This past week, a hacker by the name of ChinaDan allegedly breached the Shanghai National Police (SHGA) database and has put the nearly 23 TB of data up for sale for 10 bitcoin (BTC), or a little over $200k USD as of this writing. ChinaDan claims the data contains “information on 1 Billion Chinese national residents and several billion case records” including names, addresses, … [Read more...]
SolarWinds Catch-Up
Swift new developments have continued to pour out on the SolarWinds breach. Under normal circumstances it is difficult to keep up to date on the news and especially so with a story that continues to grow. Nevertheless, the Threat Lab team at WatchGuard has been keeping an eye out on the latest updates. Beyond the major players such as FireEye, Microsoft, CISA, and SolarWinds, … [Read more...]
SolarWinds Supply Chain Hack Responsible for FireEye Breach
Last week, the cybersecurity consulting company FireEye announced they had suffered a breach where attackers stole sensitive “red team” hacking tools and potentially information related to certain government customers. FireEye has historically been one of if not the most prominent consultants brought in to investigate attacks against large organizations and government entities. … [Read more...]
Identifying an Existing APT Intrusion
Last month while onboarding a new customer to Panda EDR with the Orion threat hunting console, WatchGuard Threat Lab discovered an existing advanced persistent threat (APT) on the organization’s network. WatchGuard Threat Lab investigated the incident and were able to identify much of the threat actor’s tools, techniques and procedures including several indicators of compromise … [Read more...]
Additional WPA3 Dragonblood Vulnerabilities
The same security researchers that disclosed the initial five WPA3 vulnerabilities (referred to as Dragonblood) earlier this year in April, have recently disclosed two additional WPA3 vulnerabilities. Just like the initial five Dragonblood vulnerabilities, these two new ones allow attackers to either downgrade or bypass WPA3 encryption protected networks via brute force … [Read more...]