Discussion of public breaches of security
Microsoft Typhoon story: “Living off the Land” The story starts: ‘The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering’ The Chinese attacked and stole state department employee email, in this Politico story about the Chinese hack: “Among the most sensitive information stolen, … Read more
How should I know? All I do know is that there will be a lot of changes happening faster and faster. The above image is from a previous post that discussed “spam AI” a little. Imagine a new world where you can ask a computer a question and it will answer by reviewing and looking … Read more
SCMagazine has the story “Hiring? New scam campaign means ‘resume’ downloads may contain malware” “Requiring the victim to copy and paste the malicious domain name increases the likelihood the emails will make it past secure email gateways. Plus, with unassuming domain names like “wlynch[.]com” for a candidate named William Lynch and “annetterawlings[.]com” for a candidate … Read more
So have you been assuming all spam to have spelling mistakes? Or just bad grammar? What if the email has impeccable grammar? How to defend against the bad guys using AI in their spam emails? NIST (National Institute of Science and Technology) has a definition of phishing: https://csrc.nist.gov/glossary/term/phishing Phishing Definition: ” A technique for attempting … Read more
DanielMiessler.com website Unsupervised Learning has a post SEC vs Solar Winds Cybersecurity’s Enron moment. The problem is that Cybersecurity is still ‘magic’ to many people and it should not be. It has to be made into a boring endeavor which will make the defense of a company more likely. Making a company secure … Read more