Volt Typhoon, a Chinese state actor attacked US critical infrastructure to disrupt communication channels
Microsoft has detected stealthy malicious activity by Volt Typhoon, a Chinese state-backed entity known for espionage and data collection. The focus of the attack was critical infrastructure entities in the US and it is believed that the attacks are part of a larger capability that China is building to disrupt crucial communication channels between the […]
The Collapse of Silicon Valley Bank: Understanding your risk exposure
Silicon Valley Bank, founded in 1983 and was the 16th largest bank in US, collapsed on Friday after failing to raise capital. This is the largest bank failure since the 2008 financial crisis. Silicon Valley Bank (SVB) was the bank of choice for venture capital and startups, and was where startups would park their money […]
CVE Proof of Concept Scams
When a new vulnerability is made public, a Common Vulnerabilities and Exposures (CVE) number is assigned to it. A CVE will contain a brief description of a security vulnerability and is a way to uniquely ID each security vulnerability that may be found. These CVE numbers allow security professionals to track vulnerabilities, patches to fix […]
On the “sophisticated” tracking device found in the vehicle of Eskom’s CEO
Several media outlets including the Sunday Times and News24 recently reported that a “sophisticated tracking device” was found under the driver’s seat in the car of Andre de Ruyter, the CEO of Eskom, South Africa’s troubled power utility provider. De Ruyter hired a firm to investigate the origins and capabilities of the device said that […]
Google’s Trust Problem
Earlier this week, Google announced in a blog post that it would be shutting down Stadia, its consumer gaming service: A few years ago, we also launched a consumer gaming service, Stadia. And while Stadia’s approach to streaming games for consumers was built on a strong technology foundation, it hasn’t gained the traction with users […]
SEC Fines Morgan Stanley $35 Million after unencrypted hard drives are sold at auction
The SEC has fined Morgan Stanley $35 million for improperly disposing of customer data when decommissioning hardware at their data centers and local branches. The SEC states in their complaint that over a 5 year period, Morgan Stanley failed to dispose of thousands of hard drives containing the data of over 15 million customers in […]
Yet Another Uber Breach
Uber has suffered another breach that was the result of a social engineering attack. The attacker managed to get an Uber employees password and then used that password to login, however Uber uses MFA so the attacker called the Uber employee and pretended to be from the IT department and stated that the Uber employee […]
Ubiquiti files SLAPP Suit against security journalist Brian Krebs
Ubiquiti has filed a lawsuit against intrepid security journalist Brian Krebs for defamation stemming from his coverage of the Ubiquiti breach that took place in 2020. From the lawsuit: Ubiquiti Inc. files this defamation action because blogger Brian Krebs falsely accused the company of ‚Äúcovering up‚Äù a cyberattack by intentionally misleading customers about a so-called […]
EU Digital Market Acts Law
The EU Digital Markets Act (DMA) takes aim at tech giants like Facebook, Google and Apple on their monopolistic practices and to limit the market power of these companies. Per the EU Parliament: The Digital Markets Act (DMA) will ban certain practices used by large platforms acting as “gatekeepers” and enable the Commission to carry out market […]
Anomalous BGP announcements and the massive Facebook outage
Earlier today, Facebook experienced a 6 hour long outage that took out several services including Facebook, WhatsApp and Instagram. This is the not the first time that Facebook has had a significant outage, in 2015, Instagram’s TLS certificate expired, a software bug caused an outage in 2016 and in 2019, a server misconfiguration caused a […]