SolarWinds Attack Summary of Events

A week after the massive SolarWinds breach, Lawrence Abrams of BleepingComputer.com summarizes the timeline of events best and gives an excellent breakdown of the chaos that has ensued since.

I have to say that I am in agreement with most Cyber security officials in that this is definitely going to take at least a year or even more in order to get this under control.

Check out the article here for more info and let me know what you think will come of all this madness!

Microsoft Releases Annual Security Report

As its now becoming an annual tradition, Microsoft has released their latest “Digital Defense Report” which compiles lots of data and statistics in order to make determinations on what the current landscape looks like along with the ever changing trends of what organizations both large and small should be aware of when it comes to best protecting themselves.

Kurt Mackie at Redmondmag.com has a great summary of the report here and if you want the entire 88 page summary, it can also be found here as well.

New Russian based malware on the loose!

According to ZDNet.com, the FBI and NSA have jointly stated that there’s a new Linux based Malware being aimed at other countries, namely ones in the West like the United States.

A brief description of the malware in question:

“Drovorub is a ‘swiss-army knife’ of capabilities that allows the attacker to perform many different functions, such as stealing files and remote controlling the victim’s computer”

As far as protection from Drovorub is concerned, U.S. private and public companies are being warned to take this threat seriously and implement any possible measures that will protect them from this cyber threat as soon as possible.

Check out the full article here for more details.

SANS Institute breach

 

A sign of the times indeed!

A well known U.S. company that focuses on information security and cybersecurity training experienced a security breach at the hands of one of their own employees.  Long story short, the user installed a malicious Office 365 add-in which triggered the mass forwarding of many emails spread out over 28,000 accounts.  Yikes!

SANS released a statement about the breach here.  Check it out for further details.

A Windows 7 End of Service PSA courtesy of the FBI

In one of the most obvious assessments of the year, the FBI has warned stakeholders that one of the biggest threats today is the continued unsupported use of Windows 7 in many firms across the U.S.

Obviously, the current pandemic has turned the world upside down but that shouldn’t stop anyone from doing one of two things: upgrade to Windows 10 or purchase extended support licenses.  Just freaking do it! HAHA!

Aftermath of the “Epic” Twitter Hack

As a result of the Twitter hack that compromised the accounts of many high profile individuals, charges have been brought against the three individuals for their roles in the scam.

I cam across a post joking about how this appears to be the work of a North Korean but come to find out, two of the three are homegrown in the U.S. with the other residing in the U.K.

KrebsOnSecurity.com continues to follow the story and has the full update here.

The “Epic” Twitter Hack

The hacking of Twitter accounts belonging to prominent members of society has all of us asking: How in the world did something like this happen?  At surface level, you would think that it was an individual who acted upon this but come to find out, it involved an entire team of users to accomplish what happened.

Brian Krebs does an excellent job of summarizing exactly what happened and the objective that were behind it.  Check out the full scoop here at KrebsonSecurity.com and let me know what you think!

Awesome security reads!

We’ll I have to say that it appears everywhere you look, there’s some type of security hack, breach, or phishing attack occurring especially during this COVID-19 pandemic.

Lots of sites produce great content and report on the state of cybersecurity all the time but hats off to BleepingComputer.com for staying at the forefront of such threats aimed at us.

Just a few of their latest reads about Office 365 phishing the U.S. Supreme Court and Microsoft Teams, Fake U.S. Treasury emails, and more!  Enjoy!

Coronavirus fraud

Another great report found on BleepingComputer.com in that even during these challenging times, the scam artists haven’t stopped.

According to the U.S. Federal Trade Commission, an estimated $12 million has been lost as a result of Coronavirus-related scams since the beginning of this year.

Furthermore, a whopping 16,000+ fraud incidents have been reported by consumers with almost have of those reporting losses within the same time period.

It’s sad that we as consumers have to deal with this type of scam as a result of this pandemic but its just a reminder that we must not let our guard down and remain alert!  For more info, check out the article here…Stay safe and healthy!

Phone scams during COVID-19

Just came across a post from security expert Chris Krebs on his website detailing some of the best practices in response to phone scamming attempt affecting millions worldwide.

His tagline response of “Hang Up, Look Up, & Call Back” is something that all of us can embrace whether you’re a tech novice or a savvy, seasoned user but if you choose to drop the ball, you would be surprised how easily one can be taken for whatever info these scammers desire.

Check out the post here for the full story complete with a tech expert being taken advantage of!  Crazy stuff indeed!