Background On 12 April 2022, the Ukrainian CERT and ESET disclosed the existence of Industroyer2, a successor to the malware targeting Ukrainian electric distribution and transmission operations in 2016. Industroyer2 arrived after multiple disruptive cyber incidents of varying degrees of success surrounding Russia’s brutal invasion of Ukraine, as presented in Read more
Iranian security company Amnpardaz Soft published an intriguing report on 28 December 2021 concerning a firmware-level rootkit in HP Integrated Lights Out (iLO) products. While frustratingly containing no Indicators of Compromise (IOCs) – not so much for defensive purposes, but for validating research and independently analyzing artifacts – the report Read more
While the end of 2020 was dominated by Nobelium’s supply chain intrusions, 2021 closes with continued worry and response over vulnerabilities in the widely-deployed Log4j library. Starting in earnest on 10 December 2021 with public disclosure of CVE-2021-44228, information security practitioners and security program managers have subsequently dealt with a Read more
One of the penultimate, and more poignant, episodes of the television series Band of Brothers was “Why We Fight.” The episode highlighted how, although the members of the unit followed through the series faced multiple trials and setbacks, the discovery of concentration camps emphasized the necessity for continuing the struggle Read more
“Energetic Bear” (also known as Dragonfly, Crouching Yeti, etc. etc.) has been in the news lately given a recent series of intrusions targeting local government and critical infrastructure entities in the United States. While the group has gained attention recently, its activities go back at least a decade with the Read more
Few arguments are more frustrating to deal with than those which include compelling, accurate observations to plaster over selective examples and willful misrepresentation. Such is the case with a recent video posted by Ralph Langner concerning ICS-specific cyber threat intelligence (CTI). Langner makes some astute observations concerning the industrial threat Read more
TrickBot was in the news quite a bit in early October 2020. Starting with reports of TrickBot disruption in late September 2020 subsequently linked to United States Cyber Command (USCC), events ramped up with an independent coordinated infrastructure take-down organized by Microsoft coming shortly thereafter. There are many avenues of Read more
A common social media refrain in technology circles is the complaint of becoming “too political” – that content producers should focus on technical or professional subjects while avoiding charged, politically-tinged areas. This sentiment has always rung somewhat hollow to me as the concept of the political can be viewed as Read more
Note: This post was edited in response to feedback concerning Tyler Technologies and the fundamental claims of the original article. With respect to Tyler, while the company certainly provides extensive support and software products to local governments, a review of the company’s offerings shows nothing specific to election reporting or Read more
On 16 July 2020, the United Kingdom’s National Cyber Security Centre (NCSC), with support and contributions from the Canadian Communications Security Establishment (CSE) and the United State’s National Security Agency (NSA), released a report tying recent intrusions in vaccine research organizations (as well as other industries) to Russian-linked adversary APT29. Read more