The FBI, CISA, Treasury and FinCEN put out a new alert about a hacking group with a different tactic. While this has been done in the past, it has not been done at scale. The group, Karakurt, does not encrypt your data. Instead they just steal it. What they do after that is give the […]
Continue reading → [DISPLAY_ACURAX_ICONS]Flaw in uClibc Allows DNS Poisoning Attacks A flaw in all versions of the popular C standard libraries uClibc and uClibc-ng can allow for DNS poisoning attacks against target devices. The library is likely used in milliosn of Internet of Things devices that will never be patched and will always be vulnerable. This is where […]
Continue reading → [DISPLAY_ACURAX_ICONS]Chinese Sponsored OPERATION CUCKOOBEES Active for Many Years Researchers with cybersecurity firm Cybereason briefed the FBI and Justice Department as early as 2019 about Operation CuckooBees, an alleged espionage effort by Chinese state-sponsored hackers (named Winnti or APT41) to steal proprietary information from dozens of global defense, energy, biotech, aerospace and pharmaceutical companies. The companies […]
Continue reading → [DISPLAY_ACURAX_ICONS]Many or possibly most small businesses don’t have an internal IT department. They rely on a third party to help them manage their IT assets. These third parties are called Managed Service Providers (MSPs) or sometimes Managed Security Service Providers (MSSPs). This is not inherently bad. But many of these MSPs are not much larger […]
Continue reading → [DISPLAY_ACURAX_ICONS]Here is another short read for you (sorry). For those who read this blog on a regular basis, you know that we talk about supply chain risk a lot. Formally, the government calls it Cybersecurity Supply Chain Risk Management or C-SCRM. Supply chain attacks are very popular because if you pull one off (think SolarWinds), […]
Continue reading → [DISPLAY_ACURAX_ICONS]All software has bugs. But some software has more bugs than others. And some organizations are better at finding and fixing those bugs. Just not those in the public sector. Veracode, the code scanning tool/defect finding tool vendor scans a lot of apps a lot of times. Here is a bit of data that should […]
Continue reading → [DISPLAY_ACURAX_ICONS]