Monday, December 14, 2020

2021 Goals

Most of my goals for the coming year revolve around work, because lets face it I am already a gem of a human being requiring little to no attention in that area (and yes I hear all the moaning and gagging coming from you people - Shut up!).

  1. Read one cybersecurity book, and one general networking / IT book per month.
  2. Complete 2 CTFs
  3. Submit a non-ICS related proposal for a talk
  4. Get my Palo Alto PNCSE

I was going to put down a bunch of stuff about being a better mentor / leader but on my current team I have no one to mentor and have no leadership responsibilities.  If that changes I'll revisit that set of goals.

Tuesday, September 22, 2020

What I'm Reading 9/22/2020 - Just Because You Can Do Something Doesn't Mean You Should: Civvl Aims to Be the Uber of Foreclosures, Capitalizing on Pandemic Caused Misfortune

 Motherboard - Gig Economy Company Launches Uber, But for Evicting People -

Civvl aims to marry the gig economy with the devastation of a pandemic, complete with signature gig startup language like "be your own boss," and "flexible hours," and "looking for self-motivated individuals with positive attitudes:" "FASTEST GROWING MONEY MAKING GIG DUE TO COVID-19," its website says. "Literally thousands of process servers are needed in the coming months due courts being backed up in judgements that needs to be served to defendants."

Landlords, absolutely have a right to evict tenants who fail to pay are to meet other obligations, but the marketing of this service (as presented by Motherboard) is just plain evil.  Especially given the many moratoriums on evictions, specifically issued in response to Covid-9.

ZDNet - Commentary: How India's ancient caste system is ruining lives in Silicon Valley -

The lawsuit alleges that the upper-caste Iyer recognised John Doe and instantly began ridiculing him in front of all the other higher-caste Indian employees at Cisco, saying that John Doe was a Dalit and only got into the engineering school because of affirmative action, which India implemented in 1980 under the then-Prime Minister VP Singh.

When John Doe indicated to Cisco's human resources team that he wanted to file a complaint, he was allegedly told by the department that "caste discrimination was not unlawful". Soon after, John Doe found himself demoted from his lead role on two projects. The lawsuit says that for two years, Iyer waged a sustained onslaught against John Doe's career. He isolated him, didn't give him any bonuses, and thwarted any chances for promotion.

Reuters -  Boeing gearing up for 787 move to South Carolina: sources -

Barring a last-minute U-turn, Boeing is “all but certain” to move the rest of 787 production away from its traditional base to South Carolina, two people briefed on its thinking said.

It could be announced by late October when Boeing reports earnings, they said. Pressure for a decision is imminent as suppliers need to know what parts to make for jets in 2022. The decision is “weeks not months” away, one of them said.

From what I have heard, both quality and production time suffer at the South Carolina plant.  Seems like a bad move, but I'm sure the MBAs will find a way to justify it.  What this really is is a fuck you to the unions and Seattle area politicians.

 ZDNet - Russia wants to ban the use of secure protocols such as TLS 1.3, DoH, DoT, ESNI -

According to a copy of the proposed law amendments and an explanatory note, the ban targets internet protocols and technologies such as TLS 1.3DoHDoT, and ESNI.

Moscow officials aren't looking to ban HTTPS and encrypted communications as a whole, as these are essential to modern-day financial transactions, communications, military, and critical infrastructure.

Instead, the government wants to ban the use of internet protocols that hide "the name (identifier) of a web page" inside HTTPS traffic.

 The Register - 'I don’t want to see another computer for the rest of my life'... Brit Dark Overlord cyber-extortionist thrown in an American clink for five years -

The front man for the notorious Dark Overlord hacker gang, which threatened to leak stolen confidential information unless paid off, has been sentenced to five years behind bars in America.

Nathan Wyatt, 39, formerly of London, England, was sent down on Monday by a judge in a federal district court in eastern Missouri. He was also told to pay $1,467,048 in restitution to his victims. The Brit had pleaded guilty to conspiracy to commit computer fraud and aggravated identity theft.

BBC - Dark web drugs raid leads to 179 arrests -

Police forces around the world have seized more than $6.5m (£5m) in cash and virtual currencies, as well as drugs and guns in a co-ordinated raid on dark web marketplaces.

Some 179 people were arrested across Europe and the US, and 500kg (1,102lb) of drugs and 64 guns confiscated.

