Tag Archives: hack

Are passkeys vulnerable to browser-based attacks?

Posted on by

Researchers from SquareX said they were able to compromise passkeys through browser #vulnerabilities. The researchers presented their findings at Def Con 33, showing attackers can use #malicious extensions or scripts to intercept passkey workflows, making fraudulent passkey prompts appear legitimate. But security experts have criticized the research, saying it demonstrates a misunderstanding of the FIDO specifications and security principles.

Full Story: TechRadar (8/28)

https://www.techradar.com/pro/security/researchers-reveal-that-passkeys-are-not-as-safe-as-we-think-they-are-heres-how-to-stay-safe

Self preservation in Action

Experts will always deny what is obvious to protect their decisions in this false security playing field.

SolarWinds Backdoor

Posted on by

What They’re Not Telling You About SolarWinds: It Wasn’t a Breach — It Was the Backdoor

In December 2020, the world was told a Russian “Hack” hit U.S. federal networks through SolarWinds.

Wrong.

It wasn’t a foreign op.

It was a white hat takeover of the digital command grid.

Let me show you.

1. What Was SolarWinds?

A Texas-based IT company that pushed software updates to:

  • Pentagon
  • DHS
  • State Department
  • Treasury
  • NSA
  • Big Tech (Microsoft, Cisco)
  • Even Dominion Voting Systems
  • The update included a hidden “Sunburst” backdoor.

What they called a vulnerability…

…was actually a legal foothold.

2. EO 13848 Was Already Active

Trump had already signed Executive Order 13848 in 2018:

Declaring election interference a national emergency.

By 2020, SolarWinds gave federal intel teams lawful access to:

  • Servers
  • Email traffic
  • Internal communications
  • Contract records
  • Voting infrastructure

Under 13848, they didn’t need permission.

They needed access.

SolarWinds was access.

3. What Came Next?

  1. 2021: Microsoft, FireEye, and CISA all “confirm breach”
  2. 2021–2022: Mass resignations in Big Tech, banking, and military
  3. 2022–2023: SCOTUS shadow docket rulings + Roe overturned
  4. 2023–2024: NGO purges, media collapses, asset seizures escalate
  5. 2025: One Big Beautiful Bill → AI firewall codified

You’re watching a multi-year digital sting operation unfold in quarters.

4. SolarWinds + EO 13961 = Continuity Killbox

EO 13961 (Mission Continuity Strategy, Dec 2020):

Federalizes critical mission systems across all agencies.

Now link the pieces:

  • SolarWinds → digital access
  • EO 13848 → legal seizure authority
  • EO 13961 → control continuity
  • 2025 AI Clause → shields enforcement from state interference

This isn’t cleanup. It’s activation.

5. The Real Operation

SolarWinds wasn’t a failure.

It was the launchpad for:

  1. Asset tracing
  2. Intel extraction
  3. Sting AI deployment
  4. Legal lockdown of Deep State infrastructure

Total ops handoff to Continuity teams (Guard/Marines/Coast Guard)

The Great Reset isn’t theirs.

It’s ours.

Bottom Line:

  • SolarWinds was the moment they got the keys.
  • Every laptop seized…
  • Every NGO collapsed…
  • Every offshore trust exposed…
  • It all ties back to December 2020.
  • And now in July 2025, they’ve made it permanent.

Offboarding Remote workers

Posted on by

Offboarding remote workers is not as easy as it seems, so here is an article from Forbes for some things to consider when offboarding remote workers

Companies often overlook offboarding of remote employees, leading to data breaches and potential legal issues, writes Brandon Batchelor of ReadyCloud, an ecommerce CRM. Common mistakes include failing to recover equipment, not rescinding software access, poor internal communication and ignoring the emotional aspects of offboarding.

Full Story: Forbes (tiered subscription model) (5/5) 

Considering some of the above issues involved, one really has to wonder if the correct analysis of the risks of remote workers has been done and are worth the initial savings involved.

The question’s are who are they, who and where do they live, who are their partners, what additional software is installed on their devices, what AI features are they using that could compromise your security and credibility.

Many cases of remote worker fraud have been recorded.

Vulnerable Medical devices

Posted on by

Report: 99% of hospitals have vulnerable medical devices

Ninety-nine percent of 351 health systems in a study had internet-connected medical devices that were vulnerable to publicly available exploits, and 20% of hospital information systems had known vulnerabilities linked to ransomware exploitation, according to Claroty. The report recommends prioritizing security of devices with known exploited vulnerabilities that are directly connected to the internet or can be accessed remotely through a non-enterprise-grade method.

Full Story: Security Week (3/28) 

Apache Log4j

Posted on by

Is Apache Log4j Installed

To determine if Apache Log4j is installed on your system, you can use a combination of manual and automated methods. For Linux servers, you can run a command to search for files related to Log4j:

find / -type f -name log4j*

This command will list all files containing “log4j” in their names, which can help identify if Log4j is installed on your server.8

For Windows servers, you can use a similar approach by searching for files containing “log4j” in their names:

dir C:\*log4j*.jar /s

This command will search for files with “log4j” in their names in the C: drive and its subdirectories.3

Automated tools can also be used to scan for Log4j installations. One such tool is Syft, which can create a software bill of materials (SBOM) and help identify old Log4j versions:

syft dir:/ | grep log4j

This command will scan your server and search for Log4j files.3

Additionally, you can use a Python script or a Go package like log4jscanner to scan your system for vulnerable Log4j versions.43

Since Log4j is a Java library, it may be embedded within other Java applications, making it harder to detect. Therefore, it’s important to check all Java applications running on your system and consult their vendors for any dependencies on Log4j.3

For a more thorough check, you can also manually inspect the manifest files within JAR files to confirm the version of Log4j installed.3

Remember, these methods may not be foolproof, as Log4j can be embedded within other JAR files or applications. Therefore, it’s crucial to follow up with vendor advisories and ensure all applications are updated to the latest versions.

