|
|||||||
BS: Global Hack alert |
Share Thread
|
Subject: BS: Global Hack alert From: Donuel Date: 18 Jun 23 - 08:15 AM https://www.wyff4.com/article/us-government-agencies-global-cyberattack/44211397# |
Subject: RE: BS: Global Hack alert From: Backwoodsman Date: 18 Jun 23 - 08:36 AM ”Sorry, this content is not available in your region.” ‘Global’?? |
Subject: RE: BS: Global Hack alert From: Steve Shaw Date: 18 Jun 23 - 09:01 AM Typical Donuel. He puts up a link, he adds no commentary whatsoever and when you open it it's either irrelevant rubbish or unavailable. I've given my clicking finger a severe bollocking. |
Subject: RE: BS: Global Hack alert From: Dave the Gnome Date: 18 Jun 23 - 09:41 AM This one? The link is Reuters so should work everywhere |
Subject: RE: BS: Global Hack alert From: Mr Red Date: 19 Jun 23 - 02:39 PM I thought the DoE were experts in knowing where viruses started! |
Subject: RE: BS: Global Hack alert From: Stilly River Sage Date: 19 Jun 23 - 03:49 PM This was in the news last week. From Don's article: The U.S. Cybersecurity and Infrastructure Security Agency “is providing support to several federal agencies that have experienced intrusions affecting their MOVEit applications,” Eric Goldstein, the agency’s executive assistant director for cybersecurity, said in a statement on Thursday to CNN, referring to the software impacted. “We are working urgently to understand impacts and ensure timely remediation.” |
Subject: RE: BS: Global Hack alert From: Donuel Date: 20 Jun 23 - 07:04 AM The app MOVEit had a vulnerability that has led to a massive data theft in institutions universities insurance companies and others. Only a select few have had ransom demands but even our health insurance has its personal data stolen. THE HACKERS HAD A 2 WEEK head start. Forensics are just beginning to unravel the massive theft |
Subject: RE: BS: Global Hack alert From: DaveRo Date: 20 Jun 23 - 07:59 AM MOVEit had three vulnerabilities - so far. Once the first one was discovered, people looked hard and found more. Third MOVEit bug fixed a day after PoC exploit made public It's a common pattern. Meanwhile, here in the UK many government IT system use out-of-support software, with known unpatchable vulnerabilities: ‘It could be taken down by an enthusiastic child’: Whitehall wide open to cyber-attack, warn campaigners Some of that is scaremongering; the enthusiastic child would have to gain phyical or remote access though firewalls, but the general point is valid. |
Subject: RE: BS: Global Hack alert From: MaJoC the Filk Date: 20 Jun 23 - 12:50 PM > Some of that is scaremongering Some alleged systems administrators *need* scaring. In system security, paranoia really is your only friend. > the enthusiastic child would have to gain phy[s]ical or remote access > though firewalls Put not your trust in firewalls, nor in any locks and keys. Relying solely, or even majorly, on having put a firewall around all of one's vulnerable systems is what I call the Eggshell Security Model: once someone's got through the hardened periphery, everything goes runny. (And these days the site periphery, for many good business reasons, is more a line in the sand than a stockade fence.) Defence in depth is the name of the game here, including hardening the user-level systems, and keeping them fully patched. .... Sorry about that. After a quarter of a century of being an admin with a systems-security fetish, and having had to clear up after multiple successful script-kiddie attacks, the stain goes deep. |