It ends the "golden age" of these underground marketplaces, Europol said.
"The hidden internet is no longer hidden", said Edvardas Sileris, head of Europol's cyber-crime centre.

 The Register - She was praised by the CEO and promoted. After her brother and mom died, she returned from compassionate leave. IBM laid her off -

"Upon her return, IBM stripped Kinney of her newly appointed high-level responsibilities without explanation," the complaint says. "Two months later, Kinney was informed she was going to be included in a Resource Action – IBM code for its rolling layoffs – because her skills were 'too technical.' Her managers refused to elaborate beyond this cited reason."

Monday, September 21, 2020

What I'm Reading 9/21/2020 - Patch Your Damn Domain Controllers Now

 IT Security Guru - CISA Releases Emergency Directive on Microsoft Windows Netlogon Remote Protocol -

Basically the directive gives all federal agencies until 11:59pm on 21 Sep to apply the patch or remove the domain controllers.

Related - The Register - US Cybersecurity agency issues super-rare Emergency Directive to patch Windows Server flaw ASAP -

“We do not issue emergency directives unless we have carefully and collaboratively assessed it to be necessary,” the agency warned. CISA issued just two such directives in each of 2018 and 2019. 2020's status as a year of woe has seen it score four of the emergency warnings.

That the agency feels the need to issue one for this flaw is notable given that simply applying Microsoft's August patches would have fixed the problem. Yet US government agencies need the firmest possible prod to get it done. 

Unit 42 - Introducing Actionable Threat Objects and Mitigations (ATOMs) -

Unit 42 has renamed the Adversary Playbooks to Actionable Threat Objects and Mitigations (ATOMs) and has directly relocated the ATOM viewer into the Unit 42 website. Furthermore, Unit 42 has enhanced the ATOM packages, introducing intelligence-driven security best practices and mitigation recommendations, mapped to MITRE ATT&CK techniques and presented as Courses of Action (COA), which allow consumers to understand more about the threat and how to mitigate it.

Each ATOM campaign provides indicators of compromise, the ATT&CK techniques utilized and COA for Palo Alto Networks products in one STIX 2.0 object deliverable that can easily be ingested for various purposes, whether for tactical defense, longer-term defense planning or simulating attacks.

Art of Manliness - How to Make a Bug Out Bag: Your 72-Hour Emergency Evacuation Survival Kit -

The thought of having to evacuate your home due to a sudden and imminent threat is not unrealistic. The reality is that sudden and uncontrollable events of nature and man do happen. Natural disasters such as hurricanes, storms, wildfires, earthquakes, floods, and volcanic explosions can strike fast and hard — wreaking havoc on homes, vehicles, roads, medical facilities, and resource supply chains such as food, water, fuel, and electricity. When Hurricane Katrina struck the Gulf Coast in 2005, tens of thousands of people had to evacuate their homes with little warning; this has been an all-too-common reoccurrence in the years since. Unprepared and with no emergency plan, many of these people were completely dependent on scavenging and hand-outs while living in make-shift shelters — fending for themselves in a time of complete chaos and disorder. A 72-hour emergency kit packed with survival essentials would have been an invaluable and priceless resource.

 Security Week  - FERC, NERC Conduct Study on Cyber Incident Response at Electric Utilities -

The report is based on a study conducted by staff at FERC, NERC and NERC regional entities. The study is based on information provided by experts at eight U.S. electric utilities of various sizes and functions, and its goal was to help the industry improve incident response and incident recovery plans, which authors of the study say help ensure the reliability of the bulk electric system in the event of a cybersecurity incident.

The Register -  Amazon staffers took bribes, manipulated marketplace, leaked data including search algorithms – DoJ claims -

US prosecutors claim six people bribed corrupt Amazon insiders to rig the the web giant's Marketplace in their favor and leak terabytes of data including some search algorithms.

Amazon’s digital bazaar is open to third parties who can push their products on the e-commerce giant’s store, and even have Amazon do their deliveries. Amazon vets such vendors – who are known as “3Ps” – and then polices their activities on its platform.

In an indictment [PDF] filed late last week, the Dept of Justice asserted that the six defendants paid over US$100,000 to “complicit Amazon employees and contractors.” The DoJ claims at least ten Amazonians took the crooked coin and “baselessly and fraudulently conferred tens of millions of dollars of competitive benefits on hundreds of 3P seller accounts that the defendants purported to represent”.

