As is often the case, humans and process represent the biggest failure window. Microsoft, to its credit, is being public about its own failures and pretty quickly. The Chinese hackers, Storm-0558, obtained a “golden cryptographic key” which allowed them to generate tokens so that they could masquerade as other users. I don’t know why you […]
Continue reading → [DISPLAY_ACURAX_ICONS]Want a .US Domain? Just Lie About It. The .US top level domains are a hotbed for phishing attacks. Apparently, this is due to lax oversight. In theory, the .US is managed by the US government, but the government outsources that to GoDaddy – who doesn’t have a stellar cybersecurity reputation to be polite. See […]
Continue reading → [DISPLAY_ACURAX_ICONS]What Does $50,000 in iPads Get You? The answer may be a prison sentence for bribery. The case is going back and forth, but now the case is back on. The head of Apple security wanted some concealed carry permits for his team and since the process wasn’t going as fast as Apple would like, […]
Continue reading → [DISPLAY_ACURAX_ICONS]In light of one of the largest breaches in recent history – the MOVEit supply chain attack – it is possible new case law may be developed. The typical lawsuits that come out of breaches are damage claims from victims who say that the breach of their data caused them pain and suffering. Except that […]
Continue reading → [DISPLAY_ACURAX_ICONS]US Warns Other Countries Hack Satellites Like We Do Last week I wrote about US Space Force bragging that they set up a new team to hack adversaries satellites and ground infrastructure. This week the Air Force and NCSC published an advisory that, guess what, other countries are doing the same thing and if the […]
Continue reading → [DISPLAY_ACURAX_ICONS]The Chair of the House Oversight Committee’s cybersecurity subpanel says the bill, titled the Federal Cybersecurity Vulnerability Reduction Act, would play a crucial role in protection the nation’s digital infrastructure. The bill doesn’t actually require federal contractors to improve security. Instead, it will require all federal contractors, potentially even 1 person companies, to set up […]
Continue reading → [DISPLAY_ACURAX_ICONS]