Colonial Pipeline 1 Year Later: What Has Yet to Change?
The Colonial Pipeline ransomware attack that took place exactly one year ago sent shockwaves across the nation that are still being felt today. A cyberattack with such massive real-world implications had never been seen before, let alone an attack on one of the largest critical infrastructure assets in the US that was initially started via an exposed virtual private network (VPN) password. READ MORE...
FBI: Bank Losses From BEC Attacks Top $43B
Between June 2016 and December 2021, the total losses reported by global financial institutions as a result of business email compromise (BEC) attacks clocked in at more than $43 billion. The Federal Bureau of Investigation and Department of Justice have issued a joint announcement underlining the damage BEC attacks have done to both small businesses and large corporations alike around the world. READ MORE...
May 2022 Patch Tuesday forecast: Look beyond just application and OS updates
April Patch Tuesday provided an extensive set of operating system and application updates after a few quiet months. Microsoft addressed 97 vulnerabilities in Windows 10, and 67 in Windows 11. Adobe updated Reader and Acrobat to fix 62 vulnerabilities. Many of the vulnerabilities from both vendors were rated critical which resulted in a busy deployment schedule last month. This increase in identified and remediated vulnerabilities is expected to continue as we move into summer. READ MORE...
New Raspberry Robin worm uses Windows Installer to drop malware
Red Canary intelligence analysts have discovered a new Windows malware with worm capabilities that spreads using external USB drives. This malware is linked to a cluster of malicious activity dubbed Raspberry Robin and was first observed in September 2021. Red Canary's Detection Engineering team detected the worm in multiple customers' networks, some in the technology and manufacturing sectors. READ MORE...
USB-based Wormable Malware Targets Windows Installer
Wormable malware dubbed Raspberry Robin has been active since last September and is wriggling its way through USB drives onto Windows machines to use Microsoft Standard Installer and other legitimate processes to install malicious files, researchers have found. Researchers at Red Canary Intelligence first began tracking the malicious activity in the fall when it began as a handful of detections with similar characteristics first observed in multiple customers' environments. READ MORE...
Apple, Google, and Microsoft want to kill the password with "Passkey" standard
The first Thursday of May is apparently "World Password Day," and to celebrate Apple, Google, and Microsoft are launching a "joint effort" to kill the password. The major OS vendors want to "expand support for a common passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium." Instead of a long string of characters, this new scheme would have the app or website you're logging in to push a request to your phone for authentication. READ MORE...
US Gov Issues Security Memo on Quantum Computing Risks
The U.S. government is barreling ahead with plans to mitigate future threats from quantum computing with a new White House memo directing federal agencies to jumpstart an all-hands-on-deck approach to migrating to quantum-resistant technologies. The security memo, released alongside a plan to promote U.S. leadership in quantum computing, directs specific actions for agencies to take. READ MORE...
- ...in 1915, actor/filmmaker Orson Welles ("Citizen Kane", "The Third Man") is born in Kenosha, WI.
- ...in 1915, Babe Ruth hits his first major league home run as a pitcher for the Boston Red Sox.
- ...in 1935, President Franklin D. Roosevelt issues Executive Order 7034, establishing the Works Progress Administration.
- ...in 1941, comedian Bob Hope makes his first of dozens of tours with the USO to entertain American troops overseas.