Medium - The Risk Makers

The failure to properly calculate risk sits at the core of most high-profile tech disasters of the last decade. The problem is endemic to the industry, critics say. “Harmful content, of any category, is not an aberration, but a condition of platforms,” says Tarleton Gillespie, a principal researcher at Microsoft and an adjunct associate professor at Cornell University, and author of the 2018 book Custodians of the Internet.

The internet’s “condition of harm” and its direct relation to risk is structural. The tech industry — from venture capitalists to engineers to creative visionaries — is known for its strike-it-rich Wild West individualistic ethos, swaggering risk-taking, and persistent homogeneity. Some of this may be a direct result of the industry’s whiteness and maleness. For more than two decades, studies have found that a specific subset of men, in the U.S. mostly white, with higher status and a strong belief in individual efficacy, are prone to accept new technologies with greater alacrity while minimizing their potential threats — a phenomenon researchers have called the “white-male effect,” a form of cognition that protects status. In the words of one study, the findings expose “a host of new practical and moral challenges for reconciling the rational regulation of risk with democratic decision making.” 


Friday, September 18, 2020

What I'm Reading 9/118/2020 - China, you lovable scamps

 SC magazine - FBI opens China-related counterintelligence case every 10 hours -

FBI Director Christopher Wray today offered the House Homeland Security Committee some sobering news about China – the FBI opens a new China-related counterintelligence case roughly every 10 hours.

Wray said of the nearly 5,000 active FBI counterintelligence cases underway across the U.S., almost half are related to China. He said China aims to compromise American health care organizations, pharmaceutical companies and academic institutions conducing important COVID-19 research.

“They are going after cost and pricing information, internal strategy documents, personally identifiable information – anything that can give them a competitive advantage,” Wray told House members this morning.

Krebs on Security - Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack -

The U.S. Justice Department this week indicted seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies. The government alleges the men used malware-laced phishing emails and “supply chain” attacks to steal data from companies and their customers. One of the alleged hackers was first profiled here in 2012 as the owner of a Chinese antivirus firm.

The Register - Video encoders using Huawei chips have backdoors and bad bugs – and Chinese giant says it's not to blame

Huawei insists the vulnerabilities were not introduced by its HiSilicon chips nor the SDK code it provides to manufacturers that use its components. That would mean someone else provided the makers of these video encoder devices application software riddled with holes, and this code was shipped with the equipment. The products just all happen to use the the hi3520d chipset.

In a statement emailed to The Register and posted online, a Huawei spokesperson said, "Following the media reports about the suspected security issues (CVE-2020-24214, CVE-2020-24215, CVE-2020-24216, CVE-2020-24217, CVE-2020-24218, and CVE-2020-24219) in HiSilicon video surveillance chips on September 16, 2020, Huawei has launched an immediate investigation. After technical analysis, it was confirmed that none of the vulnerabilities were introduced by HiSilicon chips and SDK packages. Huawei is in favor of coordinated vulnerability disclosure by all organizations and individuals in the security research ecosystem to reduce the impact on stakeholders."

 The Register - Feeling bad about your last security audit? Check out what just happened to the US Department of Interior -

"These attacks — which went undetected by security guards and IT security staff as we explored department facilities — were highly successful," the penetration-test report noted. "In fact, we intercepted and decrypted wireless network traffic in multiple bureaus."

It went on: "Even worse, with regard to two bureaus, our penetration test went far beyond the wireless network at issue and gained access to their internal networks. In addition, we successfully obtained the credentials of a bureau IT employee and were able to use that person’s credentials to log into the bureau’s help desk ticketing system and view the list of tickets assigned to the employee."

Thursday, September 17, 2020

What I Am Reading 9/17/2020 - Cryptography is Hard

 BBC - Revenge porn 'new normal' after cases surge in lockdown -

There has been a surge in reports of revenge porn this year, with campaigners saying the problem has been exacerbated by lockdown.

Around 2,050 reports have been made to a government-funded helpline, a 22% rise from last year.

As cases have remained high despite coronavirus restrictions easing, those that run the service fear this is "the new normal."

