just read the NSA warning on wildcard cert explotation. This added about a dozen new things that I have to work with the security team to fix now. But this is good, I like making our security stronger.

Sam Bowne - Teacher of security and hacking at City College San Francisco.

GREAT resource for those interested in learning offensive/defensive cyber security.

samsclass.info/

Infosec Decoded Stream - discusses latest news and ongoing world events -
youtube.com/user/sambowne/feat

Russia Warns Against U.S. Retaliation for SolarWinds Amid Fears of Cyberwar

--

RUSSIA ON TUESDAY warned against pending action that U.S. officials say will take place in retaliation for the massive and ongoing hack into federal computer servers despite the potential for a devastating cyberwar.

usnews.com/news/world-report/a

America built the world's most sophisticated cyberweapons. Now they're being used against the country, a new book argues.

--

More recently, the Solarwinds hack and an attempt by hackers to poison a Florida town's water supply exposed just how vulnerable America is to cyberattacks on its home turf.

businessinsider.com/nicole-per

Microsoft: We've found three more pieces of malware used by the SolarWinds attackers

Microsoft has now disclosed three new malware components used by the Nobelium hackers: GoldMax, GoldFinder, and Sibot. FireEye calls the group UNC2452 has called the newly discovered malware Sunshuttle.

zdnet.com/article/microsoft-we

SolarWinds hack might lead to law that could fill the ‘gap in our country’s cybersecurity posture’

This blind spot stems from the absence of a federal breach notification law that requires companies and federal agencies to notify the U.S. government if they have been hacked.

pennlive.com/nation-world/2021

Active zero day exploit in the wild hitting on prem exchange servers. M$ has patch out to mitigate the attack chain. Exchange servers accepting connections on 443 are vulnerable.

Exchange servers protected by edge servers or not allowing external connections still vulnerable.

Main threat is exfil of mailbox data. Exchange online not impacted.

techcommunity.microsoft.com/t5

How many times would a vendor have to email you in plain text, a password to an admin level service account, before you lost your temper and yelled at them?

I was nice about it the first two times, now I am making waves! Un-effing-believable!!!

iDrake

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.