Yet Another Security Blog

  Summary Slowly trying to bring this back since I have found no other place that collects this exact information.  My also add a podcast feature around the first of the year. News CISA is exploring becoming a managed service provider of cybersecurity services to critical infrastructure entities.  This is part of the ongoing efforts by the U.S. to take an expansive approach to cybersecurity.  https://securityboulevard.com/2023/11/cisa-to-provide-cybersecurity-services-to-critical-infrastructure-entities/ https://therecord.media/cisa-launches-pilot-program-offering-services-to-critical-infrastructure?&web_view=true SLTT The City of Long Beach, California is deciding whether to declare a state of emergency in regards to their cyber incident that struck systems on the 14th.  The attack affected public-facing services as well as some business operations but appears to have spared the public safety systems. https://www.govtech.com/security/long-beach-calif-mulls-...

  Summary I am experimenting with releases on Mondays.  We will see how this works. Continues to be pretty slow news on the SLTT and Infrastructure fronts.  The biggest newsmaker was MI5 and the FBI giving a joint warning about China's efforts to steal intellectual property from the West. News In a first-of-its-kind announcement, Great Britain's MI5 and the United States' FBI have released a joint warning on China's threat to industry and academia.  They pointed out that Communist China leaders have made establishing China as a world economic powerhouse by acquiring intellectual property from the rest of the world a primary goal.  The FBI in particular has been warning of this in recent years as they have made several high-profile arrests that I have covered in previous posts.   https://www.infosecurity-magazine.com/news/fbi-mi5-bosses-warn-massive-china/?&web_view=true https://www.theguardian.com/world/2022/jul/06/fbi-mi5-china-spying-cyberattacks...

 Summary Not a lot of regular news, but we had both the Verizon and Sophos annual reports came out. News The Verizon Data Breach Investigations Report for 2022 indicated that while the education sector continues to be a favorite target, the motivator is mostly financial (somewhat confirming the Sophos report) and Medical Data is actually the least sought after.  The largest sector they indicated as a target was Professional, followed closely matched Finance, Information Technology, Manufacturing, and Public Administration.   https://cyware.com/news/education-sector-under-constant-cyberattacks-f2fbd34f https://www.verizon.com/business/resources/reports/dbir/ Education The FBI issued an alert that they have become aware of cybercriminals selling usernames and passwords from university breaches.  The sales are occurring on a variety of dark websites.  The biggest takeaway for me was that just because you recover from an initial attack it does not mean it is ov...