Yet Another Security Blog

 Summary It was a slow week for SLTT and Infrastructure news.   News Report on the 'abysmal' state of security in ICS Continuing with a theme, another researcher finds that our ICS security is so bad that it is putting national security interests in jeopardy.   https://www.zdnet.com/article/critical-infrastructure-security-dubbed-abysmal-by-researchers/#ftag=RSSbaffb68?&web_view=true Joint Advisory on Blackmatter ransomware The CISA, FBI, and NSA released a joint advisory with information about the Blackmatter ransomware package that appears to have been created by (or last least borrowing from) The Dark Side group.  In information released around the advisory, it was reported that this package was seen in attacks against 2 agriculture companies in the United States in September.         https://www.zdnet.com/article/cisa-says-blackmatter-ransomware-group-behind-recent-attacks-on-agriculture-companies/ https://techcrunch.com/2021/10/...

  Summary Let me apologize for the long delay right upfront.  First, we had a round of Covid in the household in a person who is immune-compromised.  Next, I started a new semester in college and the workload was far greater than I expected.  Lastly, this is the start of the budget year for us and I had several projects that have demanded almost every second of my work time.  I hope to get back to weekly updates by November. Lots of news that covers:  health care, education, infrastructure, and SLTT governments around the world.  Since I am hitting the length limitations of Blogger, I will simply invite you to read and try and get caught up yourself.  News UC San Diego Health sued over breach In what is becoming a growing trend UC San Diego Health is being sued for failure to have proper data protection protocols.  The suit is citing breach of contract, negligence, and violating California consumer and medical privacy laws.  Specifically...

 Summary There was almost no news last week and my day job and personal life meant little time to write summaries so this week we have a larger release.  This includes a disinformation campaign launched against several agencies.  We also had a lot of information about the growing war using operational technology devices to disrupt infrastructure and potentially cause physical harm. There was also some news of municipal breaches.  Finally, we had several bills that were passed or discussed this week. News Disinformation Campaigns in the spotlight I have been sitting on this partially because some of it came from a restricted briefing and some because I was unsure how much was conjecture and how much was based on hard intelligence.  That being said:  More and more "influencers" are coming forward with information about an "influencer marketing agency" by the name of Fazze.  These people were asked to push an anti-vax agenda on their channels and were pro...

  Summary Sorry, this was late this week.  I was in training on Friday with the good folks at the LSU Academy of Counter-Terrorist Education.  If you are a Tribal or other American first responder or researcher in the field of terrorism and not taking advantage of their amazing resources, please check them out at  https://www.ncbrt.lsu.edu/ . Not a lot of new things this week.  There was an update from the City of Tulsa and their breach.  We also saw REvil disappear from both the Web and the dark Web.  Lastly, CIS tools are taking the forefront in the defensive posture of the SLTT landscape. News City of Tulsa Oklahoma breach Tulsa, which was breached back in May ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ), has announced that at least 27 people had their Social Security number accessed.  The city said they have attempted to reach out to those affected.  To date, more than 18,000 files from the hack have b...

  Summary Almost all the news this week was dominated by the Kaseya breach which allowed REvil to gain access to and encrypt the systems of 1500+ organizations.  This might end up being even bigger than the Solarwinds attack.  I did not include articles about the PrintNightmare due to it being a more generalized OS Zero-day.  If, you use Microsoft products, however, I strongly encourage you to get up to speed on this issue. Outside of the Kaseya issue, there was also news of new and old attacks against infrastructure components, most notably a couple of water plants that were breached.   News Kaseya breach The technology services company Kaseya had a backdoor in one of their popular remote access applications that allowed bad actors to gain access to thousands of entities over the long weekend, including governments of all sizes.  The backdoor was a Zero-Day bug that was quickly exploited and timed for the U.S. long holiday weekend.  While not as ...

  Summary Not a lot of news this week.  Most of the news seems to have been dominated by the report saying that Fancy Bear has been brute-forcing their way into networks worldwide.  Also news of a school software provider hack and some industrial control devices that have been patched.   News AcadeME hacked School services company AcadeME was breached and the details of about 280,000 students were leaked.  DragonForce, which is a pro-Palestinian hacker group, took credit for the hack.  The group also claimed to have leaked Israeli passports.   https://www.jpost.com/israel-news/details-of-over-200000-students-leaked-in-cyberattack-672179?&web_view=true Fancy Bear / APT28 / Unit 26165 brute-forcing utilities, health care, and government systems On Thursday (7/1/2021) the NSA, the FBI, CISA, and the UK's National Cybersecurity Centere issued a joining advisory that indicated Fancy Bear has not been resting on the success of the SolarWinds at...

  Summary: This week we have an update on the Tulsa Oklahoma Ransomware attack and data breach as well as an update on the Ireland health system breach by the same group.  NBC and others have recaps of water security.  Several groups are doing cybersecurity exercises and this included a grid attack simulation.   News Tulsa Oklahoma Ransomware Attack  As previously noted ( https://yasb2018.blogspot.com/2021/05/2021-week-19-security-roundup.html ) Tulsa was the victim of a Ransomware Attack.  Now it appears that some of the breached data (18,000 + files) has been released.  This again points to the danger of paying the ransom as it appears there is little honor among the hackers.  It should be noted that Conti (the suspected group behind the attack) has a long history of this. https://edition.cnn.com/2021/06/23/us/tulsa-cyberattack-personal-information-dark-web/index.html?&web_view=true https://kfor.com/news/local/ransomware-attackers-relea...