Alert Code AA23-278A EXECUTIVE SUMMARY The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint cybersecurity advisory (CSA) to highlight the most common cybersecurity misconfigurations in large organizations, and detail the tactics, techniques, and procedures (TTPs) actors use to exploit these misconfigurations. Through NSA and CISA Red and Blue…
Category: Commentaries and Analyses
HC3: Monthly Cybersecurity Vulnerability Bulletin
October 05, 2023 TLP:CLEAR Report: 202310051200 September Vulnerabilities of Interest to the Health Sector In September 2023, vulnerabilities to the health sector have been released that require attention. This includes the monthly Patch Tuesday vulnerabilities released by several vendors on the second Tuesday of each month, along with mitigation steps and patches. Vulnerabilities for September…
Record Numbers of Ransomware Victims Named on Leak Sites
James Coker reports: The number of victims named on ransomware leak sites reached “unprecedented levels” in the four months from March to June 2023, according to Secureworks’ 2023 State of the Threat report. At current levels, 2023 is on course to be the biggest year on record for victim naming on so-called ‘name and shame’ sites since…
Your Online Account May Have Been Breached? Don’t Just Sit There. Do Something.
Sabrina I. Pacifici writes: WSJ via MSN: “How do consumers respond when their online accounts are exposed to hackers? Many of them simply don’t. Data breaches at major firms have become all too common, with more than 110 million user accounts exposed in just the second quarter of 2023. Yet our research found that nearly…
“Sébastien had a large rock threatening to fall on his head” — Paul Raoult, on his son’s plea deal
On September 27, the U.S. Department of Justice announced that Sébastien Raoult (aka “Sezyo Kaizen”), a 22-year-old French national who had been extradited to the U.S., pleaded guilty to two of nine counts alleging fraud and aggravated identity theft. DataBreaches had been covering his case since he was detained in Morocco on a red notice…
8 rules for “civilian hackers” during war, and 4 obligations for states to restrain them
Written by Tilman Rodenhäuser and Mauro Vignati: As digital technology is changing how militaries conduct war, a worrying trend has emerged in which a growing number of civilians become involved in armed conflicts through digital means. Sitting at some distance from physical hostilities, including outside the countries at war, civilians – including hacktivists, to cyber security professionals,…