Security Failures: Windows TCO and SolarWinds

posted by Roy Schestowitz on Nov 21, 2023

• Daniel Miessler ☛ SEC vs. SolarWinds is Cybersecurity's ENRON Moment

  In my 2017 piece, Technical Professions Progress from Magical to Boring, I talk about how this transition is inevitable for any new industry. You start without standards, and the only people who can do the arcane work are something like traveling magicians.

• Windows TCO

  • Security Week ☛ Yamaha Motor Confirms Data Breach Following Ransomware Attack

    According to SentinelOne, INC Ransom has been observed exploiting CVE-2023-3519, a critical-severity Citrix NetScaler ADC and Gateway vulnerability that came to light in July, when it was exploited as a zero-day by both financially motivated and state-sponsored threat actors.

  • Business Standard ☛ Logs missing in 42% cyberattacks; small business most vulnerable: Report

    Telemetry logs, which hold collection, transmission, and measurement of data, were found missing in 42 per cent of analysed cyberattacks, according to Sophos' Active Adversary Report. Titled 'The Active Adversary Report for Security Practitioners', the report delves into incident response (IR) cases scrutinised by global cybersecurity firm Sophos. The report provides insights based on 232 Sophos IR cases across 25 sectors from January 2022 till June 30, 2023.

    Delving into cases of attacks, the report also found that in 82 per cent of these instances, cybercriminals deliberately disabled or eradicated telemetry to conceal their actions. The targeted organisations spanned 34 countries across six continents, with 83 per cent of cases originating from organisations with fewer than 1,000 employees.

  • [Repeat] Silicon Angle ☛ Phobos ransomware group steps up its game

    The initial Phobos-based exploits were designed around weaknesses to Microsoft’s Remote Desktop Protocol, according to a report from Avast. This protocol is often abused by hackers because it can easily connect to a variety of systems and be used to compromise their activities further.

    The Talos researchers found that the typical attack plan was to target a specific part of an enterprise’s infrastructure and deploy the ransomware on a smaller number of higher-value systems. Other malware was deposited on these systems, including process visualization tools, tools to automatically collect credentials and extract passwords, software to unlock database files in use, scanners to locate open network ports and services, and other tools common in the ransomware world.

  • The Register UK ☛ Rhysida ransomware gang: We attacked the British Library

    The British Library confirmed a major IT outage at the end of October, owing to a cybersecurity issue. It confirmed the incident to be ransomware in nature on November 14, but Rhysida's claim only arrived this morning, Monday November 20.

  • [Repeat] Data Breaches ☛ A cyberattack on a U.K. accounting firm wound up leaking U.S. patient data. Now what?

    When LockBit subsequently leaked the data, DataBreaches examined several files where the filenames included “patient.” One of them was a .csv file with with patients’ first and last names, postal addresses with state and zip code, phone number, and SSN. There were no diagnoses or treatment information, just demographic information and SSN. Other files appeared to involve the same patients. Some also had health insurance information and date of birth. One file had more than 1 million rows, although not necessarily 1 million unique patients.

  • Scoop News Group ☛ Detailed data on employees of U.S. national security lab leak online

    An INL spokesperson, Lori McNamara, confirmed that the breach had taken place but said the lab is still investigating the extent. “Earlier this morning, Idaho National Laboratory determined that it was the target of a cybersecurity data breach, affecting the servers supporting its Oracle HCM system, which supports its Human Resources applications. INL has taken immediate action to protect employee data,” McNamara said.

    The group has not said why it [breached] INL, but the breach presents serious national security concerns. The scientists at INL work on some of the United States’ most sensitive national security programs, including protecting critical infrastructure like the U.S. power grid from cyber and physical attacks. Personal data such as detailed employee and banking information would represent a treasure trove for foreign intelligence agencies looking to penetrate the lab.

  • Silicon Angle ☛ Data stolen in hack of nuclear energy testing facility Idaho National Lab

    According to a message shared on its Telegram group and subsequently on X, SiegedSec claimed that it obtained “hundreds of thousands of user, employee and citizen data” in the [beach], including full names, dates of birth, email addresses, phone numbers, Social Security numbers, address, employment information and “lots lots more!” The group is also sharing a link to the files.

  • Silicon Angle ☛ Edge computing and ransomware: The evolving landscape of telecom and cybersecurity

    Since 2019, ransomware has grown by 466% and is being used as a precursor to physical war, as seen in the Russia conflict in Ukraine, according to a report released by Ivanti Software Inc. With ransomware becoming a household word, it’s important to give all organizations full visibility of their environments — especially given the reported frequency of cyberattacks [sic] today, according to David Shepherd (pictured, left), global vice president of sales engineering at Ivanti.