Ransomware is an epidemic that adversely affects the lives of both individuals and large companies, where criminals demand payments to release infected digital assets.

In the wake of the ransomware success, Ransomware-as-a-Service (RaaS) is being offered as a franchise model that allows people without programming skills to become active attackers and take part in the ransomware economy. This is a way of democratizing crime, giving ordinary people and smaller players an easier way into the criminal market, while reducing the risk of exposure for the ones on top of the value chain. …


The fallout of SolarWinds compromise has resulted in a bevy of new malware families, each with different characteristics and behaviors.

SolarWinds advisory : https://www.solarwinds.com/securityadvisory#anchor2


An illustration of transitive and deeply connected software supply chains

The U.S. was caught off guard by foreign interference in the 2016 election. Given the powerful role of social media in political contests, understanding the Russian efforts was crucial in preventing or blunting similar, or more sophisticated, attacks in the 2020 congressional races. Tracking back to 2016, it was far more difficult to trace Russia’s experimentation on Facebook and Twitter social networks, who essentially weaponized the social network platform to become engines of deception and propaganda.

Fast forward to end of 2020 and switching context to software supply chain domain, this `new` meltdown began on Dec. 13 when Reuters reported…


If you’ve arrived to this post, I’d suggest reading the Part-1 and Part-2 to gain context.

FireEye released additional details here (on December 24th, 2020) that is well worth reading.

With the increase of complexity in software and the availability of complex and customizable malware, the amount of work required by a malware analyst to properly analyze all incoming malware exceeds what is possible by a human. Additionally, malware developers continuously make new versions of their malware, adding or changing functionality or complexity.

There currently exists several methods for computer assisted malware classification, using both static and dynamic analysis techniques…


First, let me be clear that I have no insider knowledge. This is my best guess at what occurred, based on publicly available information

If you’ve arrived to this post, I’d suggest reading the prior post to gain context.

As details are still emerging, let’s speculatively examine the attacker’s post entry-point activity and reconnaissance inside SolarWind’s software supply chain.

Tomislav Peričin, founder of ReversingLabs conducted a deep forensics investigation thats well worth reading.

In summary (excerpts from Tomislav excellent post-mortem), he concludes that

  • The attacker infiltrated the source code management system in October 2019 and tampered with version 2019.4.5200.8890


First, let me be clear that I have no insider knowledge. This is my best guess at what occurred, based on publicly available information

If you’ve arrived to this post, I’d suggest reading the prior post to gain context.

As details are still emerging, let’s speculatively examine the attacker’s post entry-point activity and reconnaissance inside SolarWind’s software supply chain.

Tomislav Peričin, founder of ReversingLabs conducted a deep forensics investigation thats well worth reading.

In summary (excerpts from Tomislav excellent post-mortem), he concludes that

  • The attacker infiltrated the source code management system in October 2019 and tampered with version 2019.4.5200.8890


First, let me be clear that I have no insider knowledge. This is my best guess at what occurred, based on publicly available information here (FireEye) and others indicated in references section below.

[UPDATE] : A detailed followup post has been published here

FireEye discovered the supply chain attack that trojanized SolarWinds Orion business software updates in order to distribute malware they call SUNBURST. This report is a must read to understand details associated to this incident.


Image Courtesy : https://www.huismanequipment.com/

The Scala language has continued to gain popularity over the last several years, thanks to its excellent combination of functional and object-oriented software development principles, and its implementation on top of the proven Java Virtual Machine (JVM). Although Scala compiles to Java bytecode, it is designed to improve on many of the perceived shortcomings of the Java language. Offering full functional programming support, Scala’s core syntax contains many implicit structures that have to be built explicitly by Java programmers, some involving considerable complexity.

Scala fuses object-oriented and functional programming in a type-safe way. From the object-oriented world, Scala takes the…


As COVID-19 expanded across the globe to hit most nations, wider interest in tracing real-life contacts through Bluetooth are quickly emerging. These include MIT’s SafePaths, Enigma’s SafeTrace or Covid Watch to name a few.

What digital beacons will apps use to trace proximity contacts? Current designs rely on a low power wireless technology known as BLE aka Bluetooth Low Energy which was introduced with Bluetooth 4.0. For tracing apps to work, the Smartphones must continuously broadcast BLE (Bluetooth Low Energy) signals and interoperate between phones regardless of their make. Most Smartphones are either on Apple iOS or Google Android. During…


First, let me be clear that I have no insider knowledge. This is my best guess at what occurred, based on publicly available information here.

Yet, despite the warning, previous incidents and effective controls, exposed S3 buckets containing either highly sensitive data, cached entities, SDKs, static assets are still being discovered on a daily basis.

Background

Twilio is not only one of the most well respected cloud communications platform globally for their business success, but they’ve also been a leader in enabling software developers to programmatically make and receive phone calls, send and receive text messages, and perform other communication functions…

Chetan Conikee

Engineer, InfoSec tinkerer, Seed Investor, Founder/CTO of ShiftLeft Inc., (Opinions, my own)

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store