Feb 20 2021

How safe is our water supply from cyberattacks?

Category: Cyber AttackDISC @ 6:52 pm
How safe is our water supply from cyberattacks?

Our sister station WFLA in Tampa Florida reported earlier this month that a hacker altered the levels of chemicals in the water supply of a Florida city to ‘potentially damaging’ levels. A plant operator at a water treatment facility in Oldsmar, Florida noticed someone had remotely accessed the computer system he was monitoring and increased the sodium hydroxide levels in the city’s water substantially.

The hack was caught before anyone was hurt by it, but KX wanted to know: how safe is our local water supply from cybersecurity threats? So, we went to the Bismarck Water Treatment Plant to find out.

“We’re well aware of what happened in Florida, it definitely reached the news nationwide and it really is relevant for drinking water systems. Our drinking water system, it would not be possible to do the same type of activity.”

Feb 19 2021

Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning

Category: Cyber Attack,Cybercrime,MalwareDISC @ 9:34 am
Experts spotted the first malware tailored for Apple M1 Chip, it is just the beginning

Apple launched its M1 chip and cybercriminals developed a malware sample specifically for it, the latest generation of Macs are their next targets.

The popular security researcher Patrick Wardle discovered one of the first malware designed to target latest generation of Apple devices using the company M1 chip.

The discovery suggests threat actors are tailoring their malware to target the latest generation of Mac devices using the own processors.

Wardle discovered a Safari adware extension, tracked as GoSearch22, that was initially developed to run on Intel x86 chips, and now it was adapted to run on M1 chips.

“What we do know is as this binary was detected in the wild (and submitted by a user via an Objective-See tool) …so whether it was notarized or not, macOS users were infected.” reads the analysis published by Wardle. “Looking at the (current) detection results (via the anti-virus engines on VirusTotal), it appears the GoSearch22.app is an instance of the prevalent, yet rather insidious, ‘Pirrit’ adware:”

Feb 15 2021

Chinese Supply-Chain Attack on Computer Systems

Category: Cyber Attack,Cyber Espionage,Cyber SpyDISC @ 11:41 am
Chinese Supply-Chain Attack on Computer Systems

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret:

China’s exploitation of products made by Supermicro, as the U.S. company is known, has been under federal scrutiny for much of the past decade, according to 14 former law enforcement and intelligence officials familiar with the matter. That included an FBI counterintelligence investigation that began around 2012, when agents started monitoring the communications of a small group of Supermicro workers, using warrants obtained under the Foreign Intelligence Surveillance Act, or FISA, according to five of the officials.

There’s lots of detail in the article, and I recommend that you read it through.

Tags: Chinese espionage, Supply-Chain Attack

Feb 12 2021

Attack against Florida Water Treatment Facility

Category: Cyber AttackDISC @ 12:08 pm
Attack against Florida Water Treatment Facility

Jan 22 2021

SVR Attacks on Microsoft 365

Category: Cyber AttackDISC @ 12:27 am
SVR Attacks on Microsoft 365

Jan 20 2021

Sophisticated Watering Hole Attack

Category: Cyber AttackDISC @ 3:11 pm
Sophisticated Watering Hole Attack

Google’s Project Zero has exposed a sophisticated watering-hole attack targeting both Windows and Android:

Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers (both companies have since patched the security flaws). The hackers delivered the exploits through watering-hole attacks, which compromise sites frequented by the targets of interest and lace the sites with code that installs malware on visitors’ devices. The boobytrapped sites made use of two exploit servers, one for Windows users and the other for users of Android

The use of zero-days and complex infrastructure isn’t in itself a sign of sophistication, but it does show above-average skill by a professional team of hackers. Combined with the robustness of the attack code — ­which chained together multiple exploits in an efficient manner — the campaign demonstrates it was carried out by a “highly sophisticated actor.”

Nov 08 2020

FBI: Hackers stole source code from US government agencies and private companies

Category: Cyber Attack,Cyber Espionage,Cyber Threats,Cybercrime,HackingDISC @ 2:22 pm

FBI blames intrusions on improperly configured SonarQube source code management tools.

FBI officials say that threat actors have abused these misconfigurations to access SonarQube instances, pivot to the connected source code repositories, and then access and steal proprietary or private/sensitive applications.

Officials provided two examples of past incidents:

“In August 2020, unknown threat actors leaked internal data from two organizations through a public lifecycle repository tool. The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations’ networks.

“This activity is similar toa previous data leak in July 2020, in which an identified cyber actor exfiltrated proprietary source code from enterprises throughpoorly secured SonarQube instances and published the exfiltrated source codeon a self-hosted public repository.”

Source: FBI: Hackers stole source code from US government agencies and private companies | ZDNet





Oct 01 2020

List of data breaches and cyber attacks in September 2020 – 267 million records breached 

Category: Cyber Attack,Data BreachDISC @ 10:09 am

Take a look at the top data breaches and cyber attacks in September, as well as our full list of 102 incidents.

