White House closes SolarWinds, Microsoft Exchange focus groups, signaling return to normalcy Data Breach by Joe Uchill - April 19, 20210 Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger speaks during the daily press briefing at the White House on February 17, 2021 in Washington, D.C. Neuberger announced Monday that the White House would be closing its coordinating groups for the SolarWinds and Exchange hacking campaigns. (Photo by
Should NSA monitor your networks? Director Nakasone says no, ‘I’m not seeking legal authorities’ Data Breach by Joe Uchill - April 15, 20210 Paul Nakasone, director of the National Security Agency (NSA) and commander of the U.S. Cyber Command, speaks during a House Intelligence Committee hearing on April 15, 2021 in Washington, D.C. (Photo by Al Drago-Pool/Getty Images) At a pair of hearings on Wednesday and Thursday that dissected the U.S. intelligence community’s annual
The DoJ’s Microsoft mitigation: Real results, with a few hypothetical concerns Data Breach by Joe Uchill - April 15, 20210 U.S. Attorney General Merrick Garland arrives to address the staff on his first day at the Department of Justice March 11, 2021 in Washington, DC. The decision by Justice to dismantle ‘hundreds’ of web shells installed using Exchange Server vulnerabilities is being hailed as a landmark use of a new
DoJ used court order to thwart ‘hundreds’ of Exchange Server web shells Data Breach by Joe Uchill - April 14, 20210 The Department of Justice used a court order to dismantle ‘hundreds’ of web shells installed using Exchange Server vulnerabilities. (Photo by Roy Rochlin/Getty Images for Leaders) The Department of Justice used a court order to dismantle ‘hundreds’ of web shells installed using Exchange Server vulnerabilities patched by Microsoft six weeks ago.
Microsoft closes new critical Exchange vulnerability, suggests patch ‘as soon as possible’ Data Breach by Joe Uchill - April 13, 20210 The alert about new Exchange bugs come soon after on-premises Exchange customers were told to patch against a campaign actively exploiting a zero-day vulnerability. (Jeenah Moon/Getty Images) Microsoft suggested that on-premises Exchange customers install fixes “as soon as possible” to mitigate newly patched critical vulnerabilities. “We have not seen the vulnerabilities
‘Name:Wreck’ is the latest collision between TCP/IP and the standards process Data Breach by Joe Uchill - April 13, 20210 (Forescout booth at #RSAC “ by sfoskett is licensed under CC BY-NC-SA 2.0) Forescout and JSOF on Tuesday announced “Name:Wreck,” a set of nine vulnerabilities in four popular TCP/IP stacks, including FreeBSD. The findings are the latest research to show how complexities in the TCP/IP standards can ultimately leads to vulnerable products. Forescout and JSOF have documented several groups of vulnerabilities in TCP/IP stacks over the past year. Forescout discovering Amnesia:33 and Name:Jack and
Biden scores praise for nominations of White House, DHS cyber leaders Data Breach by Joe Uchill - April 12, 20210 President Joe Biden nominated Jen Easterly, center, to be the next head of the Cybersecurity and Infrastructure Security Agency. (Eric Gibson/ New America/https://creativecommons.org/licenses/by/2.0/) President Biden announced key cybersecurity leadership nominations Monday, proposing Jen Easterly as the next head of the Cybersecurity and Infrastructure Security Agency and John “Chris” Inglis as the
Cring ransomware spread through hole in FortiGate VPN Data Breach by Joe Uchill - April 9, 20210 Kaspersky reported how recent attacks against a series of European industrial networks were accomplished at a vulnerability in Fortinet’s FortiGate VPN. (Alexxsun/CC BY-SA 4.0) In the early months of 2021, cybercriminals believed to be manually delivering Cring ransomware, struck a series of European industrial networks. Kaspersky is the first
Krebs: It’s time for a law that invests in the digital infrastructure Data Breach by Joe Uchill - April 7, 20210 Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency, highlighted shifts to cloud-based services and multifactor identification as areas where federal funds could be used to improve state and local cybersecurity. (Photo by Greg Nash-Pool/Getty Images) On the heels of President Joe Biden’s $2 trillion infrastructure plan,
Hackers actively targeting unsecured SAP installs, DHS, SAP and Onapsis warn Data Breach by Joe Uchill - April 6, 20210 A general view of the headquarters of SAP AG in Walldorf, Germany. (Photo by Thomas Lohnes/Getty Images) Multiple hackers are actively targeting SAP installations that have not updated in nearly a year or use poor account management. The warning, which came from the Department of Homeland Security, SAP and Onapsis, is