The SolarWinds hacks have been described in every media outlet and new source, making this incident perhaps the most widely reported cyber incident to date. This report provides context on this incident, including the “so-what” of the incident and actionable insights into what likely comes next.
Over the past few weeks, Iran has experienced an alarming amount of explosions occurring at various critical infrastructure locations. This post recaps explosions reported in the media and adds context which may help assess what will come next.
At the time of this writing, 11 major events have been reported. Iran is a closed society and there may be many other events that have not been reported.
A list of the top 10 routinely exploited vulnerabilities has been provided in a new joint alert distributed via the U.S. CERT website. This alert was issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the broader US Government to provide technical guidance for security professionals in both the public and private sectors. This document aims to draw awareness to the most common vulnerabilities being exploited by threat actors. Foreign cyber actors frequently exploit dated and publicly known software vulnerabilities, as they often require fewer attacker resources. Therefore, the public and private sectors could mitigate some foreign cyber threats to US interests through an increased effort to patch their systems in accordance with the vulnerabilities listed in the alert.
In February, the Department of Justice’s Cybersecurity Unit published a document that focuses on the risks practitioners face when gathering intelligence from online sources like the Darknet and what the ramifications of certain actions are when performing intelligence collection. The publication highlights several hypothetical situations in which the practitioner may face legal consequences for missteps when interacting with Darknet sellers and obtaining information from these forums.