Greg Linares tweeted a thought-provoking thread that is reminder that what we speculated about in one year comes to pass in another year. His thread begins: This will be a thread discussing a real world breach involving a drone delivered exploit system that occurred this summer Some details I am not able to discuss, however…
Category: Of Note
UK: Home Office warned after sensitive documents left at London venue
The ICO has issued a formal reprimand to the Home Office, after sensitive documents were found at a public London venue. The documents, which were handed by venue staff to police in September 2021, included two Extremism Analysis Unit Home Office reports and a Counter Terrorism Policing report. The reports contained personal data, including that of…
HC3: Abuse of Legitimate Security Tools and Health Sector Cybersecurity
HC3 has published another guidance (TLP:WHITE) for the healthcare sector. In this one, they discuss how the same tools used to operate, maintain and secure healthcare systems and networks can also be turned against their own infrastructure. The paper includes: Cobalt Strike PowerShell Mimikatz Sysinternals Anydesk Brute Ratel Access the paper on HHS.
Bankrupt Crypto Lender Celsius Reveals Thousands of Users’ Transaction Histories in Court Filing
Will McCurdy reports: Troubled crypto lender Celsius has revealed the names and transaction history of hundreds of thousands of its customers in a court filing. The 14,500-page long document contained information such as customer names, crypto wallet IDs, transaction types and amounts, which services the customer had used, and the types and quantities of tokens held. Read…
Albania weighed invoking NATO’s Article 5 over Iranian cyberattack
Maggie Miller reports: Albania was hit by cyberattacks earlier this year so debilitating that the government considered invoking a NATO declaration that could have pulled all member states into confrontation with Iran, Prime Minister Edi Rama said. It would have been the first time a NATO member state used a cyberattack to invoke Article Five…
Former Uber security chief found guilty of covering up data breach
Maria Dinzeo reports: In a verdict with far-reaching implications for security chiefs nationwide, a federal jury convicted Uber’s former head of security Joe Sullivan on Wednesday of concealing a 2016 data breach from authorities and obstructing an investigation by the Federal Trade Commission into Uber’s security practices. Sullivan had only been on the job a…