14 Jan 2020

Vulnerabilities, the Search for Buried Treasure, and the US Government

Most weeks, it is far outside the normal job responsibilities for cybersecurity professionals to understand what the United States (or other governments) do to find or use computer vulnerabilities. Just stay patched and keep the board of directors happy. This is not one of those weeks.

This week we learned that the National Security Agency disclosed to Microsoft that it had discovered a major vulnerability (dubbed CVE-2020-0601) in Windows 10. A Washington Post article, by veteran cyber journalist Ellen Nakashima, declared this to be a “a major shift in the NSA’s approach, choosing to put computer security ahead of building up its arsenal of hacking tools that allow the agency to spy on adversaries’ networks.”

Read More
10 Dec 2019

Maersk CISO Says NotPeyta Devastated Several Unnamed US firms

Maersk Chief Information Security Officer Andrew Powell stated at Black Hat Europe 2019 that he believes that 600 countries across the globe were damaged by NotPetya around the time of the Maersk attack. He stated that any company doing business in Ukraine at the time of the attack was hit.

Read More
08 Nov 2018

Troubled Waters: How A New Wave of Cyber-Attacks is Targeting Maritime Trade

“The historical ‘air gap’ separating industrial control systems from enterprise networks meant that factories and shipyards were more or less immune to cyber-attack. As long as systems were air-gapped it didn’t matter how pernicious or effective the cyber-threat became, we felt confident that these virtual concerns couldn’t impact our physical

Read More