Yet Another Security Blog

  Summary While I initially thought this would be a slow news week, several articles of interest came out later in the week.  Probably the biggest thing of note is the Biden administration going all in to point the finger at nation-state actors and their attacks against U.S. and allied targets.   News National assessment Normally I try and skip a lot of reports put out by the national intelligence agencies as they are normally focused on the bigger picture and not on SLTT issues.  I have decided to link to the first worldwide threat assessment report in a couple of years because 1) it has been a while since the U.S. has publically acknowledged that we have a cyberwar going on and 2) they mention specifically the risks to utilities and governments at all levels in the United States (and its allies).   The main takeaways from the report are that even if the United States may have taken a break (which I suspect regardless of the guidance from the Executiv...

  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   Updates on Solar Wind and the Microsoft ProxyLogon issues dominated news again this week.  Breaking news is that as of Thursday night, Defender and System Center Endpoint Protection have added automatic patching for the linchpin of the attack playbook.  This was so successful they evidently broke one of their honey-pot farms.   In other news, we had updates from the US and other Federal governments.  There are even more signs of escalation by nation-state actors, primarily China, in what many are seeing as a global cyberwar.  We also ...

  Summary This blog is geared towards cybersecurity events that are of interest to State, Local, Tribal, and Territorial (SLTT) governments in the United States of America.  It is hoped that this focus will help SLTT information technology workers and policymakers to get the information relevant to their mission.  If you are in other sectors hopefully there is information you can find useful as well.   News Windows Outlook Vulnerability The 0-Day for Microsoft Exchange Server keeps making news.  Over the course of the week threat actors outside of the Haifum Chinese cyber espionage group started to take advantage of the exploit.  Many new breaches were identified over the weekend as organizations large and small rushed to update vulnerable servers.  From the briefings I have sat through over the last week or so, I can only add my echo to the chorus saying that you should immediately patch your on-premises version of Outlook.  Here are some of...