Al-Jazeera - As Europe's China scepticism grows, a glimmer of hope for Taiwan -

The pandemic brought to light the differences in Taiwan and China's political systems: Critics accuse China of suppressing news of the disease when it was first detected in the city of Wuhan, thereby allowing the virus to spread across borders, but Taiwan won plaudits for mobilising quickly, closing its borders and setting in place a stringent quarantine and testing system – moves that have kept the island's COVID-19 cases below 500 and fatalities at just seven.

"The COVID crisis has really put Taiwan in a very positive light. There have never been that many discussions on Taiwan in the European media," Duchatel said. "It's amazing how people talk about Taiwan, not for Cross-Strait relations and security; they talk about Taiwan as a successful model of effective democratic governance to manage such a huge public health crisis. The contrast is this creates space for Taiwan."

Sophos - Zerologon – hacking Windows servers with a bunch of zeros -

Nevertheless, Zerologon is a fascinating story that reminds us all of two very important lessons, namely that:

  1. Cryptography is hard to get right.
  2. Cryptographic blunders can take years to spot.

The gory details of the bug weren’t disclosed by Microsoft back in August 2020, but researchers at Dutch cybersecurity company Secura dug into the affected Windows component, Netlogon, and figured out a bunch of serious cryptographic holes in the unpatched version, and how to exploit them.

Wednesday, September 16, 2020

What I Am Reading 9/16/2020 - Crime Ops!

 NYTimes - W.T.O. Says American Tariffs on China Broke Global Trade Rules -

A World Trade Organization panel said Tuesday that the United States violated international trade rules by imposing tariffs on China in 2018 in the midst of President Trump’s trade war.


In a statement, Robert E. Lighthizer, the United States Trade Representative, blasted the World Trade Organization for trying to prevent the United States from helping its own workers.

“This panel report confirms what the Trump Administration has been saying for four years: The W.T.O. is completely inadequate to stop China’s harmful technology practices,” Mr. Lighthizer said. “Although the panel did not dispute the extensive evidence submitted by the United States of intellectual property theft by China, its decision shows that the W.T.O. provides no remedy for such misconduct.”

ZDNet -  MITRE releases emulation plan for FIN6 hacking group, more to follow -

MITRE and cyber-security industry partners have launched a new project that promises to offer free emulation plans that mimic today's biggest hacking groups in order to help train security teams to defend their networks.

Named the Adversary Emulation Library, the project is the work of the MITRE Engenuity's Center for Threat-Informed Defense.

The project, hosted on GitHub, aims to provide free-to-download emulation plans.

 Dark Reading - CISA Issues Alert for Microsoft Netlogon Vulnerability -

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory warning there is publicly available exploit code for CVE-2020-1472, a critical elevation of privilege vulnerability in Microsoft's Netlogon.

"Zerologon," as Secura researchers dubbed the bug, has a CVSS score of 10.0. It exists when an attacker creates a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). Microsoft patched the vulnerability as part of its August Patch Tuesday rollout; it's being addressed in a two-part rollout, the company reports.

 Dark Reading - Encrypted Traffic Inference: An Alternative to Enterprise Network Traffic Decryption -

(E)ncrypted traffic inference (ETI) is perhaps the most fascinating of all emerging alternative approaches. ETI solutions analyze aspects of encrypted traffic flows to discern whether they are likely to be malicious, without using decryption.

Based on concepts first published by Cisco Systems researchers in 2016, ETI works by capturing encrypted network flow data attributes -- including DNS metadata, TLS handshake metadata, and HTTP packet headers – and analyzing them for specific, intricate patterns that indicate malicious activity.

A number of vendors – including Cisco, Juniper, NTA vendor Corelight, NDR provider IronNet, and specialist vendor Barac – all offer some degree of ETI capability today.

 Cyberscoop - Chinese hacking groups are bullying telecoms as 2020 goes on, CrowdStrike says -

Six suspected Chinese hacking groups have zeroed-in on entities in the telecommunications sector in the first half of this year, according to CrowdStrike research published Tuesday.

While CrowdStrike did not identify the groups by name, attackers have likely been running their hacking operations in an effort to steal sensitive data about targets, or to conduct intellectual property theft, researchers at the threat intelligence firm determined. CrowdStrike also did not identify the targets.

Okta - CrimeOps: The Operational Art of Cyber Crime -

The secret of FIN7’s success is their operational art of cyber crime. They managed their resources and operations effectively, allowing them to successfully attack and exploit hundreds of victim organizations. FIN7 was not the most elite hacker group, but they developed a number of fascinating innovations. Looking at the process triangle (people, process, technology), their technology wasn’t sophisticated, but their people management and business processes were. 

