Yet Another Security Blog

  Summary This week's news focused on the legal and water sectors.  On the water side we saw two high profile attracts in the US but it is still unclear if they are related. News SLTT The Kansas Judicial Branch has confirmed that hackers stole sensitive files in a breach last month.  The October attack impacted the availability of several systems at the time.  These systems included the eFiling system, electronic payment systems, and case management systems.   It appears that, like other attacks recently, the threat actors stole data prior to the ransomware phase of the attacks.  Neither Kansas nor the threat actors have identified who is responsible. https://www.bleepingcomputer.com/news/security/kansas-courts-confirm-data-theft-ransom-demand-after-cyberattack/?&web_view=true The New York City Bar Association has disclosed in filings to the states of Main and Vermont that an investigation completed in October confirmed that hackers gained access t...

  Summary This week there was quite a bit of activity, including some that hit close to home.  These include ICS security news, more PulseConnect victims, a deep dive at a school system response, and a local hospital that was the victim of ransomware.  Lastly, there is quite a bit of legislative activity with the NATO and G7 summits dominating the news. News SolarWinds hack I have had some who follow my writings here and on social media claim that attributing the SolarWinds attack to Russia is somehow partisan or rash.  The argument seems to be that there is no real proof and instead, the hack was due to some perceived (but unattributed) lack in the operations of the current state of the nation's cyber defense strategy.  If you are one of those, I really implore you to get in to that discussion here.  What can we, the front-line workers in the cyber war front, do to be better at defense, response, and recovery? This week, FireEye, who first identified the h...