Ryan Naraine – TFun dot org

Prolific Chinese APT Caught Using 'MoonBounce' UEFI Firmware Implant

20/01/2022Ryan Naraine

Threat hunters at Kaspersky have spotted a well-known Chinese APT actor using an UEFI implant to maintain stealthy persistence across reboots, disk formatting or disk replacements. read more Source: Security Week

Project Zero: Zoom Platform Missed ASLR Exploit Mitigation

19/01/2022Ryan Naraine

A prominent security researcher poking around at the Zoom video conferencing platform found worrying signs the company failed to enable a decades-old anti-exploit mitigation, a blunder that greatly increased exposure to malicious hacker attacks. read more Source: Security Week

1Password Raises Mammoth $620 Million Funding Round

19/01/2022Ryan Naraine

Investors continue to pour cash into Canadian password management software vendor 1Password, pushing the company’s valuation to $6.8 billion. read more Source: Security Week

Apple Patches iOS HomeKit Flaw After Researcher Warning

12/01/2022Ryan Naraine

Apple has released an iOS security update with a fix for a persistent denial-of-service flaw in the HomeKit software framework but only after an independent researcher publicly criticized the company for ignoring his discovery. read more Source: Security Week

Patch Tuesday: Microsoft Calls Attention to 'Wormable' Windows Flaw

11/01/2022Ryan Naraine

Microsoft’s first batch of patches for 2022 is a big one: 97 documented security flaws in the Windows ecosystem, some serious enough to cause remote code execution attacks. read more Source: Security Week

Is the 'Great Resignation' Impacting Cybersecurity?

11/01/2022Ryan Naraine

The so-called ‘great resignation’ currently upending the U.S. labor market is starting to affect cybersecurity programs with a growing number of senior leaders opting for early retirement and mid-level managers leaving in droves for less stressful, fully remote work opportunities. read more Source: Security Week

Apache Foundation Calls Out Open-Source Leechers

10/01/2022Ryan Naraine

The Apache Software Foundation (ASF) is calling out for-profit companies leeching on open-source code, warning that “only a tiny percentage” of downstream vendors are contributing to securing the open-source ecosystem. read more Source: Security Week

Attackers Hitting VMWare Horizon Servers With Log4j Exploits

07/01/2022Ryan Naraine

Threat hunters in the U.K.’s National Health Service have raised an alarm for an unknown threat actor hitting vulnerable VMWare Horizon servers with exploits for the ubiquitous Log4j security flaw. read more Source: Security Week

Author: Ryan Naraine

Prolific Chinese APT Caught Using 'MoonBounce' UEFI Firmware Implant

Project Zero: Zoom Platform Missed ASLR Exploit Mitigation

U.S. Olympians Told to Use 'Burner Phones' in China

1Password Raises Mammoth $620 Million Funding Round

Five Key Signals From Russia's REvil Ransomware Bust

Apple Patches iOS HomeKit Flaw After Researcher Warning

Patch Tuesday: Microsoft Calls Attention to 'Wormable' Windows Flaw

Is the 'Great Resignation' Impacting Cybersecurity?

Apache Foundation Calls Out Open-Source Leechers

Attackers Hitting VMWare Horizon Servers With Log4j Exploits