Their business… is crime! And every business needs business goals, so I wrote a mock FIN7 mission statement:

Our mission is to proactively leverage existing long-term, high-impact growth strategies so that we may deliver the kind of results on the bottom line that our investors expect and deserve.

How does FIN7 actualize this vision? This is CrimeOps:

  • Repeatable business process 
  • CrimeBosses manage workers, projects, data and money.
  • CrimeBosses don’t manage technical innovation. They use incremental improvement to TTP to remain effective, but no more 
  • Frontline workers don’t need to innovate (because the process is repeatable)

 BBC - Boeing's 'culture of concealment' to blame for 737 crashes

The US report is highly critical of both Boeing and the regulator, the Federal Aviation Authority (FAA).

"Boeing failed in its design and development of the Max, and the FAA failed in its oversight of Boeing and its certification of the aircraft," the 18-month investigation concluded.

Threatpost - Report Looks at COVID-19’s Massive Impact on Cybersecurity -

Cynet found that cybercriminals are not just “sort of” leveraging the COVID-19 pandemic, they’re going all in.  Cybercriminals are pulling out their entire arsenal of new attack methods to best ensure attack success. This is like a sports team using all the new plays they’ve developed in one game rather than spreading them out across the season.

The report states that the percentage of attacks using new techniques has historically been around 20%.  That is, 80% of attacks have used well-known techniques that are easily identified assuming companies have updated preventative measures in place.

Since the start of the COVID-19 pandemic, Cynet found that new attacks jumped to roughly 35% of all attacks.  New attack techniques cannot be sufficiently detected by antivirus software alone and can only be effectively discovered using newer behavioral detection mechanisms.  That is, the new detection approaches must be used to detect the new attack techniques being deployed.

 Help Net Security - How security theater misses critical gaps in attack surface and what to do about it -

The insurance industry employs actuaries to help quantify and manage the risks insurance underwriters take. The organizations and individuals that in-turn purchase insurance policies also look at their own biggest risks and the likelihood they will occur and opt accordingly for various deductibles and riders.

Things do not work the same way when it comes to cyber security. For example: Gartner observed that most breaches are the result of a vulnerability being exploited. Furthermore, they estimate that 99% of vulnerabilities exploited are already known by the industry and not net-new zero-day vulnerabilities.

How is it possible that well known vulnerabilities are a significant conduit for attackers when organizations collectively spend at least $1B on vulnerability scanning annually? Among other things, it’s because organizations are practicing a form of security theater: they are focusing those vulnerability scanners on what they know and what is familiar; sometimes they are simply attempting to fulfill a compliance requirement.

NYTimes - Police or Prosecutor Misconduct Is at Root of Half of Exoneration Cases, Study Finds -

According to the report, by the National Registry of Exonerations, official misconduct contributed to false convictions in 54 percent of exonerations, usually with more than one type of misconduct. Over all, men and Black exonerees “were modestly more likely to experience misconduct,” although there were larger differences by race when it came to drug crimes and murder

 /r/Netsec - Lateral Movement Detection GPO Settings Cheat Sheet 

Twitter - 

15 weeks left, publishing my next book. Jam packed with pen testing, GPEN & OSCP prep, exam questions, tools & virtual machines. Looking for testers, RT for coverage

Tuesday, September 15, 2020

What I Am Reading 9/15/2020 - Nothing has really changed 3 years after the Equinox hack and The US has Dropped the Ball On Innovation

 Errata Security - Cliché: Security through obscurity (yet again) -

Obscurity has problems, always, even if it's just an additional layer in your "defense in depth". The entire point of the fallacy is to counteract people's instinct to suppress information. The effort has failed. Instead, people have persevered in believing that obscurity is good, and that this entire conversation is only about specific types of obscurity being bad.

Schneier on Security -  The Third Edition of Ross Anderson’s Security Engineering -

Coming in December 2020

IT Security Guru - Study identifies gaps in corporate cybersecurity systems -

A survey of 13,000 remote workers conducted by Trend Micro has discovered that almost 40% are accessing company data from their personal computers, tablets and phones. 

