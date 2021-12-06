Proprietary Software Leftovers
FBI 'concerned' about possible Russian cyberattacks on critical infrastructure [iophk: Windows TCO]
FBI Director Christopher Wray on Tuesday warned the private sector to prepare for potential cyberattacks, saying U.S. agents were "particularly focused on the destructive cyber threat" from Russian agents.
The FBI director spoke just a day after The White House warned companies to bolster defenses and prepare for potential cyberattacks while the Russian invasion of Ukraine intensifies as it approaches a month since forces entered the country.
Speaking at the Detroit Economic Forum, Wray mentioned the attack on Colonial Pipelines last year, which shut down one of the largest pipelines on the East Coast for five days. A criminal group based in Russia was responsible for the cyberattack.
Ransomware incidents in US much higher than number reported: claim [iophk: Windows TCO]
The FBI has ranked ransomware outside the top six online threats to Americans in terms of cost in a 2021 report, but a ransomware researcher claims this is misleading as most ransomware attacks are not reported.
Adelstein Departing WIA, Ransomware Still ‘Ongoing Threat,’ USCellular New Board Nominees [iophk: Windows TCO]
Almost 80 percent of state and local information technology leaders say ransomware is an “ongoing threat,” but more than half of that 80 percent do not have a ransomware incident response plan, according to a national survey from Palo Alto Networks released Tuesday.
The survey also found that only 31 percent know that they have a completed incident response plan.
A Closer Look at the LAPSUS$ Data Extortion Group
Microsoft and identity management platform Okta both this week disclosed breaches involving LAPSUS$, a relatively new cybercrime group that specializes in stealing data from big companies and threatening to publish it unless a ransom demand is paid. Here’s a closer look at LAPSUS$, and some of the low-tech but high-impact methods the group uses to gain access to targeted organizations.
Microsoft confirms breach by Lapsus$ [cracker] group
Microsoft said in the post that Lapsus$, also known as DEV-0537, had breached one account, resulting in “limited access” but not to the data of any of the tech giant’s customers.
A teen is reportedly the mastermind behind the Lapsus$ [cracking] group
The teenager is apparently based about five miles outside of Oxford University, and Bloomberg says it was able to speak to his mother for ten minutes through a “doorbell intercom system” at the home. The teenager’s mother told the publication she did not know of allegations against him. “She declined to discuss her son in any way or make him available for an interview, and said the issue was a matter for law enforcement and that she was contacting the police,” Bloomberg said.
Lapsus$ apparently doesn’t just consist of the England-based teenager, though. Bloomberg reports that one suspected member is another teenager in Brazil and that seven unique accounts have been linked with the group. One of the members is apparently such a capable [cracker] that researchers thought the work was automated, one person involved in research about the group told Bloomberg.
Reports: Okta and Microsoft breached by LAPSUS$ [cracking] group
Data breaches affecting the tech industry’s largest companies are fairly rare. Major tech firms make significant investments in cybersecurity: Microsoft, for example, spends about $1 billion every year on protecting its network from [crackers]. The recent data breaches targeting tech giants could lead the industry’s major players, as well as smaller companies such as startups, to further expand their cybersecurity operations.
Microsoft accepts cybercriminal group Lapsus$ [acquired] its data
Microsoft has confirmed that the [cracking] group Lapsus$ had gained "limited access" to the US tech giant's data. Microsoft accepted the event of [cracking] in a security blog post by the company. The American tech giant has stated that the [cracking] group infiltrated "a single account." However, Microsoft assured that no customer code or data was compromised in this cyberattack.
Okta knew about breach in January, kept mum until Lapsus$ post
Identity services provider Okta took two months to reveal a breach at a third-party provider and waited until the data that leaked out was exposed by a group of attackers known as Lapsus$.
Cobalt Strike: Overview – Part 7
This is an overview of a series of 6 blog posts we dedicated to the analysis and decryption of Cobalt Strike traffic. We include videos for different analysis methods.
F-Secure announces name of corporate business ahead of company split
F-Secure Corp. today revealed its new brand for its corporate security business ahead of a move to split its business into two companies later this year.
The new company will be known as WithSecure. The name was picked to reinforce the belief that facing cybersecurity challenges together produces far better results than trying to protect anything alone and was created in collaboration with F-Secure employees, reseller partners and clients.
-
Ex-Gov. Rick Snyder, 4 others charged in Flint water crisis must testify
Snyder and the government officials will therefore have to testify in a civil trial brought by four children from Flint against two engineering companies involved in the water crisis. Attorneys for the officials had argued that the Fifth Amendment entitles them to blanket immunity from any questions during the civil trial.
White House Urges Companies To Protect Data From Russian Hacks With Encryption; While Congress Looks To Effectively Outlaw Encryption
Earlier this week, the Biden administration urged companies to protect against potential cyberattacks from Russia, which seems like pretty good advice....
Best Linux Distributions for Scientists and IT Professionals
In the world of Linux distributions, there are categories that have served their purpose to the benefit of everyone in the open-source community. One of the bigger advantages when it comes to using Linux is the ability to choose. In this case, a designated category of distributions for Science. Some people may think that Linux is just a distribution of a single operating system. In reality, it’s a plethora of distributions all working together in harmony. Distributions as we all know, are variations in terms of flavor that are mostly using a generic base in the form of Ubuntu, Debian, or Arch with distinctions in their varying user interface and experience. The problem is that the major distributions are not sufficiently clear on what they are actually delivering. Just to name one popular distro, Linux Mint is a good example that is not very easy to choose for the specialists despite its bells and whistles. Distributions that target the related keyword will enjoy the most benefit and in such a case, we’re introducing the best Linux distributions for the science crowd/nerds out there.
Linux Training Model: What A Linux Course Should Look Like
Whether you’re an independent developer trying to design a course and sell it or need to make material to introduce employees to using Linux, the first step in making a model is understanding what it should comprise. Training models are of different types, and there’s a lot of flexibility in how you can approach teaching the material. However, it is important for any training model to solve a specific problem for the learners and present the material in the simplest manner possible. To learn more about how to build training modules, check out this guide.
IBM/Red Hat Leftovers
FOSSForce on Events
