As is often the case, humans and process represent the biggest failure window. Microsoft, to its credit, is being public about its own failures and pretty quickly. The Chinese hackers, Storm-0558, obtained a “golden cryptographic key” which allowed them to generate tokens so that they could masquerade as other users. I don’t know why you […]
Continue reading → [DISPLAY_ACURAX_ICONS]In light of the most recent Chinese attack on Azure, several people are speaking out. Amit Yoran, chairman of security firm Tenable, former president of RSA and former Homeland Security National Cyber Security Division director, says this in a LinkedIn post: Cloud providers have long espoused the shared responsibility model. That model is irretrievably broken […]
Continue reading → [DISPLAY_ACURAX_ICONS]Ex-FBI Employee Sentenced to 46 Months for Taking Classified Docs Home In a case similar to the one that an ex-president is facing, ex-FBI agent Kendra Kingsbury was sentenced on two counts of unlawfully retaining documents related to national defense. She held a Top Secret/SCI security clearance and the DoJ says that she removed 386 […]
Continue reading → [DISPLAY_ACURAX_ICONS]The FBI, NSA, CISA, Australia, Canada, New Zealand and the UK (AKA the US and the Five-Eyes Countries) issued a joint advisory on Chinese cyber tactics in light of the Guam critical infrastructure attack. Living off the Land means an attack that uses existing, already installed, vendor signed software to launch an attack and maintain […]
Continue reading → [DISPLAY_ACURAX_ICONS]Sometimes a Patch Goes Sideways HP is working to figure out how to deal with a firmware update to a number of Office Jet printers that “bricked” the printers, meaning that these printers are only useful as a brick or paperweight. The will not boot and all the user gets is a blue screen with […]
Continue reading → [DISPLAY_ACURAX_ICONS]Google Adds Dark Web Monitoring to GMail Users A feature that used to be available to paid Google One subscribers will soon be available to all GMail users. Dark web monitoring tells you if your GMail email address is found on the dark web (hint: almost all of them are due to thousands of data […]
Continue reading → [DISPLAY_ACURAX_ICONS]