 Threatpost - Office 365 Phishing Attack Leverages Real-Time Active Directory Validation -

In the phishing attack, access to this immediate feedback “allows the attacker to respond intelligently during the attack,” researchers with Armorblox said on Thursday. “The attacker is also immediately aware of a live compromised credential and allows him to potentially ingratiate himself into the compromised account before any remediation.”

Yahoo - Feds ‘Very Concerned’ About AstraZeneca Vaccine Side Effect -

The Food and Drug Administration is weighing whether to follow British regulators in resuming a coronavirus vaccine trial that was halted when a participant suffered spinal cord damage, even as the National Institutes of Health has launched an investigation of the case.


A great deal of uncertainty remains about what happened to the unnamed patient, to the frustration of those avidly following the progress of vaccine testing. AstraZeneca, which is running the global trial of the vaccine it produced with Oxford University, said the trial volunteer recovered from a severe inflammation of the spinal cord and is no longer hospitalized.

BBC -  Ex-Google boss Eric Schmidt: US 'dropped the ball' on innovation -

In the battle for tech supremacy between the US and China, America has "dropped the ball" in funding for basic research, according to former Google chief executive Eric Schmidt.

And that's one of the key reasons why China has been able to catch up.

Dr Schmidt, who is currently the Chairman of the National Security Commission on Artificial Intelligence, said he thinks the US is still ahead of China in tech innovation, for now.

 Threatpost - Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.

Patches are currently available for all these flaws – and in some cases, have been available for over a year – however, the targeted organizations had not yet updated their systems, leaving them vulnerable to compromise, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in a Monday advisory. CISA claims the attacks were launched by threat actors affiliated with the Chinese Ministry of State Security.

Related - Cyberscoop - Chinese intelligence-linked hackers are exploiting known flaws to target Washington, US says -

Hackers connected to a Chinese intelligence agency have infiltrated U.S. government and the private sector entities in recent months by exploiting a series of common vulnerabilities, the FBI and Department of Homeland Security’s cybersecurity agency announced Monday.

Attackers tied to China’s civilian intelligence and counterintelligence service, the Ministry of State Security (MSS), have been using phishing emails with malicious links to infiltrate victim organizations, according to the alert. By including malicious software in those messages, hackers are exploiting software flaws in commercial technologies and open-source tools, including services with known fixes. F5 Networks’ Big-IP Traffic Management User Interface, Citrix VPN Appliances, Pulse Secure VPN appliances, and Microsoft Exchange Server are among those affected, says the report from the FBI and DHS’ Cybersecurity and Infrastructure Security Agency (CISA).

 Threatpost - Chinese database detailing 2.4 million influential people, their kids, their addresses, and how to press their buttons revealed -

A US academic has revealed the existence of 2.4-million-person database he says is compiled by a Chinese company known to supply intelligence, military, and security agencies. The academic alleges the purpose of the database is enabling overseas influence operations to be conducted against prominent or influential people outside China.

That company is Shenzhen Zhenhua and the academic is Chris Balding, an associate professor at the Fulbright University Vietnam.

Balding and security researcher Robert Potter have co-authored a paper [PDF] claiming the trove is known as the “Overseas Key Information Database” (OKIDB) and that 10 to 20 per cent of it appears not to have come from any public source of information. The co-authors do not rule out hacking as the source of that data, but also say they can find no evidence of such activity.

SC magazine - What’s really changed three years after Equifax breach?   -

“Unfortunately, not much has changed,” said Greg Foss, senior threat researcher from VMware Carbon Black.

The breach led to significant fines and the retirement of Equifax’s chief executive and chief information officer, congressional probes and proposed legislative and regulatory changes. It also saw the credit monitoring company take a huge hit to its reputation.

But even with lessons from the Equifax breach looming large, organizations still are caught flat-footed by similar threats, in part because those threats continue to evolve and proliferate – and attackers are persistent. 

Threatpost - Critical Flaws in 3rd-Party Code Allow Takeover of Industrial Control Systems -

Six critical vulnerabilities have been discovered in a third-party software component powering various industrial systems. Remote, unauthenticated attackers can exploit the flaws to launch various malicious attacks – including deploying ransomware, and shutting down or even taking over critical systems.

The flaws exists in CodeMeter, owned by Wibu-Systems, which is a software management component that’s licensed by many of the top industrial control system (ICS) software vendors, including Rockwell Automation and Siemens. CodeMeter gives these companies tools to bolster security, help with licensing models, and protect against piracy or reverse-engineering.