Yet Another Security Blog

 Summary There was almost no news last week and my day job and personal life meant little time to write summaries so this week we have a larger release.  This includes a disinformation campaign launched against several agencies.  We also had a lot of information about the growing war using operational technology devices to disrupt infrastructure and potentially cause physical harm. There was also some news of municipal breaches.  Finally, we had several bills that were passed or discussed this week. News Disinformation Campaigns in the spotlight I have been sitting on this partially because some of it came from a restricted briefing and some because I was unsure how much was conjecture and how much was based on hard intelligence.  That being said:  More and more "influencers" are coming forward with information about an "influencer marketing agency" by the name of Fazze.  These people were asked to push an anti-vax agenda on their channels and were provided flashy,

  Summary Sorry, this was late this week.  I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education.  If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at  https://www.ncbrt.lsu.edu/ . Not a lot of new things this week.  There was an update from the City of Tulsa and their breach.  We also saw REvil disappear from both the Web and the dark Web.  Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape. News City of Tulsa Oklahoma breach Tulsa, which was breached back in May ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ), has announced that at least 27 people had their Social Security number accessed.  The city said they have attempted to reach out to those affected.  To date, more than 18,000 files from the hack have been released to the dark web. https://www.securit

  Summary Almost all the news this week was dominated by the Kaseya breach which allowed REvil to gain access to and encrypt the systems of 1500+ organizations.  This might end up being even bigger than the Solarwinds attack.  I did not include articles about the PrintNightmare due to it being a more generalized OS Zero-day.  If, you use Microsoft products, however, I strongly encourage you to get up to speed on this issue. Outside of the Kaseya issue, there was also news of new and old attacks against infrastructure components, most notably a couple of water plants that were breached.   News Kaseya breach The technology services company Kaseya had a backdoor in one of their popular remote access applications that allowed bad actors to gain access to thousands of entities over the long weekend, including governments of all sizes.  The backdoor was a Zero-Day bug that was quickly exploited and timed for the U.S. long holiday weekend.  While not as popular as the Solarwinds software, Kas

  Summary Not a lot of news this week.  Most of the news seems to have been dominated by the report saying that Fancy Bear has been brute-forcing their way into networks worldwide.  Also news of a school software provider hack and some industrial control devices that have been patched.   News AcadeME hacked School services company AcadeME was breached and the details of about 280,000 students were leaked.  DragonForce, which is a pro-Palestinian hacker group, took credit for the hack.  The group also claimed to have leaked Israeli passports.   https://www.jpost.com/israel-news/details-of-over-200000-students-leaked-in-cyberattack-672179?&web_view=true Fancy Bear / APT28 / Unit 26165 brute-forcing utilities, health care, and government systems On Thursday (7/1/2021) the NSA, the FBI, CISA, and the UK's National Cybersecurity Centere issued a joining advisory that indicated Fancy Bear has not been resting on the success of the SolarWinds attack.  They have been busy using name an