Chinese Cyberattacks: What Are They in 2024?

Microsoft Typhoon story: “Living off the Land” The story starts: ‘The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering’ The Chinese attacked and stole state department employee email, in this Politico story about the Chinese hack: “Among the most sensitive information stolen, … Read more

Will China Use Cyber Attacks in 2024?

Because it is an election year and because the sun is coming up over the horizon the latest FBI director is testifying in Washington to say China could (was and is) attack(ing) us using cyber. “FBI director Christopher Wray testifies on China’s growing cyber threat against U.S. — 1/31/24 (CNBC Youtube video)“ Christopher Wray, FBI … Read more

Another Phishing Attack Angle

  Hackers have found ways to add notification code behind the website code.  Thus if you say Allow in the notification window: then eventually a ‘bad’ notification comes up: Here is an example of ‘bad’ or hacker initiated notifications:   Here is where cybernews.com had the story and the investigation by cybernews showed the details … Read more

Hackers Using New Attack (Not Just Ransomware)

Here is the story from scmagazine: MOVEit hackers may have found simpler business model beyond ransomware “The Russian-speaking hacker group Cl0p confirmed it exploited a zero-day vulnerability in the popular MOVEit file transfer program and stole data from a growing number of victims, exposing the personal information of many millions of people worldwide.”   What … Read more

Windows11 — Upgrade Soon?

Windows10 arrived not that long ago… According to Microsoft’s site learn.microsoft.com 1507 was the first version and it had an initial release at 2015-07-29 so about 8 years ago it was released, and now the last version  22H2 will have a last service date of  2025, Oct 14th 22H2 General Availability Channel 2022-10-18 2023-05-23 19045.3031 … Read more

Has ChatGPT Already Crossed the Red Line?

OpenAI has breathlessly released the latest version (4.0) a few days ago.  This version has plugins which will allow the program to connect with other programs to sort or otherwise use the other programs as per analyticsindiamag.com  Including Expedia, Wolfram, Zapier, Speak, Fiscal Note, kayak, Instacart, Opentable, Klarna Shopping, Shop, Milo family AI, Retrieval, and … Read more

During War are we getting Attacked More?

I am talking about the Russian war against Ukraine which started on Feb 2022. Do you have 80 computes, more than a dozen? Then it should be obvious that they all need to be standardized and if standardized and wrong they will all get hacked. So paying attention to details in your environment pays dividends. … Read more

Hacked? Got insurance? No Payout!!

SCMagazine story on January 3rd. makes you think about the efficacy of cyber insurance. The problem is the government fines and some of the details in the contract language: “The attorneys general of Utah and Oregon reached a $200,000 settlement with Avalon Health, which also requires the provider to develop and implement practices that aim … Read more

2022 What Did we Learn in Cybersecurity?

49 posts on this blogsite oversitesentry in 2022 There were many different posts  I chose 4 to highlight in early ’22: What does Segmentation DonaldTrump Malware post Jan 25,22 Hackers are Ruthless: Attack Red Cross/ Red Crescent  500k stolen China Attacking News sites now & CISA agency declares patch APC UPS(Power Supplies) 3 Critical vulnerabilities. … Read more

Password Managers Hacked: Passwordstate and Lastpass

Passwordstate security failure was worse than Lastpass – but any entity can be hacked or have a cybersecurity failure. Looking into the specifics Passwordstate issue is discussed in portswigger website.   “Passwordstate was subject to scrutiny by Swiss security consultancy modzero AG following a customer request to check the password manager’s security. Modzero researchers Constantin … Read more

Less Than 100 Employees: 3x More Likely Target

At Technewsworld the following quote is interesting: “Attackers do not just target large enterprises. Recent reporting shows companies with less than 100 employees are three times more likely to be the target of a cyberattack — yet, often lack sufficient cybersecurity measures and resources to manage their risk,” said Shena Seneca Tharnish, VP for cybersecurity … Read more

Every month New Vulnerabilities and Patches/Fixes

A new Vulnerability which was a “Zero Day” vulnerability in a Windows Tool called MSDT (Microsoft Support Diagnostic Tool)  according to Technewsworld.com story You can see the tool here in the following image: (after typing msdt in the  Run or task search bar for Windows`10 operating system.)   As I have discussed before – in … Read more

Are You Sending Your Password Hash When Invite Clicked?

SCMagazine has the story ” Accepting Calendar Invite Could Leak Your Password Several steps and the hacker has to create the right environment, but if they can make you click on a calendar invite with the right circumstances your password “hash” will be transferred to the hacker. A hash are a number of characters that … Read more

Are you Hiring? Resume Malware Trying to Get to You!

SCMagazine has the story “Hiring? New scam campaign means ‘resume’ downloads may contain malware” “Requiring the victim to copy and paste the malicious domain name increases the likelihood the emails will make it past secure email gateways. Plus, with unassuming domain names like “wlynch[.]com” for a candidate named William Lynch and “annetterawlings[.]com” for a candidate … Read more