Hackers get around TPM
According to Arstechnica, a hacker was able to get around TPM in under 30 minutes. It seems impressive for someone to be able get around something that Microsoft thinks helps secure your operating system. I’ve been doing some major research into how secure is the TPM and secure boot.
Getting around the TPM in this manner is akin to ignoring Fort Knox and focusing on the not-so-armored car coming out of it. — Arstechnica
Fort Knox is way better than a TPM, it just means that people don’t realize the vulnerabilities of the the TPM. It is still relatively new and people just haven’t had the chance to thoroughly test the trusted platform module.
BlackMatter is Reborn
With Revil and DarkSide getting shut down, we now see that BlackMatter could really be just a simple name change from Darkside.
And sure enough, a recent detailed forensic analysis of the cryptographic algorithms being employed by an apparent newcomer named “BlackMatter” suggests that BlackMatter is actually DarkSide 2.0. — Steve Gibson
It seems that they have left the affiliate model and now are looking for the IAB(initial Access Brokers) to be able to infect computers and networks that might bring them some great revenue from ransomware. Ransomware is getting more and more common and I can guess that they will start to use something like this to infect companies computers. I doubt they will infect targets that are going to be bring them to much attention.
Print Nightmare is a feature not a bug!
I keep saying this but the Print nightmare that is being talked about last month will probably never truly be fix because Microsoft created this issue in the early days so people could easily print to any system. Microsoft has been trying to fix some of the issues but I doubt they will ever fix them all. The idea that it is a zero day, is something that Microsoft didn’t expect but most researchers would have said it was probably possible for several years at the least. I am sure this will be used with a number of other things such as the Boothole exploit. Although this has already be patched by most Linux distro, there are some that just won’t update due to not being able to or wanting to. So there are going always have people who will not see a need to update their systems. .
The First 6 months
Most researchers have said this but in the past 6 months there has already been more attacks than last year. Although most of malware and ransomware writers were all just like everyone else watching what is going on in the world and covid19. They probably weren’t very busy last year and now they need to fix that by showing us how much more they can do. I am sure it will even be better the next 6 months but I am also hopeful the Russians government will keep putting pressure on the virus writers to keep their acts clean and leave companies alone. I doubt it but I can only hope.
What’s your thoughts on all that has happened this year? Do you think it will slow down or get even faster? Do you think we will see more computers getting compromised even with TPM and Secure boot enabled? Let me hear your thoughts.