Integral Crypto FIPS 197: “failed to initialize secure device”

I had an unusual experience when using an Integral Crypto FIPS 197 device on a new laptop. This particular device uses TotalLock.exe on a read-only CDFS partition to enter the decryption key (password) to mount a hidden partition. When I went to access the device, i.e. run TotalLock.exe from the D: drive, the message: Failed to initialize secure device After investing the system event logs with minimal information, and checking the executable wasn’t blocked from explorer, I considered how Windows Defender might be affecting the device. ...

March 31, 2021 · 2 min · Richard Slater

2020 Weekly Update 50: Retail, Healthcare, Vulnerabilities and Politics

Photo by Austin Distel on Unsplash Hiding Malware in Share Buttons Some creative individuals have found a way of hiding card skimming malware in the sharing buttons used on various websites. A timely reminder to know what 3rd parties you us and what they might be vulnerable to. Novel Online Shopping Malware Hides in Social-Media Buttons Google, Adobe, Valve and Microsoft Patches Both Google and Microsoft emitted a slew of updates in the last week including fixes for undisclosed vulnerabilities in Chrome, Windows and Microsoft Teams. ...

December 15, 2020 · 3 min · Richard Slater

Counter-Strike: Global Offensive Settings

Photo by Daniel Stub on Unsplash Disclosure: This page contains Amazon Affiliate links; as an Amazon Associate I earn from qualifying purchases. Further information can be found in my disclaimer and privacy policy. Mouse I bought a Razer Basilisk V2 when it was on Cyber Weekend deals on Amazon; pretty good for fairly decent mouse, I see plenty of people using Zowie Mice which either means they are sponsored by BenQ/Zowie or they are really the best mice for CS:GO — I’ll leave it to you to decide. ...

December 11, 2020 · 2 min · Richard Slater

2020 Weekly Update 49: Threat Hunting, Vulnerabilities, COVID-19

Photo by seth schulte on Unsplash Threat Hunting with JARM SANS comes through with an article on using JARM to hunt threats; this is an area I have started getting interested in given the increased threat landscape we find ourselves in. InfoSec Handlers Diary Blog If you know code is vulnerable, would you ship it? Dark Reading goes into some detail on the critical factors why vulnerable code is shipped in the first place. ...

December 7, 2020 · 4 min · Richard Slater

2020 Weekly Update 48: Threat Models, Cyber Monday and Data Leaks

Photo by Marcin Kempa] on Unsplash Proactive Security and Threat Modeling Manifestos have become a mainstay of information technology with everyone publishing a manifesto articulating the what a group of people subscribe to; generally of the form “we prefer this, over that”. __ InfoSec is no different and this week we had a Threat Modeling Manifesto — this is key as threat modeling is the cornerstone of proactive information security management so well worth a read. ...

November 30, 2020 · 4 min · Richard Slater

2020 Weekly Update 47: Inbox Shenanigans, Unpatched Vulns, Big Sur OCSP, Cyber Insurance and…

Photo by Efe Kurnaz on Unsplash I’ll just sneak this into your in-tray Crafty sellers on the dark web have found a way to sneak e-mails into your inbox without sending them across the internet. This renders tools like Mimecast ineffective against this kind of attack; all is not lost however as the user would need to be phished before this could work. Tool sneakily implants malicious emails into inboxes, but it can be thwarted Innovation has been rife this year within the cybercrime community, The Register called this out in their article on Monday Morning: ...

November 23, 2020 · 8 min · Richard Slater

2020 Weekly Update 46:

Photo by Andrey Trusov on Unsplash Victim Blaming in Information Security Starting off this week on a low note, in my opinion, is the disturbing revelation that in 2020 we still think shaming people is an effective strategy to defend against phishing attacks. A paper published on the 29th October seems to suggest that after doing a study of 142 employees in New Zealand that a name and shame approach would work. ...

November 15, 2020 · 7 min · Richard Slater

2020 Weekly Update 44: Cyber Skills, Healthcare Attacks, North Korea, Machine Learning and Threat…

Photo by Mauro Sbicego on Unsplash I was due to be going away this weekend so I had planned to delay publishing this until Monday; however due to a new national lockdown in the UK, I am no longer able to travel. The bright side is I have time to publish this at the weekend, small mercies. Google’s Project Zero discloses a vulnerability in the Windows Kernel October felt like a busy month for anyone dealing with Windows on their network; and was certainly a reminder of the value of a Defence in Depth strategy is key. To round off the month Google Disclosed a zero-day vulnerability in the kernel Cryptographic Driver that was being exploited in the wild. ...

November 7, 2020 · 6 min · Richard Slater

The need for BeyondCorp-type organisations; Threat Models and Breaches (2020: Week 44)

Photo by marcos mayer on Unsplash IT moves to a zero-trust, decentralised model (Saturday) Looks like Google were on the right track with BeyondCorp as Coronavirus has very succinctly put the “impenetrable border” approach to IT Security on notice. With millions of knowledge workers able to be productive from home, but failing to get access to resources as VPNs and Identity and Access Managements solutions struggle. Threat automation, decentralized architecture among emerging post-COVID cyber trends | SC Media Checkpoint followed up a few days later with a series on videos on how their products could secure a remote workforce: ...

November 2, 2020 · 5 min · Richard Slater

Office 365 and G-Suite Targeted, Tesla Autopilot confused, NSA points a finger (2020: Week 43)

Photo by David von Diemar on Unsplash Cyber-villains Targeting Office 365 and G-Suite users (Monday) Given the impacts of COVID-19 and Working from Home a necessity for many in the industry; cyber attacks this week have leveraged vulnerabilities in well known brands including the RAC. The article has good advice for Security and Operations teams to configure their mail-filters appropriately: Breaking News: Massive Cyberattack Propagating via Redirector Domains and Subsidiary Domains |… Tesla AutoPilot can be tricked with subliminal messages (Monday) A couple of frames in a hacked video billboard video can trick a Tesla into taking inappropriate action: ...

October 24, 2020 · 5 min · Richard Slater