Source: List of data breaches and cyber attacks in September 2020 – 267 million records breached – IT Governance UK Blog


    Data Breaches: Crisis and Opportunity




Jul 03 2020

Alleged cyber attacks caused explosions at facilities in Iran

Category: Cyber AttackDISC @ 12:01 pm

The root cause of a series of explosions at important Iranian facilities may be cyberattacks allegedly launched by Israel.

Source: Alleged cyber attacks caused explosions at facilities in Iran

Stuxnet 2? Iran Hints Nuclear Site Explosion Could Be A Cyberattack

Stuxnet 0.5: The Missing Link

How Israel Rules The World Of Cyber Security | VICE on HBO
httpv://www.youtube.com/watch?v=ca-C3voZwpM

Israel said to be behind cyber attack on Iranian port
httpv://www.youtube.com/watch?v=9XVIrXHtpeg

Explore the subject of Cyber Attack

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles




Jun 21 2020

Digital Downfall: Technology, Cyberattacks and the End of the American Republic

Category: Cyber Attack,HackingDISC @ 1:34 pm

Digital Downfall: Technology, Cyberattacks and the End of the American Republic…

Source: Digital Downfall: Technology, Cyberattacks and the End of the American Republic:

Is America on the brink of civil war?

Could foreign cyber plots turn Americans against one another and cause a disastrous domestic conflict?

What would happen if the lights went out and the technology we rely upon to run American life is no longer available?

The present dangers are real. The US is more vulnerable to destructive foreign interference today than it has been in over a century. As Russia and China realize they can’t win shooting wars against the US, they have devised new and cunning ways to destabilize American politics and cripple the US economy. Cyber meddling in elections, disinformation campaigns, abuse of social media to widen racial and political divides, and the theft of military data are just some of the malicious acts threatening the Republic. Digital Downfall examines the potential effects of such attacks, with a look at:

  • The vulnerability of the US to cyber attack
  • American technological weaknesses that could be exploited by our enemies
  • How the US military could be affected by cyberwar
  • The possibility that the American Republic we know could be destroyed
  • America’s relationship with racism
  • What the future may hold

And more…The dangers posed by external sources can only be real when the internal politics of the United States is in a fragile state. The past four years bear testimony to this political decline as does every passing day of the Trump presidency.The perfect storm of external interference, a rampant and deadly pandemic, and a culture of racism that will no longer be tolerated is upon us.Who knows where it will lead to, or what will be left at the end.

Digital security – threats, risks and how to protect yourself
httpv://www.youtube.com/watch?v=QbyAVsbtGh0

How to protect your online privacy in 2020 | Tutorial
httpv://www.youtube.com/watch?v=jxeeKKfjb5o

Take an awareness quiz to test your basic cybersecurity knowledge

Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email




Tags: Digital Downfall

Jun 16 2020

Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found

Category: Cyber Attack,Cyber Espionage,Cyber resilience,cyber security,Cyber Threats,Cyber War,CybercrimeDISC @ 10:19 am

The publication of ‘Vault 7’ cyber tools by WikiLeaks marked the largest data loss in agency history, a task force concluded.

The theft of top-secret computer hacking tools from the CIA in 2016 was the result of a workplace culture in which the agency’s elite computer hackers “prioritized building cyber weapons at the expense of securing their own systems,” according to an internal report prepared for then-director Mike Pompeo as well as his deputy, Gina Haspel, now the current director.

Source: Elite CIA unit that developed hacking tools failed to secure its own systems, allowing massive leak, an internal report found.

Wikileaks Vault 7: What’s in the CIA Hacking Toolbox?
httpv://www.youtube.com/watch?v=X45Bb8O-gMI

CIA Hacking Tools Released in Wikileaks Vault 7 – Threat Wire
httpv://www.youtube.com/watch?v=5LYSjLwkAo4

Download a Security Risk Assessment steps paper!

Download a vCISO template

Take an awareness quiz to test your basic cybersecurity knowledge

Subscribe to DISC InfoSec blog by Email




Jun 24 2019

OpenSSH introduces a security feature to prevent Side-Channel Attacks

Category: Cyber AttackDISC @ 1:37 pm

OpenSSH introduces a new feature to prevent Side-Channel attacks, latest release encrypts secret keys in memory as temporary solution.

Source: OpenSSH introduces a security feature to prevent Side-Channel Attacks




Enter your email address:

Delivered by FeedBurner




May 29 2019

Flipboard says hackers stole user details | ZDNet

Category: Cyber Attack,Hacking,Security BreachDISC @ 12:16 pm

Extent of the hack is unknown, but Flipboard said hackers had access to its systems for almost nine months.

Source: Flipboard says hackers stole user details | ZDNet

Flipboard confirms database hack, resets all user passwords

  • InfoSec Breaches


    •  Subscribe in a reader




    May 26 2019

    Uncovering Linux based cyberattack using Azure Security Center

    Category: Cyber Attack,Linux SecurityDISC @ 3:55 pm

    Azure Security Center, Microsoft’s cloud-based cyber solution helps customers safeguard their cloud workloads as well as protect them from these threats.

    Source: Uncovering Linux based cyberattack using Azure Security Center







     Subscribe in a reader




    Tags: cyber attack

    « Previous Page