On 13 September 2021, researchers from Citizen Lab disclosed FORCEDENTRY: a zero-click vulnerability impacting pretty much all Apple operating systems based on a flaw in the CoreGraphics rendering application. As a zero-click (i.e., requiring no user interaction) vulnerability, FORCEDENTRY represents a deeply concerning technical problem. Yet based on Citizen Lab’s Read more
Questions concerning responsibility for the current epidemic of ransomware events are common, and seek to identify some concrete party to hold accountable for incidents. Yet the immediate perpetrators – largely (but not exclusively) criminal gangs operating in Eastern Europe and Russia – either represent too remote an entity for blame, Read more
The information security industry finds itself, as of this writing, in the midst of a ransomware pandemic. While Business Email Compromise (BEC) likely remains more financially successful overall, much of this success is due to far wider scope and selection of victims. Ransomware, while potentially less costly in a direct Read more
Following the ransomware incident impacting Colonial Pipeline operations in May 2021, many parties asked how such a disruption, impacting one of the main arteries delivering refined petroleum products to the Eastern and Southeastern United States, could occur. Based on information available, the intrusion did not directly impact Industrial Control Systems Read more
In April 2021 the Babuk ransomware gang, already a concerning entity, gained additional notoriety for compromising the Washington, DC police department. As part of this incident, the criminals threatened to release confidential files relating to police operations to spur payment. The group in question earlier gained attention for the combination Read more
Note: On 21 March 2023, website GCN reported that the “hack” was actually an employee error. More worringly, statements from the city manager at the time indicate this was known from the outset, yet still resulted in several investigations from local and federal law enforcement. Interestingly, this story has not Read more
One of the penultimate, and more poignant, episodes of the television series Band of Brothers was “Why We Fight.” The episode highlighted how, although the members of the unit followed through the series faced multiple trials and setbacks, the discovery of concentration camps emphasized the necessity for continuing the struggle Read more
On 09 December 2020, details emerged concerning network infrastructure I’d previously identified as suspicious on 07 December: Further research and investigation showed that the domains in question – which were relocated from “.org” to “.us” infrastructure – were hosting “kill lists” comprising politicians, civil servants, and employees of Dominion Voting Read more
08 December 2020 will be remembered as a significant day in information security history. On that day, information security giant and, through its Mandiant division, pioneer FireEye disclosed that they were compromised by a likely state-sponsored entity. (Specific attribution is lacking at this time, although there are rumors APT29/Cozy Bear Read more
“Energetic Bear” (also known as Dragonfly, Crouching Yeti, etc. etc.) has been in the news lately given a recent series of intrusions targeting local government and critical infrastructure entities in the United States. While the group has gained attention recently, its activities go back at least a decade with the Read more