Cyber News
This EDR vendor made the news in the worst way possible by bricking millions of Windows computers with a faulty update.
What is Crowdstrike?
The ongoing hack by this Chinese threat actor has unleashed a maelstrom of finger pointing amongst telecoms, and the ironic recommendation to use encrypted apps like Signal from the federal government—you know, the ones who wanted backdoors in encryption?
What is Salt Typhoon?
This account, identified by SID S-1-5-18, runs core services like winlogon and lsass.exe.
Who is NT AUTHORITY\SYSTEM?
The root account on Linux systems always has this UID.
This new feature of Windows Copilot+ PCs was so grody, Microsoft had to pull it from release and rebuild it with security in mind. Maybe do that from the jump next time?
What is Recall?
A much-hyped RCE in this Linux component turned out to be much less serious than originally thought, in part because nobody prints on Linux.
What is CUPS?
(Also: what is cups-browsed?)
This gate between normal user activity and elevated/Administrator activity was introduced in Windows Vista, along with the best Windows sounds in any version.
What is User Account Control (UAC)?
Unlike Windows, remote access to modern Linux systems requires encryption, over this protocol that commonly runs on port 22.
What is Secure SHell (SSH)?
CNA Financials still holds the record for largest ransomware payment with its $40M payout in 2021, but Change Healthcare's payment of this amount to AlphV/Blackcat puts it squarely in the #2 slot
What is $22M?
This omnipresent ransomware group wasn't just taken down by law enforcement in 2024, its sites were used by law enforcement agencies to troll the erstwhile threat actors.
What is Lockbit?
Microsoft Active Directory is an implementation of this open source technology.
What is LDAP (Lightweight Directory Access Protocol)?
While older Linux systems booted services sequentially, this newer init system allows parallel, faster boots, and as a bonus makes greybeards really mad.
What is systemd?
This CISA recommendation for improving low-level software security made the usually crabby Taggart extremely happy.
A takeover of this JavaScript service's domain by Chinese group led to a widespread supply chain attack, impacting millions of websites.
What is Polyfill?
Since I have a list of service principal names (SPNs), and you don't have a strong password policy, I'm well on my way to performing this common Windows domain attack.
What is Kerberoasting?
Short for "Bash," this Unix shell has long been the standard on most Linux distributions.
What is the Bourne-Again Shell?
This company's questionable handling of a recent virtualization acquisition led to several companies looking for alternatives.
What is Broadcom?
The phantom developer "Jia Tan" would have gotten away with a sophisticated backdoor in this common open source component, if not for a single researcher annoyed about CPU performance.
Mark Zibowski forever left his mark on tech history with his initials as this component of Windows/DOS Portable Executables?
On Windows, creating scheduled tasks is a common malware persistence technique. On Linux, threat actors often abuse this tool that was part of the original Unix operating system.
What is cron?