Concord Computer Consulting, Inc.

10/08/2025

There’s a second computer inside your laptop… and you never knew it was there.Since 2008, nearly every Intel-powered device has shipped with a hidden microco...

10/08/2025

10/15/2022

11/02/2021

APPLE’S system that exposes creepy apps that track your location or snoop on your browsing history has finally arrived. The iPhone’s new “Privacy Report” feature gives users…

12/10/2020

Introducing the new MacBook Air, 13-inch MacBook Pro, and Mac mini, all with the Apple M1 chip.

11/21/2020

Microsoft Reveals Pluton, a Custom Security Chip Built Into Intel, AMD, and Qualcomm Processors....

For the past two years, some of the world's biggest chip makers have battled a series of hardware flaws, like Meltdown and Spectre, which made it possible -- though not easy -- to pluck passwords and other sensitive secrets directly from their processors. The chip makers rolled out patches, but required the companies to rethink how they approach chip security. Now, Microsoft thinks it has the answer with its new security chip, which it calls Pluton. The chip, announced today, is the brainchild of a partnership between Microsoft, and chip makers Intel, AMD, and Qualcomm. Pluton acts as a hardware root-of-trust, which in simple terms protects a device's hardware from tampering, such as from hardware implants or by hackers exploiting flaws in the device's low-level firmware. By integrating the chip inside future Intel, AMD, and Qualcomm central processor units, or CPUs, it makes it far more difficult for hackers with physical access to a computer to launch hardware attacks and extract sensitive data, the companies said. "The Microsoft Pluton design will create a much tighter integration between the hardware and the Windows operating system at the CPU that will reduce the available attack surface," said David Weston, director of enterprise and operating system security at Microsoft.

The security chip will live inside future Intel, AMD, and Qualcomm processors.

11/21/2020

Feds issue emergency order for agencies to patch critical Windows flaw....

Agencies that don't update must disconnect all domain controllers from networks.

Agencies that don't update must disconnect all domain controllers from networks.

11/21/2020

Massive, China-State-Funded Hack Hits Companies Around the World, Report Says....

Researchers have uncovered a massive hacking campaign that's using sophisticated tools and techniques to compromise the networks of companies around the world. The hackers, most likely from a well-known group that's funded by the Chinese government, are outfitted with both off-the-shelf and custom-made tools. One such tool exploits Zerologon, the name given to a Windows server vulnerability, patched in August, that can give attackers instant administrator privileges on vulnerable systems. Symantec uses the code name Cicada for the group, which is widely believed to be funded by the Chinese government and also carries the monikers of APT10, Stone Panda, and Cloud Hopper from other research organizations. The group has been active in espionage-style hacking since at least 2009 and almost exclusively targets companies linked to Japan. While the companies targeted in the recent campaign are located in the United States and other countries, all of them have links to Japan or Japanese companies.

The attacks make extensive use of DLL side-loading, a technique that occurs when attackers replace a legitimate Windows dynamic-link library file with a malicious one. Attackers use DLL side-loading to inject malware into legitimate processes so they can keep the hack from being detected by security software. The campaign also makes use of a tool that's capable of exploiting Zerologon. Exploits work by sending a string of zeros in a series of messages that use the Netlogon protocol, which Windows servers use to let users log into networks. People with no authentication can use Zerologon to access an organization's crown jewels -- the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network. Microsoft patched the critical privilege-escalation vulnerability in August, but since then attackers have been using it to compromise organizations that have yet to install the update. Both the FBI and Department of Homeland Security have urged that systems be patched immediately. Among the machines compromised during attacks discovered by Symantec were domain controllers and file servers. Company researchers also uncovered evidence of files being exfiltrated from some of the compromised machines.

Attacks are linked to Cicada, a group believed to be funded by the Chinese state.

11/20/2020

Windows Turns 35....

The PC revolution started off life 35 years ago this week. Microsoft launched its first version of Windows on November 20th, 1985, to succeed MS-DOS. It was a huge milestone that paved the way for the modern versions of Windows we use today. While Windows 10 doesn't look anything like Windows 1.0, it still has many of its original fundamentals like scroll bars, drop-down menus, icons, dialog boxes, and apps like Notepad and MS paint.

From Windows 1.0 to Windows 10

10/29/2020

10/29/2020

Security Blueprints of Many Companies Leaked in Hack of Swedish Firm Gunnebo....

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged that the intruders stole and published online tens of thousands of sensitive documents -- including schematics of client bank vaults and surveillance systems. The Gunnebo Group is a Swedish multinational company that provides physical security to a variety of customers globally, including banks, government agencies, airports, casinos, jewelry stores, tax agencies and even nuclear power plants. The company has operations in 25 countries, more than 4,000 employees, and billions in revenue annually.

Acting on a tip from Milwaukee, Wis.-based cyber intelligence firm Hold Security, KrebsOnSecurity in March told Gunnebo about a financial transaction between a malicious hacker and a cybercriminal group which specializes in deploying ransomware. That transaction included credentials to a Remote Desktop Protocol (RDP) account apparently set up by a Gunnebo Group employee who wished to access the company's internal network remotely. Five months later, Gunnebo disclosed it had suffered a cyber attack targeting its IT systems that forced the shutdown of internal servers. Nevertheless, the company said its quick reaction prevented the intruders from spreading the ransomware throughout its systems, and that the overall lasting impact from the incident was minimal.

In March 2020, KrebsOnSecurity alerted Swedish security giant Gunnebo Group that hackers had broken into its network and sold the access to a criminal group which specializes in deploying ransomware. In August, Gunnebo said it had successfully thwarted a ransomware attack, but this week it emerged t...