Yet Another Security Blog

  Summary Slowly trying to bring this back since I have found no other place that collects this exact information.  My also add a podcast feature around the first of the year. News CISA is exploring becoming a managed service provider of cybersecurity services to critical infrastructure entities.  This is part of the ongoing efforts by the U.S. to take an expansive approach to cybersecurity.  https://securityboulevard.com/2023/11/cisa-to-provide-cybersecurity-services-to-critical-infrastructure-entities/ https://therecord.media/cisa-launches-pilot-program-offering-services-to-critical-infrastructure?&web_view=true SLTT The City of Long Beach, California is deciding whether to declare a state of emergency in regards to their cyber incident that struck systems on the 14th.  The attack affected public-facing services as well as some business operations but appears to have spared the public safety systems. https://www.govtech.com/security/long-beach-calif-mulls-...

  Summary A lot of activity in the general SCADA world as well as healthcare, education, and city government.  We also have news of legislation as the budget year ramps up for its start of the year activities.   News IBM's Cost of Data Breach report for 2022 has been released.  It indicates that last year the average cost of a data breach is $4.35 million.  It also reports that 83% of the organizations in the report have been a victim more than once.  80% of infrastructure organizations did not have a zero trust model in place.  Also of note is that paying the ransom only saved about $600,000 overall as most of the costs are associated with civil suits and addressing the fallout of the incident.   https://cyware.com/news/ibm-2022-report-cost-of-a-data-breach-at-an-all-time-high-9303d2b3 https://newsroom.ibm.com/2022-07-27-IBM-Report-Consumers-Pay-the-Price-as-Data-Breach-Costs-Reach-All-Time-High SLTT There has been a data breach of the ...

  Summary I am experimenting with releases on Mondays.  We will see how this works. Continues to be pretty slow news on the SLTT and Infrastructure fronts.  The biggest newsmaker was MI5 and the FBI giving a joint warning about China's efforts to steal intellectual property from the West. News In a first-of-its-kind announcement, Great Britain's MI5 and the United States' FBI have released a joint warning on China's threat to industry and academia.  They pointed out that Communist China leaders have made establishing China as a world economic powerhouse by acquiring intellectual property from the rest of the world a primary goal.  The FBI in particular has been warning of this in recent years as they have made several high-profile arrests that I have covered in previous posts.   https://www.infosecurity-magazine.com/news/fbi-mi5-bosses-warn-massive-china/?&web_view=true https://www.theguardian.com/world/2022/jul/06/fbi-mi5-china-spying-cyberattacks...

 Summary Not a lot of regular news, but we had both the Verizon and Sophos annual reports came out. News The Verizon Data Breach Investigations Report for 2022 indicated that while the education sector continues to be a favorite target, the motivator is mostly financial (somewhat confirming the Sophos report) and Medical Data is actually the least sought after.  The largest sector they indicated as a target was Professional, followed closely matched Finance, Information Technology, Manufacturing, and Public Administration.   https://cyware.com/news/education-sector-under-constant-cyberattacks-f2fbd34f https://www.verizon.com/business/resources/reports/dbir/ Education The FBI issued an alert that they have become aware of cybercriminals selling usernames and passwords from university breaches.  The sales are occurring on a variety of dark websites.  The biggest takeaway for me was that just because you recover from an initial attack it does not mean it is ov...

Summary Hopefully, these will be a bit more regular now that the semester is over.   We are seeing attacks against all infrastructure areas increasing.  This week's report has school breaches, SLTT breaches, SCADA news, and several healthcare attacks. News SLTT Texas Department of Transportation had a data breach that impacted over 7,000 records.  This included employee information with PII including Social Security Numbers (SSN).   https://www.databreaches.net/another-texas-state-agency-data-breach-this-time-its-the-department-of-transportation/?web_view=true The Texas Department of Insurance (TDI) announced that 1.9 million people in the state who filed claims for compensation had their information publically available from March 2019 to January 2022.  https://www.infosecurity-magazine.com/news/personal-information-two-million/?&web_view=true https://www.tdi.texas.gov/news/2022/tdi03242022.html https://www.tdi.texas.gov/data-security-event/additi...

