Tech Komando

Your Best Source For Technology News

May 11, 2022

Backdoor in public repository used new form of attack to target big firms

Skull and crossbones in binary code

Enlarge (credit: Getty Images)

A backdoor that researchers found hiding inside open source code targeting four German companies was the work of a professional penetration tester. The tester was checking clients’ resilience against a new class of attacks that exploits public repositories used by millions of software projects worldwide. But it could have been bad. Very bad.

Dependency confusion is a new form of supply-chain attack that came to the forefront in March 2021, when a researcher demonstrated he could use it to execute unauthorized code of his choice on networks belonging to Apple, Microsoft, and 33 other companies. The researcher, Alex Birsan, received $130,000 in bug bounties and credit for developing the new attack form.

A few weeks later, a different researcher uncovered evidence that showed that Amazon, Slack, Lyft, Zillow, and other companies had been targeted in attacks that used the same technique. The release of more than 200 malicious packages into the wild indicated the attack Birsan devised appealed to real-world threat actors.

Read 14 remaining paragraphs | Comments

May 6, 2022

How Apple, Google, and Microsoft will kill passwords and phishing in one stroke

How Apple, Google, and Microsoft will kill passwords and phishing in one stroke

Enlarge (credit: Getty Images)

For more than a decade, we’ve been promised that a world without passwords is just around the corner, and yet year after year, this security nirvana proves out of reach. Now, for the first time, a workable form of passwordless authentication is about to become available to the masses in the form of a standard adopted by Apple, Google, and Microsoft that allows for cross-platform and cross-service passkeys.

Password-killing schemes pushed in the past suffered from a host of problems. A key shortcoming was the lack of a viable recovery mechanism when someone lost control of phone numbers or physical tokens and phones tied to an account. Another limitation was that most solutions ultimately failed to be, in fact, truly passwordless. Instead, they gave users options to log in with a face scan or fingerprint, but these systems ultimately fell back on a password, and that meant that phishing, password reuse, and forgotten passcodes—all the reasons we hated passwords to begin with—didn’t go away.

A new approach

What’s different this time is that Apple, Google, and Microsoft all seem to be on board with the same well-defined solution. Not only that, but the solution is easier than ever for users, and it’s less costly for big services like Github and Facebook to roll out. It has also been painstakingly devised and peer-reviewed by experts in authentication and security.

Read 20 remaining paragraphs | Comments

Russia hammered by pro-Ukrainian hackers following invasion

Russia hammered by pro-Ukrainian hackers following invasion

Enlarge (credit: Getty Images)

For years, Dmitriy Sergeyevich Badin sat atop the FBI’s most-wanted list. The Russian government-backed hacker has been suspected of cyberattacks on Germany’s Bundestag and the 2016 Olympics, held in Rio de Janeiro.

A few weeks into Russia’s invasion of Ukraine, his own personal information—including his email and Facebook accounts and passwords, mobile phone number, and even passport details—was leaked online.

Another target since the war broke out two months ago has been the All-Russia State Television and Radio Broadcasting Company, known as a voice of the Kremlin and home to Vladimir Solovyov, whose daily TV show amplifies some of the most extreme Russian government propaganda.

Read 21 remaining paragraphs | Comments

April 27, 2022

Businesses are adopting Windows 11 more quickly than past versions, says Microsoft

Businesses are adopting Windows 11 more quickly than past versions, says Microsoft

Enlarge (credit: Getty Images)

Data suggests that gamers are moving to Windows 11 at a steady pace but not nearly as quickly as they warmed to Windows 10 a few years ago. For historically change-averse businesses, surprisingly, the opposite may be true—Microsoft CEO Satya Nadella said during the company’s Q3 2022 earnings call that enterprises were “adopting Windows 11 at a faster pace than previous releases.”

That’s just one highlight from an overwhelmingly rosy earnings report for Microsoft, which reported revenue of $49.4 billion (up 18 percent from the same quarter last year) and net income of $16.7 billion (up 8 percent year over year).

Sales of Windows licenses to PC manufacturers increased by 11 percent; revenue from consumer and commercial Office products increased by 11 and 12 percent (respectively); revenue from Xbox content and services increased 4 percent; Surface hardware revenue increased by 13 percent; and LinkedIn revenue (of all things) increased 34 percent. But the biggest driver of growth continues to be Microsoft’s cloud business, which reported 26 percent higher revenue year over year for a total of $19.1 billion in earnings. That growth is thanks in large part to Azure cloud computing services.

Read 2 remaining paragraphs | Comments

January 9, 2022

Post Four

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

and this