IT and Business Insights for SMB Solution Providers

Jay Ferron's blog

Intel vPro Gets vPwned

 Modern processors are extremely complicated devices and aren’t single purpose number crunching machines as they were in the past. A modern CPU contains subsystems responsible for power management, remote administration, hardware security, and much more. Intel brands this collection of technologies as vPro. The subsystem with perhaps the most attack surface is branded as Intel Active Management Technology (AMT), a system designed to allow for remote administration of corporate computer assets.

Hidden in Google’s DNS Over HTTPS

 Today’s technological landscape has led to an explosion of cyber security products and services to automatically detect and deal with threats and malware. How-ever, as more and more emphasis is put on automated systems, attackers have to modify their strategies to combat this. Threat detection and analysis company, Huntress Labs, discovered a piece of malware that hides in plain sight and would likely not be detected by most automatic defenses, requiring a human analysis element.

Curse of The Golden Bug

 The saying goes, “Once is chance, twice is a coincidence, and three times is a pattern.” But do we really need three times when the repetition is so clearly similar? Researchers at Trustwave have found spyware within the Golden Tax Invoicing system provided by Baiwang and have named the spyware Golden Helper. A Golden Tax Invoicing system is required to log invoices and expenses for accurate centralized Value Added Tax reporting. Baiwang is joined by Aisin as the only two providers of the Golden Tax Invoicing system.

SigRed: “New” Windows DNS Vulnerability Scores 10/10 on CVSS Scale

What was computer-related life like in 2003? For starters: the iTunes store just opened, miniSD cards and DDR2 SDRAM were just hitting the market, and AMD released their first 64-bit processor. A vulnerability affecting Windows DNS, dubbed SigRed, has remained undetected for 17 years until found by Check-Point researchers earlier this year.

: Microsoft Security: Use baseline default tools to accelerate your security career

URL: https://www.microsoft.com/security/blog/?p=91853

Overview: As you build your cybersecurity career, take advantage of important new and proactive security configuration and management capabilities that will help your organization ‘move left’ on understanding and reducing risk.

Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale

URL: https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/

Overview: We're excited to release a new tool called OneFuzz, an extensible fuzz testing framework for Azure.

Pages

Subscribe to RSS - Jay Ferron's blog