Summary Sorry for the delay.  Work, life, and school got in the way.   As expected, most of the news can be wrapped around the growing war between Russia and Ukraine.  There is growing fear of either intentional or unintentional escalation in the cyber world outside those two countries. News SLTT Several state and local governments were targeted by a Chinese government-backed hacking gang.  The breaches occurred in at least 6 different states in The United States.  It appears that the group used the Log4J (i.e. LogJam) vulnerability.     https://www.cnn.com/2022/03/08/politics/china-hacking-state-governments-mandiant/index.html Western Australia announced it will invest $25.5 million AU to expand state cybersecurity.   https://www.zdnet.com/article/wa-government-allocates-au25-5m-to-expand-cybersecurity-services/?&web_view=true New Mexico in the United States (U.S.) appointed its first senior advisor for cybersecurity and critic...

Summary This week we saw a wide array of news about cyber security.   News SLTT Pellissippi State Community College was the victim of a ransomware attack that apparently was trying to encrypt data.  They report they did not pay the ransom and are working to figure out the extent of data that was accessed. https://www.securityweek.com/tennessee-community-college-suffers-ransomware-attack?&web_view=true https://www.infosecurity-magazine.com/news/tennessee-college-hit-ransomware/ Infosec Institute is offering scholarships to 15 people from underrepresented groups in the infosec/cybersecurity industry.  It expands on their Accelerate Scholarship Program.   https://www.infosecurity-magazine.com/news/infosec-announces-new/ https://www.infosecinstitute.com/scholarship-opportunities-for-aspiring-cybersecurity-professionals/?utm_source=newswire&utm_medium=pr&utm_campaign=accelerate&utm_content=women#women Clario researchers discovered an unsecured Mi...

 Summary News came this week of several new cyber security operation centers.  This is a great idea.  The harder we make it for the bad guys the more likely they are to try and figure out something else to do.  We also have some advisories about issues in Industrial Control Systems(ICS). News SLTT Several Puerto Rico government entities were struck by a cyberattack including the territories Senate.  Still not a lot of information at this time. https://www.securityweek.com/official-says-puerto-ricos-senate-targeted-cyberattack?&web_view=true The Port of Los Angeles has opened its own Cyber Resilience Center (CRC).  This CRC will ensure that the port is protected from cyber threats that might impact cargo shipments that come into one of the world's most active seaports.   https://www.infosecurity-magazine.com/news/la-launches-cyber-resilience-center/ Power The U.S. Federal Energy Regulatory Commission (FERC) is looking at implementing a new regu...

  Summary: This week we have an update on the Tulsa Oklahoma Ransomware attack and data breach as well as an update on the Ireland health system breach by the same group.  NBC and others have recaps of water security.  Several groups are doing cybersecurity exercises and this included a grid attack simulation.   News Tulsa Oklahoma Ransomware Attack  As previously noted ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ) Tulsa was the victim of a Ransomware Attack.  Now it appears that some of the breached data (18,000 + files) has been released.  This again points to the danger of paying the ransom as it appears there is little honor among the hackers.  It should be noted that Conti (the suspected group behind the attack) has a long history of this. https://edition.cnn.com/2021/06/23/us/tulsa-cyberattack-personal-information-dark-web/index.html?&web_view=true https://kfor.com/news/local/ransomware-attackers-relea...

  Summary This week there was quite a bit of activity, including some that hit close to home.  These include ICS security news, more PulseConnect victims, a deep dive at a school system response, and a local hospital that was the victim of ransomware.  Lastly, there is quite a bit of legislative activity with the NATO and G7 summits dominating the news. News SolarWinds hack I have had some who follow my writings here and on social media claim that attributing the SolarWinds attack to Russia is somehow partisan or rash.  The argument seems to be that there is no real proof and instead, the hack was due to some perceived (but unattributed) lack in the operations of the current state of the nation's cyber defense strategy.  If you are one of those, I really implore you to get in to that discussion here.  What can we, the front-line workers in the cyber war front, do to be better at defense, response, and recovery? This week, FireEye, who first identified the h...