Yet Another Security Blog

  Summary This week there was not a lot of activity.  We did see quite a bit of news from the SCADA front.  A ransomware campaign has leaked some information in an attempt to get the victims to pay. News Power security The U.S. Department of Energy (DOE) Office of Cybersecurity, Energy Security and Emergency Response (CESER) is pledging to help US energy system operators from the growing cyber and physical threat to their systems.  Some of the announced programs include testing of SCADA systems to assess their vulnerabilities against nation-state actors, research into electromagnetic and geomagnetic protective technologies, and a focus on researching cybersecurity with a goal of fostering well-trained university graduates.   https://www.energy.gov/articles/doe-announces-cybersecurity-programs-enhancing-safety-and-resilience-us-energy-sector https://www.infosecurity-magazine.com/news/new-cybersecurity-programs-to/?&web_view=true https://defensesystems.com/articles/2021/03/24/grid-cy

  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   Updates on Solar Wind and the Microsoft ProxyLogon issues dominated news again this week.  Breaking news is that as of Thursday night, Defender and System Center Endpoint Protection have added automatic patching for the linchpin of the attack playbook.  This was so successful they evidently broke one of their honey-pot farms.   In other news, we had updates from the US and other Federal governments.  There are even more signs of escalation by nation-state actors, primarily China, in what many are seeing as a global cyberwar.  We also saw a lot of activity in the school arena with hacks o

  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   News Windows Outlook Vulnerability The 0-Day for Microsoft Exchange Server keeps making news.  Over the course of the week threat actors outside of the Haifum Chinese cyber espionage group started to take advantage of the exploit.  Many new breaches were identified over the weekend as organizations large and small rushed to update vulnerable servers.  From the briefings I have sat through over the last week or so, I can only add my echo to the chorus saying that you should immediately patch your on-premises version of Outlook.  Here are some of the developments that we have seen: ZDNet a