Discussion of public breaches of security
Yes take a look at the latest CISA(Cybersecurity Infrastructure Security Agency) Infographic: Goto CISA webpage for fullsize infographic if you want. CISA is trying to convince you into creating segmentation in different pieces of your network. We need to go through this process to make sure you understand why this method is a good … Read more
Due to an actively exploited zero-day vulnerability: https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.html This bug is a 10 of 10 on the CVSS rating from the article a snippet: Tracked as CVE-2021-44228 and by the monikers Log4Shell or LogJam, the issue concerns a case of unauthenticated, remote code execution (RCE) on any application that uses the open-source utility and affects … Read more
2 stories from the Hacker News: Solar Winds Hackers Targeting Government and Why everyone needs to take the latest CISA directive seriously The Solarwinds hack from last year (the one I discussed in several stories including this one: SolarWinds hackers Hacked Multi-factor Authentication. It is sometimes instructive to review past hacks to see what … Read more
Yes now your files will be hidden (apparently they will be placed in a Winrar format – which is a kind of packed encrypted format). And then the original files are deleted. There are more details in the Sophos analysis a their blogpost. How about this attack? KrebsonSecurity has an interesting story about a Nigerian … Read more
Hacker News has an article on how Hackers use a method of installing their software onto your systems. 1. If you notice the problem is when the user opens an attachment or link (URL) in their web browser(Firefox – Microsoft Edge, or Google chrome among the most used browsers) 2. Then the browser decodes the … Read more
