Brett Callow

@brett@infosec.exchange
1.2K Followers
154 Following
2.5K Posts
Managing Director, Cybersecurity & Data Privacy Comms @ FTI Consulting
Join me for my keynote at the ISC2 Canada Chapters' meeting "Guardians of the Digital North" where I will present "Examination of Emerging Threats and Strategies for Robust, Proactive Defence Mechanisms." It should be a great series of talks and for those of you who collect them there are CVEs in there! In-person is sold out, but on online version is still available for registration for next Thursday. https://www.eventbrite.ca/e/2024-canadian-isc2-chapters-conference-tickets-1010707853397?aff=ebdsoporgprofile #InfoSec
2024 Canadian ISC2 Chapters' Conference

The 2nd Canadian ISC2 Chapters' Conference - Guardians of the Digital North: Building Cyber Resilience Across Canada

Eventbrite

A very busy ~ this week in security ~ is now out:

• U.S. charges Russian GRU hackers over Ukraine hacks
• London transit authority hit by cyberattack
• Ransomware roundup: Seattle's libraries, Halliburton
• Spyware makers are thwarting sanctions
• That very difficult YubiKey side-channel attack
• Why the White House wants to fix BGP
• Plus: a brand new cyber cat, and more.

Sign up/RSS: https://this.weekinsecurity.com

Read online: https://mailchi.mp/weekinsecurity/this-week-in-security-september-8-2024-edition

Support/donate: https://ko-fi.com/thisweekinsecurity

~this week in security~

a free cybersecurity newsletter by @zackwhittaker, delivered weekly.

This, btw, concludes Wired's coverage of hacker con season, in which everyone debuts their new hacking tricks at Black Hat/Defcon/Usenix. Our many, many stories can be read here:

https://www.wired.com/category/security/

Hopefully we helped get broken stuff fixed and made new friends along the way.

Security News: Cybersecurity, Hacks, Privacy, National Security

Get in-depth security coverage at WIRED including cyber, IT and national security news.

WIRED
Today at Defcon, security researchers plan to show it's possible to clone HID keycards by extracting highly protected authentication keys from HID's hardware, lowering the barrier to hackers spoofing cards to access secure areas in facilities worldwide. https://www.wired.com/story/hid-keycard-authentication-key-vulnerability
How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards

A team of researchers have developed a method for extracting authentication keys out of HID encoders, which could allow hackers to clone the types of keycards used to secure offices and other areas worldwide.

WIRED

A new edition of ~ this week in security ~ just hit inboxes:

•​​ Ransomware gangs target ESXi bug
•​​ U.K. slaps Electoral Commission over voter rolls breach
•​​ DDoS hits Azure, and a bug only made it worse
•​​ Hacker gets free CSC laundry for life
•​​ Dating apps bugs leaked near-precise locations
•​​ Some depressing data breaches (sorry)
• ​​A very cute cyber-cat, and more.

Sign up/RSS: https://this.weekinsecurity.com

Read online: https://mailchi.mp/weekinsecurity/this-week-in-security-august-4-2024-edition

Support/donate: https://ko-fi.com/thisweekinsecurity

~this week in security~

a free cybersecurity newsletter by @zackwhittaker, delivered weekly.

Microsoft now says the CrowdStrike crash hit 8.5 million Windows machines. https://blogs.microsoft.com/blog/2024/07/20/helping-our-customers-through-the-crowdstrike-outage/

I think that's the biggest disruption of computers ever. (Though maybe not the worst, given NotPetya and WannaCry did more lasting damage to hundreds of thousands of machines.)

Helping our customers through the CrowdStrike outage - The Official Microsoft Blog

On July 18, CrowdStrike, an independent cybersecurity company, released a software update that began impacting IT systems globally. Although this was not a Microsoft incident, given it impacts our ecosystem, we want to provide an update on the steps we’ve taken with CrowdStrike and others to remediate and support our customers.  Since this event began,...

The Official Microsoft Blog

Cancer patient forced to make terrible decision after Qilin attack on London hospitals. #ransomware

https://www.theregister.com/2024/07/05/qilin_impacts_patient/

Cancer patient forced to make terrible decision after Qilin attack on London hospitals

Skin-sparing mastectomy and breast reconstruction scrapped as result of ransomware at supplier

The Register

Yesterday was pub day for the UK edition of Tracers in the Dark, with a new title: Lords of Crypto Crime.

To all the UK and Aussie folks bugging me about this for the last 18 months, thank you for your patience and hope you enjoy!

https://www.amazon.co.uk/Lords-Crypto-Crime-Invisible-Kingpins-ebook/dp/B0CC8XHV3P

Lords of Crypto Crime: The Race to Bring Down the World’s Invisible Kingpins eBook : Greenberg, Andy: Amazon.co.uk: Kindle Store

Lords of Crypto Crime: The Race to Bring Down the World’s Invisible Kingpins eBook : Greenberg, Andy: Amazon.co.uk: Kindle Store

National Crime Agency leads international operation to degrade illegal versions of Cobalt Strike

https://www.nationalcrimeagency.gov.uk/news/national-crime-agency-leads-international-operation-to-degrade-illegal-versions-of-cobalt-strike

Hackers con parents into ‘paying extra’ to secure place at Fettes College.

https://www.telegraph.co.uk/news/2024/07/02/hackers-private-school-place-fettes-college-scotland/

Hackers con parents into 'paying extra' to secure place at Fettes College

Families keen to send their children to the elite boarding school in Edinburgh handed over ‘large sums’ of cash

The Telegraph