While I have reported about software supply chain attacks in the past, they have all been one-off and in some cases highly targeted attacks. The FBI has issued a warning about ongoing, large scale, software supply chain attacks. The attackers are using the Kwampirs malware to install a Remote Access Trojan or RAT. The FBI […]
Continue reading → [DISPLAY_ACURAX_ICONS]Iran Expands Oil & Gas Attacks to Electric as Well According to researchers, Iran linked APT33 has expanded its attack surface. Initially they were going after the global oil and gas industry but now they have added the electric grid to the mix. Right now, they say, the goal is reconnaissance – gathering information to […]
Continue reading → [DISPLAY_ACURAX_ICONS]I know I keep beating the Ransonware 2.0 drum, but there is a reason for it. There is not a good response to it other than to stop it from happening. According to media reports, Maze ransomware hackers have attacked 5 law firms in the last 30 days and 3 law firms in the last […]
Continue reading → [DISPLAY_ACURAX_ICONS]UK Proposes Weak Security Law for IoT Devices; Calls it Strong The UK is proposing a law similiar to California’s existing IoT law and calls it strong security. What makes it strong is that they call it strong, maybe? The bill requires that default passwords on IoT devices be unique (likely part of the serial […]
Continue reading → [DISPLAY_ACURAX_ICONS]Orphaned Data in the Cloud Researchers at security firm vpnMentor found an unsecured S3 bucket with passport, tax forms, background checks, job applications and other sensitive data for thousands of employees of British consultancies. Many of the firms involved are no longer in business. The researchers reported this to Amazon and the UK’s Computer Emergency […]
Continue reading → [DISPLAY_ACURAX_ICONS]A SIM is the (usually) hardware card that gives your phone its “personality”. The SIM is tied to the carrier and contains all the information that the phone needs to talk to your carrier. As users SLOOOOWLY migrate to using text messages as an extra layer of authentication for logging in to a variety of […]
Continue reading → [DISPLAY_ACURAX_ICONS]