Last week, the cybersecurity consulting company FireEye announced they had suffered a breach where attackers stole sensitive “red team” hacking tools and potentially information related to certain government customers. FireEye has historically been one of if not the most prominent consultants brought in to investigate attacks against large organizations and government entities. … [Read more...]
Garmin Suffers Massive WastedLocker Ransomware Attack
Last Thursday, the GPS and smartwatch firm Garmin suffered what was allegedly a massive, system-wide ransomware attack, forcing them to take down all of their services ranging from their apps to their support call centers. While Garmin has been tight-lipped as to the cause of the outage, multiple publications have reported that the company was targeted by WastedLocker, a … [Read more...]
Critical Microsoft DNS Server Vulnerability – SIGRRed
If you already had plans to test and roll out the various Microsoft Windows and Server updates that came out today as a part of Microsoft’s Patch Tuesday, you probably want to move a bit quicker. Among the various bug fixes are a series of patches for a critical “wormable” vulnerability in Windows DNS Server, affecting all Windows Server versions dating back to Server 2003 … [Read more...]
US Senators Introduce Bill to Backdoor Encryption
Three Republican Senators today introduced the Lawful Access to Encrypted Data Act, in their latest attack on the security and privacy of everyday citizens. The press release for the bill describes it as a way to “bolster national security interests” by “ending the use of ‘warrant-proof’ encrypted technology by terrorists and other bad actors to conceal illicit behavior.” At a … [Read more...]
NCSC and CISA Alert on APTs Targeting Healthcare
The UK National Cyber Security Centre (NCSC) and US Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory today(pdf), highlighting ongoing activity by Advanced Persistent Threat (APT) groups against healthcare and essential services. The six-page advisory states that unnamed hacking groups are targeting organizations “in order to collect bulk … [Read more...]