Skip to main content


2023.10.17.News You Should Know

CDW investigating ransomware gang claims of data theft ( - #Ransomware #ThreatActor - CDW acknowledges breach of a subsidiary of a division of a business area. Threat actors miffed over $1m offer after $80m demand. HTTP/2 ‘Rapid Reset’ zero-day exploited in biggest DDoS yet • The Register - #Research #ThreatActor - Largest ever DDoS…from smallest ever botnet? 20k bots (multitudes smaller than previous botnets) were able to abuse HTTP/2 streaming to request hundreds of assets from a server over a single TCP stream (a feature of HTTP/2) then cancel those request midstream and request a hundred assets again. Which doesn’t count toward the max request limit. The only theoretical limit to this attack is target bandwidth. US Navy sailor admits to selling military secrets to China • The Register - #politics #InsiderThreat - Navy sailor admits to selling information to Chinese handler, for $14.8k. This comes after another Chinese American Navy sailor was arrested in San Di
Recent posts

LibWebP (CVE-2023-4863)

Here is a non-exhaustive list of possible mitigations to prevent the exploitation of CVE 2023-4863 in the LibWebP library. This library has a heap buffer overflow available across all operating systems, most browsers, an exceptional number of Electron framework applications. This CVE is rated a 10 after previously being rated 8.8. This was due to an original disclosure from Google stating that Chrome was the only effected application. After investigation, it was discovered that all instances of the LibWebP library were vulnerable across all platforms. A similar CVE ( 2023-5217 ) is pending analysis for the VP8 webstream video format (a sister library to libwep.) As working proof-of-concepts are generally available to the public and Google and Apple both acknowledge threat actors and spyware vendors making use of the vulnerability, it is essential that you begin reviewing and patching all business critical applications. Patch Browsers, All of them All major and minor browsers acr

Broccoli Cheddar Soup

If you long for cool days and hospital Panera food, this soup is for you. Pair with a crusty bread for a fast soup that feeds 6. Ingredients 2 Lg Carrots, grated 1 Lg White Onion, grated 1 Stick Butter 1/4C AP Flour + 1/4C AP Flour as needed 8C Chicken Stock (No/Low Sodium) 3 Broccoli heads, cut into florets and stalks shaved and cubed 8oz White Sharp Cheddar, grated from a block 8oz Yellow Extra Sharp Cheddar, grated from a block 2C Whole Milk Notes : This recipe’s salt content can get out of hand quickly. Season throughout, but consider the saltiness of your cheeses and the sodium content of your broth if not using low/no sodium. No amount of milk is going to unsalt this soup. Additionally, shredded cheese should not be used in this soup. The pre-shredded cheese has a starchy coating which prevents melting and encourages curdling of the soup. Steps In a large dutch oven, melt the stick of butter over high heat and add the carrots and onion. Allow to co

Tuscan White Bean with Bacon

White beans are one of the most versatile canned ingredients in the kitchen. Easily dressed up and perfect for a fast pantry dinner and it only cost around $10 for the whole meal. This recipe calls for a few odds and ends that you may not have in your kitchen, leave them out! It’ll be better with them, but still a decent dinner without them. Ingredients 1/2 White Onion, chopped 1 14oz Can Spinach, drained and chopped roughly 2 14oz Cans White Beans (Cannellini) 1 14oz Can Petite Tomatoes, strained, liquid reserved 2 C dry Ditalini pasta 4 C Chicken Broth 1T Parsley 1T Italian Seasoning 1t Rosemary Salt & Pepper Fancy Additions Sun-dried Tomatoes in Oil Carrots and Celery for a real mirepoix Fresh instead of dried herbs  1T Red Wine Vinegar 1C White Wine (Chardonnay) 5 Bacon Strips, cut into postage stamp sized pieces Chicken Thighs or leftover rotisserie Chicken Parmesan Cheese, grated Steps In a large bowl combine chicken broth, ditalini, and

Show And Tell

Once a week, our security team gathers everyone into a meeting and shares the last week’s worth of security related news and any new security initiatives. This one hour may be the most valuable meeting we attend and has the greatest impact on successful security outcomes. What is it? We call ours a Security Show & Tell. (You can call it whatever fun and exciting name fits your corporate culture.) Regardless of the name, the goal is to set aside an hour each week to share three kinds of security stories and our response to them. Stories that are in the news. Stories that impact our work. Stories that impact our lives. Author’s Note: There’s some helpful tips below on how to gather these stories.  Why you should do it There’s a lot of great reasons to do this, but I want to drive home a few really important ones. How many times has this happened to you? You wake up, open , and begin scrolling only to find out that $Vendor has a nasty zero-day and organiza

2023.03.21.News You Should Know

Silicon Valley Bank collapsed this month causing credit ratings of major banks to drop and another to fail. While a multitude of information about this is available we find it most interesting because threat actors are using the collapse as pretext for scam emails. These emails are sent to trusted third-party businesses asking for updates to the accounts payable or EFT details to threat actor controlled accounts. E.g.; “Our SVB account isn’t good anymore please use Threat Actor National Savings and Loan account 12345” Breach forums owner “pompompurin” is arrested, turns out to be 19yo Conor Fitzpatrick of Peekskill New York. Breach really made an impact after the rise and fall of RaidForums last year (when Raid caught the attention of the Fed after members breached Infraguard- the FBI/Civilian information sharing group) While BreachForums was still active, another admin, “baphomet”, found that after the arrest, "pompompurin"s account was continuously used to access ser

2023.02.28.News You Should Know

Mobile World Congress will feature highlights of mobile networks being utilized in the Russo-Ukrainian conflict Discussions will be held around Ukraine and Russia’s use of civilian mobile network infrastructure, the dangers of geo-location data, and the largest roaming disablement in mobile networking history. NIST is accepting comments on the newest version of the Cyber Security Framework {PDF} This version will seek to expand the below capabilities and provide additional guidance: Improve measurement capabilities Expand coverage of the supply chain Increase in governance Thanks to Brian Krebs and others, we now know that the LastPass Breach, happened because the core LastPass services were too tightly protected. This motivated threat actors to go after one of the lead developers home workstations. Namely, a Plex Media Sharing server that was unprotected. Once the Plex service was breached , via an unpatched RCE, they were able to install a keylogger on to the system to obt