Yet Another Security Blog

  Summary While I initially thought this would be a slow news week, several articles of interest came out later in the week.  Probably the biggest thing of note is the Biden administration going all in to point the finger at nation-state actors and their attacks against U.S. and allied targets.   News National assessment Normally I try and skip a lot of reports put out by the national intelligence agencies as they are normally focused on the bigger picture and not on SLTT issues.  I have decided to link to the first worldwide threat assessment report in a couple of years because 1) it has been a while since the U.S. has publically acknowledged that we have a cyberwar going on and 2) they mention specifically the risks to utilities and governments at all levels in the United States (and its allies).   The main takeaways from the report are that even if the United States may have taken a break (which I suspect regardless of the guidance from the Executive branch it has not) the major thr

  Summary Not a lot of activity in the SLTT arena this week.  It appears that threat actors are currently targeting the financial sector. News 2 colleges in Ireland were hit with ransomware.  The attack actually occurred the previous week, but both universities made a joint announcement this week.  It was further reported that they did not believe that any personal data was removed. https://www.bleepingcomputer.com/news/security/ransomware-hits-tu-dublin-and-national-college-of-ireland/?&web_view=true Jobs The city of El Reno Oklahoma is hiring an IT director.  For more information check out the job posting on their website: https://www.cityofelreno.com/employment/

  Summary There was not a lot of activity of general interest this week.  Industrial control systems (ICS) security kind of had a spotlight on it.  ICS security is included in this blog as many local governments are responsible for power and water production and/or distribution.  Another hot topic was educational security, and I outline a couple of individual cases as well as general information. News Kansas water utility hack The DOJ announced they were inditing Wyatt Travnichek for hacking the Ellsworth Rural Water District No. 1 (AKA Post Rock Rural Water District) in Ellsworth County, Kansas In March 2019.  The DOJ is claiming that Travnichek tampered with the water purification and disinfecting systems via computers with the intent of causing harm.  If found guilty on all charges he faces 25 years in prison.  It appears that he was a former employee that had remote access privileges.  Apparently, when his employment ended in January 2019, his remote access was not revoked, which a