Security Leftovers
OpenSSF (Linux Foundation) ☛ CRA Expert Group Composition
Here’s a little breakdown of the current CRA expert group composition by country and category.
Scoop News Group ☛ CISA delivers new directive to agencies on securing cloud environments
The cyber agency’s SCuBA guidelines were developed after pilots with 13 agencies and continue a post-SolarWinds cloud strategy.
Silicon Angle ☛ 1.4M records stolen in Texas Tech University Health Sciences Center ransomware attack
Some 1.4 million records relating to students, staff and patients at the Texas Tech University’s Health Science Center and El Paso Health Sciences Center have been stolen in an apparent ransomware attack. Officially, the attack is described as a “cybersecurity event” by the university and took place in September.
Silicon Angle ☛ CISA releases draft updates to National Cyber Incident Response for public comment
The U.S. Cybersecurity and Infrastructure Agency has released a draft update to the National Cyber Incident Response Plan that addresses significant changes in policy and cyber operations since the plan was first released in 2016.
Federal News Network ☛ CISA directs agencies to find, fix cloud security misconfigurations
CISA is telling agencies they need to follow the "SCuBA" cloud security configurations for widely used applications, including Abusive Monopolist Microsoft 365 products.
SANS ☛ Python Delivering AnyDesk Client as RAT, (Tue, Dec 17th)
RATs or "Remote Access Tools" are very popular these days.
Bruce Schneier ☛ Hacking Digital License Plates
Not everything needs to be digital and “smart.” License plates, for example:
Josep Rodriguez, a researcher at security firm IOActive, has revealed a technique to “jailbreak” digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold. By removing a sticker on the back of the plate and attaching a cable to its internal connectors, he’s able to rewrite a Reviver plate’s firmware in a matter of minutes.