Hackers infiltrated government and business networks via a software update from Solarwinds The Solarwinds Orion suite of software products help manage IT infrastructure, Network Performance, Server & Application Monitoring, Configuration Management and other supply chain operations.

 

The attack campaign was first revealed on Dec. 13 by FireEye, which was one of its first victims. We still don't know the extent of the hack, but we do know that major Government agencies like Commerce, Homeland Security, State, Treasure, and The National institutes of Health became a target along with hundreds of other businesses using the software.

 

Soon after that Solarwinds published its own advisory warning Orion users that the software had been corrupted by a highly sophisticated supply chain attack on the Solarwinds Orion Platform.

 

Moreover, the Cybersecurity and Infrastructure Security Agency (CISA) advisory notes the attackers behind the SolarWinds targeted key personnel at victim firms so Staff should assume their email communications and internal network traffic are compromised, and rely upon out-of-band systems for discussing internally how they will proceed to clean up the hack.

 

How to protect yourself working from home.

 

“9 key points for a safer you.”

 

Click to download below, its free.!

 

Many people are working from home now days and few know just how to protect their work and computers from online hackers and viruses. Here is a short list of some of the key things to do to protect yourself and your home network.

  1. Browser Security: setting it up, turning on-or-off key things when connecting to the web
  2. Firewalls: There are many types of firewalls, is your firewall on and what is it set to protect against?
  3. Ports: Know the key ports your system is using and block the ones you don’t need.
  4. Routers: A device that forwards data packets along networks. It connects two or more networks together and uses headers, ports and tables to determine the best path across the web.
  5. Who is on my system: you’re not alone on the web, and someone else could be accessing your network?
  6. Browser Add-Ons aka Extensions: what to look for when adding a new tool to your browser.
  7. Hiding the Service Set Identifier (SSID) from your neighbor and hacker eyes.
  8. Viruses: What are the signs my computer is infected?
  9. VirtualBox: Create a VirtualBox to surf the web.
How to Protect Yourself Working From Home
9 keys Points - Free to Download and Use.
How to Protect Yourself if your working [...]
Adobe Acrobat document [353.3 KB]

Bureau of Criminal Apprehension of Minnesota HACKED…!

 

Personal information of Minnesota law enforcement, critical infrastructure personnel published online after massive hack

By Tony Webster

 

A trove of Minnesota law enforcement data was published online after hackers broke into the servers of a vendor of the Minnesota Bureau of Criminal Apprehension and Hennepin County Sheriff’s Office

 

The sensitive information includes details about key Minnesota security and intelligence personnel at every level of government.

 

Information on over 9,000 government and industry personnel dating back over 15 years were divulged in a breach of data from ICEFISHX, an intelligence sharing and emergency alert website, which is part of the Minnesota Fusion Center, the intelligence wing of the Minnesota Bureau of Criminal Apprehension. 

 

The stolen data was contained in “BlueLeaks,” which is being called the largest leak of U.S. law enforcement data in history, and was published online in mid-June by Distributed Denial of Secrets, a team of transparency activists who say they have no political leaning.

 

The hacked data included over 20,000 files, such as intelligence briefings, software code, suspicious activity alerts, COVID-19 situation reports, violent offender advisories, as well as internal information such as codewords to use when reporting suspected terrorist activity. But some of the most sensitive data might be information on first responders and those keeping Minnesota’s critical infrastructure safe. 

CIA Finds It Failed to Secure Its Own Systems

An internal CIA report released Tuesday found that the agency's failure to secure its own systems led to the massive 2017 data breach that enabled classified information, including details on 35 CIA hacking tools, to be leaked to WikiLeaks.

 

See Also: Live Webinar | 2021: A Cybersecurity Odyssey

 

A redacted version of the report, prepared by the CIA's WikiLeaks Task Force in 2017, was released by Ron Wyden, D-Ore., a member of the Senate Intelligence Committee.

The report calls out the CIA's Center for Cyber Intelligence for not prioritizing internal cybersecurity and focusing, instead, on developing offensive cyber weapons.

This lax attitude toward preventive cybersecurity measures within the CIA continued even after previous high-profile data breaches of the agency and other intelligence departments, the report states.

 

The WikiLeaks Task Force report was prepared after the leaking of the CIA hacking tools, which were referred to as "Vault 7" (see: WikiLeaks Dumps Alleged CIA Malware and Hacking Trove).

 

The theft of the hacking tools, which apparently happened sometime in 2016, was not discovered until WikiLeaks published the Vault 7 series in 2017. Later, the U.S. Justice Department brought charges against Joshua Schulte, a former CIA employee, who is suspected of stealing the CIA hacking tools and then giving them to WikiLeaks, according to the Washington Post, which first reported on the Wyden letter.

Congress Hears of Fresh Cyberthreats to US Financial Firms

U.S. financial institutions are vulnerable to a new array of attacks from cybercriminals and nation-state hackers as a result of the COVID-19 pandemic, experts told a Congressional panel this week at a virtual hearing.

 

The Tuesday testimony before the House Financial Services' Committee's National Security, International Development and Monetary Policy subcommittee came as Democratic and Republican lawmakers introduced a series of legislative proposals to deal with the challenges facing financial institutions.

 

See Also: Live Webinar | 2021: A Cybersecurity Odyssey

 

In their testimony, experts warned that banks and other financial institutions are not equipped to mitigate the latest cyberthreats - including sophisticated hacking campaigns, ransomware attacks, cryptojacking, intellectual property theft and business email compromise schemes - that have surged during the COVID-19 crisis.

The shift to a remote workforce has led many firms to change their approach to cybersecurity at a time when attacks are increasing, experts testified (see: Rethinking Risk for the Remote Workforce).

In the first five months of 2020, cyberattacks against the American financial sector have increased by a staggering 238%, Kellermann said. Ransomware attacks have surged at an even greater rate, he added.

The National Cybersecurity Center of Excellence

 

(NCCoE) has released the final version of National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide Special Publication 1800-16, Securing Web Transactions: Transport Layer Security (TLS) Server Certificate Management. See the two-page fact sheet for an overview of the project.

 

This practice guide can benefit executives, chief Information security officers, system administrators, or anyone who has a stake in protecting his or her organization's data, privacy, and overall operational security.

 

For ease of use, the final guide is available to download or read in volumes:

  • SP 1800-16A: Executive Summary (pdf) (web page)  
  • SP 1800-16B: Security Risks and Recommended Best Practices (pdf) (web page)  
  • SP 1800-16C: Approach, Architecture, and Security Characteristics (pdf) (web page)  
  • SP 1800-16D: How-To-Guides (pdf) (web page)  

Or download the complete guide (PDF)

Lance West

 

DigiBrains@msn.com

 

 

  • Cyber-Security

 

  • Information Assurance training

 

  • IT Risk Analysis

 

  • BIA/BCP Development

 

  • Software Security

 

  • Databases
Print | Sitemap
© DigiBrains LLC