Yet Another Security Blog

Summary This week we saw a wide array of news about cyber security.   News SLTT Pellissippi State Community College was the victim of a ransomware attack that apparently was trying to encrypt data.  They report they did not pay the ransom and are working to figure out the extent of data that was accessed. https://www.securityweek.com/tennessee-community-college-suffers-ransomware-attack?&web_view=true https://www.infosecurity-magazine.com/news/tennessee-college-hit-ransomware/ Infosec Institute is offering scholarships to 15 people from underrepresented groups in the infosec/cybersecurity industry.  It expands on their Accelerate Scholarship Program.   https://www.infosecurity-magazine.com/news/infosec-announces-new/ https://www.infosecinstitute.com/scholarship-opportunities-for-aspiring-cybersecurity-professionals/?utm_source=newswire&utm_medium=pr&utm_campaign=accelerate&utm_content=women#women Clario researchers discovered an unsecured Mi...

  Summary This week there was quite a bit of activity, including some that hit close to home.  These include ICS security news, more PulseConnect victims, a deep dive at a school system response, and a local hospital that was the victim of ransomware.  Lastly, there is quite a bit of legislative activity with the NATO and G7 summits dominating the news. News SolarWinds hack I have had some who follow my writings here and on social media claim that attributing the SolarWinds attack to Russia is somehow partisan or rash.  The argument seems to be that there is no real proof and instead, the hack was due to some perceived (but unattributed) lack in the operations of the current state of the nation's cyber defense strategy.  If you are one of those, I really implore you to get in to that discussion here.  What can we, the front-line workers in the cyber war front, do to be better at defense, response, and recovery? This week, FireEye, who first identified the h...

  Summary Spent a week driving around the western US then had to get caught up with work and school, so didn't have the time nor ability to post an update.  Here is what has happened over that time frame. For such a long time period there really is not too much actual news.  In my scanning of sites, it appears that the focus has returned to financial sectors and work from home attacks.  One of the things I have noted over the years is that these things tend to be cyclic, which could indicate that there is some dark web coordination that security practitioners are not yet privy to (though nation-state experts might be).   News Washington D.C. police server hacked by Russian group A Russian hacking group named Babuk posted screenshots that seek to prove that they have accessed several databases by the Washington D.C. police department.  The group left a text document on their network outlining how to pay the ransom to get locked files back and to bribe t...

  Summary There was not a lot of activity of general interest this week.  Industrial control systems (ICS) security kind of had a spotlight on it.  ICS security is included in this blog as many local governments are responsible for power and water production and/or distribution.  Another hot topic was educational security, and I outline a couple of individual cases as well as general information. News Kansas water utility hack The DOJ announced they were inditing Wyatt Travnichek for hacking the Ellsworth Rural Water District No. 1 (AKA Post Rock Rural Water District) in Ellsworth County, Kansas In March 2019.  The DOJ is claiming that Travnichek tampered with the water purification and disinfecting systems via computers with the intent of causing harm.  If found guilty on all charges he faces 25 years in prison.  It appears that he was a former employee that had remote access privileges.  Apparently, when his employment ended in January 2019, his...

  Summary This week there was not a lot of activity.  We did see quite a bit of news from the SCADA front.  A ransomware campaign has leaked some information in an attempt to get the victims to pay. News Power security The U.S. Department of Energy (DOE) Office of Cybersecurity, Energy Security and Emergency Response (CESER) is pledging to help US energy system operators from the growing cyber and physical threat to their systems.  Some of the announced programs include testing of SCADA systems to assess their vulnerabilities against nation-state actors, research into electromagnetic and geomagnetic protective technologies, and a focus on researching cybersecurity with a goal of fostering well-trained university graduates.   https://www.energy.gov/articles/doe-announces-cybersecurity-programs-enhancing-safety-and-resilience-us-energy-sector https://www.infosecurity-magazine.com/news/new-cybersecurity-programs-to/?&web_view=true https://defensesystems.co...