Multi-factor authentication (MFA) is now a standard practice to prevent attacker access. A new CISA case report from the FBI illustrates how business policies and system usability may conflict with that goal. Russian state-sponsored cyber actors gained initial access [TA0001] to the victim organization via compromised credentials [T1078] and enrolling a new device in the … Continue reading FBI Disclose MFA Bypass Attack in New CISA Alert (AA22-074A)→
Update March 17: This post has been getting a lot of traffic from one of the notorious news “scrapers”. Pierluigi Paganini first copied this post verbatim on March 16th to a site called malwaredefinition.com, then rewrote it slightly March 17th changing the title to “node-ipc NPM Package sabotage to protest Ukraine invasion”. That version also … Continue reading Supply chain attack: node-ipc sabotaged as anti-war “protestware”→
Task & Purpose offers readers an analysis of a war campaign running on Twitter …with six air-to-air kills, the heroic pilot of a Ukrainian MiG-29 became the first air combat ace over European soil since World War II. They call him ‘the Ghost of Kyiv’…real enough — for now. The “real enough” morale-boosting aspect of … Continue reading Twitter’s “Ghost of Kyiv” Campaign→
Update March 1: Colonial Pipeline PR Reacts Let me begin by saying the first ever chief information security officer (CISO) hire anywhere ever was a PR invention of Wall Street back in 1994. This position was officially rolled out in a news campaign by Citicorp in order to offset panic when they disclosed their security … Continue reading Colonial Pipeline Spills Details on First CISO→