#cybersecurity just read the NSA warning on wildcard cert explotation. This added about a dozen new things that I have to work with the security team to fix now. But this is good, I like making our security stronger.

#cyberwarfare #cybersecurity

Not so funny meow, is it?

Russia's FSB Reports 'Unprecedented' Hacking Campaign Aimed at Government Agencies

https://www.usnews.com/news/technology/articles/2021-05-26/russias-fsb-reports-unprecedented-hacking-campaign-aimed-at-government-agencies

#Cybersecurity

Sam Bowne - Teacher of security and hacking at City College San Francisco.

GREAT resource for those interested in learning offensive/defensive cyber security.

https://samsclass.info/

Infosec Decoded Stream - discusses latest news and ongoing world events -
https://www.youtube.com/user/sambowne/featured

#cybersecurity #cyberwarfare

Russia Warns Against U.S. Retaliation for SolarWinds Amid Fears of Cyberwar

--

RUSSIA ON TUESDAY warned against pending action that U.S. officials say will take place in retaliation for the massive and ongoing hack into federal computer servers despite the potential for a devastating cyberwar.

https://www.usnews.com/news/world-report/articles/2021-03-09/russia-warns-against-us-retaliation-for-solarwinds-amid-fears-of-cyberwar

#cybersecurity

America built the world's most sophisticated cyberweapons. Now they're being used against the country, a new book argues.

--

More recently, the Solarwinds hack and an attempt by hackers to poison a Florida town's water supply exposed just how vulnerable America is to cyberattacks on its home turf.

https://www.businessinsider.com/nicole-perlroth-cybersecurity-book-america-cyber-defense-new-york-times-2021-2

#cybersecurity #microsoft

Microsoft: We've found three more pieces of malware used by the SolarWinds attackers

Microsoft has now disclosed three new malware components used by the Nobelium hackers: GoldMax, GoldFinder, and Sibot. FireEye calls the group UNC2452 has called the newly discovered malware Sunshuttle.

https://www.zdnet.com/article/microsoft-weve-found-three-more-pieces-of-malware-used-by-the-solarwinds-attackers/

#cybersecurity

SolarWinds hack might lead to law that could fill the ‘gap in our country’s cybersecurity posture’

This blind spot stems from the absence of a federal breach notification law that requires companies and federal agencies to notify the U.S. government if they have been hacked.

https://www.pennlive.com/nation-world/2021/03/solarwinds-hack-might-lead-to-law-that-could-fill-the-gap-in-our-countrys-cybersecurity-posture.html

#windows #patchmanagement #cybersecurity

Active zero day exploit in the wild hitting on prem exchange servers. M$ has patch out to mitigate the attack chain. Exchange servers accepting connections on 443 are vulnerable.

Exchange servers protected by edge servers or not allowing external connections still vulnerable.

Main threat is exfil of mailbox data. Exchange online not impacted.

https://techcommunity.microsoft.com/t5/exchange-team-blog/released-march-2021-exchange-server-security-updates/ba-p/2175901

#cybersecurity

How many times would a vendor have to email you in plain text, a password to an admin level service account, before you lost your temper and yelled at them?

I was nice about it the first two times, now I am making waves! Un-effing-believable!!!

#StopBeingStupid #DontEmailPasswords