Mass scanning for Log4J in progress.

Remote execution in NSA code Ghidra Log4J.

NSA will release Apache, Log4J, Ghidra.It will burn every computer from the inside

Taking down the whole internet with Ghidra?

Risk Communication

Posted on by

Cyber Risk Communication Document

Creating a cyber risk communication document involves several steps to ensure that all stakeholders are informed effectively about potential risks and how to mitigate them.

Here’s a structured approach based on the provided context:

  1. Identify the Audience: Determine who the document is for, such as executives, board members, employees, or clients. Tailor the language and level of detail to suit each audience’s needs and understanding.
  2. Gather Information: Collect data on current risks, threat landscapes, and any ongoing or past incidents. Include details on the organization’s cybersecurity posture and any existing controls or measures in place.
  3. Structure the Document: Organize the information logically. Start with an executive summary that highlights key risks and recommendations. Follow with detailed sections on each risk, including its potential impact, likelihood, and proposed mitigation strategies.
  4. Use Clear and Concise Language: Avoid technical jargon that might confuse non-technical stakeholders. Present information in a way that is easy to understand and actionable.
  5. Include Visual Aids: Use graphs, charts, and other visual aids to make complex information more accessible. For example, a proximity resilience graph can help illustrate the organization’s resilience against specific threats and risk impacts.
  6. Provide Context: Explain why each risk is significant and how it could affect the organization. This helps stakeholders understand the urgency and importance of addressing the risks.
  7. Recommend Mitigation Strategies: Offer specific steps that can be taken to reduce the likelihood or impact of identified risks. Include both immediate actions and long-term strategies.
  8. Review and Update Regularly: Cyber threats evolve rapidly, so the document should be reviewed and updated regularly to reflect new risks and changes in the threat landscape.
  9. Communicate Proactively and Reactively: In addition to the document, maintain regular communication channels to keep stakeholders informed about ongoing risks and any new developments. This could include regular updates, incident alerts, and educational content.
  10. Test the Plan: Conduct regular drills and simulations to test the effectiveness of the communication plan and make necessary adjustments.

login Issues

Posted on by

There are over 300 million fraudulent sign-in attempts to the Microsoft cloud services every day. Cyberattacks aren’t slowing down any time in the near future, and it’s worth noting that most attacks have been successful simple means. It only takes is one compromised set of credentials (user name/password), a legacy or an unpatched application to cause a data breach. This shows how critical it is to ensure password security and a strong authentication process.

Learning about common vulnerabilities and the single most important action that you can take to protect your accounts from attacks is MFA.

Common vulnerabilities

  • Business email compromise, an attacker can gain access to a corporate email account, through phishing or spoofing, and can use it to exploit a system for many reasons. Accounts protected with only a user account and password are the easiest to compromise.
  • Legacy protocols can create a major vulnerability because applications that use basic protocols, such as SMTP, were not designed to manage Multi-Factor Authentication (MFA). So even if you require MFA for most use cases, attackers will search for opportunities to use outdated browsers or email applications to force the use of less secure protocols.
  • Password Usage, Considering that up to 73 percent of passwords are duplicates, this has been the most successful strategy for many attackers and it’s easy to do. The process of password spray and credential stuffing attacks make it easy to compromise a system. Common passwords and credentials compromised by attackers in public breaches, social media share and tell sessions are used against corporate accounts to try to gain access.

Multi Factor Authentication (MFA)

What you can do to protect your organization

You can help prevent some of these attacks by banning the use of bad passwords through group policies and enabling a stricter password policy, blocking legacy authentication, and training employees on phishing attacks. However, one of the simplest and most effective things you can do is to just turn on MFA. By providing an extra barrier and layer of security that makes it incredibly difficult for attackers to get past, MFA can block over 99.9 percent of account compromise attacks. With MFA enabled, knowing or cracking the password won’t be enough to gain access.

According to the SANS Software Security Institute there are two primary obstacles to companies adopting MFA implementations today:

  1. A misconception that MFA requires external hardware devices.
  2. Concerns about potential user disruption or concern over what may break.

Matt Bromiley, a SANS Digital Forensics and Incident Response instructor, says, “It doesn’t have to be an all-or-nothing approach. There are different approaches your organization could use to limit the disruption while moving to a more advanced state of authentication.” These include a role-based or by application approach—starting with a small group and expanding from there. Bret Arsenault shares his advice on transitioning to a passwordless model in Preparing your enterprise to eliminate passwords.

Passwordless authentication technologies are not only more convenient for end users but are extremely difficult and costly for hackers to compromise. Learn more about Microsoft passwordless authentication solutions in a variety of form factors to meet user needs.