Yet Another Security Blog

 Summary Not a lot of regular news, but we had both the Verizon and Sophos annual reports came out. News The Verizon Data Breach Investigations Report for 2022 indicated that while the education sector continues to be a favorite target, the motivator is mostly financial (somewhat confirming the Sophos report) and Medical Data is actually the least sought after.  The largest sector they indicated as a target was Professional, followed closely matched Finance, Information Technology, Manufacturing, and Public Administration.   https://cyware.com/news/education-sector-under-constant-cyberattacks-f2fbd34f https://www.verizon.com/business/resources/reports/dbir/ Education The FBI issued an alert that they have become aware of cybercriminals selling usernames and passwords from university breaches.  The sales are occurring on a variety of dark websites.  The biggest takeaway for me was that just because you recover from an initial attack it does not mean it is ov...

Summary Hopefully, these will be a bit more regular now that the semester is over.   We are seeing attacks against all infrastructure areas increasing.  This week's report has school breaches, SLTT breaches, SCADA news, and several healthcare attacks. News SLTT Texas Department of Transportation had a data breach that impacted over 7,000 records.  This included employee information with PII including Social Security Numbers (SSN).   https://www.databreaches.net/another-texas-state-agency-data-breach-this-time-its-the-department-of-transportation/?web_view=true The Texas Department of Insurance (TDI) announced that 1.9 million people in the state who filed claims for compensation had their information publically available from March 2019 to January 2022.  https://www.infosecurity-magazine.com/news/personal-information-two-million/?&web_view=true https://www.tdi.texas.gov/news/2022/tdi03242022.html https://www.tdi.texas.gov/data-security-event/additi...

Summary Sorry for the delay.  Work, life, and school got in the way.   As expected, most of the news can be wrapped around the growing war between Russia and Ukraine.  There is growing fear of either intentional or unintentional escalation in the cyber world outside those two countries. News SLTT Several state and local governments were targeted by a Chinese government-backed hacking gang.  The breaches occurred in at least 6 different states in The United States.  It appears that the group used the Log4J (i.e. LogJam) vulnerability.     https://www.cnn.com/2022/03/08/politics/china-hacking-state-governments-mandiant/index.html Western Australia announced it will invest $25.5 million AU to expand state cybersecurity.   https://www.zdnet.com/article/wa-government-allocates-au25-5m-to-expand-cybersecurity-services/?&web_view=true New Mexico in the United States (U.S.) appointed its first senior advisor for cybersecurity and critic...

 Summary A lot of news from the last 2 weeks.  I am trying to be more timely with these summaries as the war in Ukraine is in progress.  There has been observed quite a bit of activity around SLTT and infrastuctre targets.   News SLTT The Cybersecurity and Infrastructure Security Agency (CISA) of the United States (U.S.) released a list of free cybersecurity tools and services for SLTT's that they pledge to keep updated.  The goal is to help better the overall cybersecurity posture of U.S. critical infrastructure sectors and as such are usable by those out of the SLTT arena. https://www.bleepingcomputer.com/news/security/cisa-compiles-list-of-free-cybersecurity-tools-and-services/?&web_view=true Tool: https://www.cisa.gov/free-cybersecurity-services-and-tools CISA also released a bulletin outlining APT group MuddyWater and their attempt to target SLTT and critical infrastructure entities.   https://www.cisa.gov/uscert/ncas/current-activit...

  Summary Sorry for the late release.  There was so little news I debated doing a 2-week report but decided Monday morning that the week of the 8th might turn out to be pretty busy. The news of most interest is that we have seen a lot of increase in attacks against all aspects of critical infrastructure and with the threat of war in the Euro-Asian theater this is probably only going to increase. News News that spans all of the areas of this blog points out that we are increasingly seeing attacks against critical infrastructure sectors .  Once upon a time, these were generally considered off-limits by attackers and state actors as disruptions to these could affect lives or the supply chain and lead to very active state-sponsored reprisals.  The article points out that in the US alone attacks were launched against 14 of the 16 critical sectors last year (2021).  https://www.scmagazine.com/analysis/cloud-security/so-called-red-lines-increasingly-crossed-by-ransomwa...

Summary This week we saw a wide array of news about cyber security.   News SLTT Pellissippi State Community College was the victim of a ransomware attack that apparently was trying to encrypt data.  They report they did not pay the ransom and are working to figure out the extent of data that was accessed. https://www.securityweek.com/tennessee-community-college-suffers-ransomware-attack?&web_view=true https://www.infosecurity-magazine.com/news/tennessee-college-hit-ransomware/ Infosec Institute is offering scholarships to 15 people from underrepresented groups in the infosec/cybersecurity industry.  It expands on their Accelerate Scholarship Program.   https://www.infosecurity-magazine.com/news/infosec-announces-new/ https://www.infosecinstitute.com/scholarship-opportunities-for-aspiring-cybersecurity-professionals/?utm_source=newswire&utm_medium=pr&utm_campaign=accelerate&utm_content=women#women Clario researchers discovered an unsecured Mi...

 Summary News came this week of several new cyber security operation centers.  This is a great idea.  The harder we make it for the bad guys the more likely they are to try and figure out something else to do.  We also have some advisories about issues in Industrial Control Systems(ICS). News SLTT Several Puerto Rico government entities were struck by a cyberattack including the territories Senate.  Still not a lot of information at this time. https://www.securityweek.com/official-says-puerto-ricos-senate-targeted-cyberattack?&web_view=true The Port of Los Angeles has opened its own Cyber Resilience Center (CRC).  This CRC will ensure that the port is protected from cyber threats that might impact cargo shipments that come into one of the world's most active seaports.   https://www.infosecurity-magazine.com/news/la-launches-cyber-resilience-center/ Power The U.S. Federal Energy Regulatory Commission (FERC) is looking at implementing a new regu...