links to China

SentinelLabs has identified multiple deceptive websites linked to businesses in China fronting for North Korea’s fake IT workers scheme. Executive Summary SentinelLabs has identified unique characteristics of multiple websites, now seized by the US Government, associated with the DPRK IT Worker front companies. We assess with high confidence that DPRK actors seek to impersonate US…

#data-protection, #health, #ict, #investigation, #tech
January 9, 2025

BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence

SentinelLabs has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware. Executive Summary SentinelLabs has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware. We assess with high confidence that the same actor is responsible for earlier attacks attributed to BlueNoroff and the RustDoor/ThiefBucket and RustBucket campaigns.…

#attack, #author, #browser, #bypass, #tech
January 9, 2025

Cloud Malware | A Threat Hunter’s Guide to Analysis, Techniques and Delivery

Learn about cloud threats, how to hunt for them and how to analyze them in this post based on Alex Delamotte’s recent LABScon workshop. As many researchers have noticed, malware in the cloud is different. Perhaps more strikingly different than Windows versus Linux threats, cloud services are targeted through entirely different methods altogether. At LABScon…

#attack, #ict, #investigation, #programming, #tech
January 9, 2025

China’s Influence Ops | Twisting Tales of Volt Typhoon at Home and Abroad

China’s CVERC attempts to attribute Volt Typhoon activities to the U.S., but the fact-free claims reveal much about the PRC’s real agenda. Executive Summary The latest CVERC report reflects China’s ongoing efforts to undermine support for U.S. surveillance activities by attempting to fuel debate over Section 702. The CVERC report also draws Microsoft into its…

#author, #hack, #ict, #japanese, #tech