Discussion of public breaches of security
From Brian Krebs’ KrebsonSecurity website: On Jan. 19, the ICRC disclosed the compromise of servers hosting the personal information of more than 500,000 people receiving services from the Red Cross and Red Crescent Movement. The ICRC said the hacked servers contained data relating to the organization’s Restoring Family Links services, which works to reconnect people … Read more
Threatpost has the stories – “China Suspected of News Corp Cyberespionage Attack” media giant news Corp was attacked with BEC (the most likely method of attack) Business Email Compromise. Here is an excellent FBI explanation of BEC. In a BEC scam, criminals send an email message that appears to come from a known source making … Read more
Yes take a look at the latest CISA(Cybersecurity Infrastructure Security Agency) Infographic: Goto CISA webpage for fullsize infographic if you want. CISA is trying to convince you into creating segmentation in different pieces of your network. We need to go through this process to make sure you understand why this method is a good … Read more
Due to an actively exploited zero-day vulnerability: https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.html This bug is a 10 of 10 on the CVSS rating from the article a snippet: Tracked as CVE-2021-44228 and by the monikers Log4Shell or LogJam, the issue concerns a case of unauthenticated, remote code execution (RCE) on any application that uses the open-source utility and affects … Read more
2 stories from the Hacker News: Solar Winds Hackers Targeting Government and Why everyone needs to take the latest CISA directive seriously The Solarwinds hack from last year (the one I discussed in several stories including this one: SolarWinds hackers Hacked Multi-factor Authentication. It is sometimes instructive to review past hacks to see what … Read more
