Reuters reports: August 11 — A U.S. cyber safety body will review issues relating to cloud-based identity and authentication infrastructure that will include an assessment of a recent Microsoft (MSFT.O) breach that led to the theft of emails from U.S. government agencies, the Department of Homeland Security (DHS) said on Friday. The review by the Cyber…
Category: Commentaries and Analyses
UK Electoral Commission had an unpatched Microsoft Exchange Server vulnerability
Kevin Beaumont writes: You have have read about the hack of the Electoral Commission recently. In this piece we take a look at what happened, show they were running Microsoft Exchange Server with Outlook Web App (OWA) facing the internet, and the unpatched vulnerability that presented. The Electoral Commission ran Microsoft Exchange Server on IP…
Governor Hochul Announces Nation-Leading Cybersecurity Strategy
Backed by $600 Million Commitment to Bolster Cybersecurity for All New Yorkers Representatives from the White House, Critical Infrastructure, and the Private Sector Joined Governor Hochul for Announcement Advances Governor’s State of the State Priority to Improve New York’s Cybersecurity Posture August 9 – Governor Kathy Hochul today announced New York’s first-ever statewide cybersecurity strategy aimed…
CISA: Review Of The Attacks Associated with Lapsus$ And Related Threat Groups Report
Executive Summary Beginning in late 2021 and continuing late into 2022, a globally active, extortion-focused cyber threat actor group attacked dozens of well-known companies and government agencies around the world. It penetrated corporate networks, stole source code, demanded payments while rarely following up, lodged political messages in shadowy online forums, and swiftly moved on to…
HHS HC3: Multi-Factor Authentication & Smishing
HHS Health Center Cybersecurity Center (HC3) has published a new informational handout and guidance on multi-factor authentication (MFA) and smishing. It includes statistics and suggestions for dealing with common obstacles to implementation. Access the handout on HHS’s site (pdf).
He’s smart, he’s an accomplished liar, and now Impotent says he’s retired.
Sometimes people surprise me. “Impotent” did. He’s gone by a number of usernames online over the past few years. “Everyone knows me under many different aliases. Let’s actually call me mainly Pulpo. I also used ‘Creeper, ‘Impotent,’ ‘Kmeta,’ ‘KmetaNaEvropa,’ and ‘Promise,’ but on my markets, I was usually just ‘Admin.’ The main identities I love…