David Krause

@krausedw@defcon.social
99 Followers
408 Following
48 Posts
David Krause is an information security professional specializing in threat intelligence.
Views expressed are my own and not those of my employer.
Websitehttps://www.davidkrause.com/
David KrauseSep 30, 2024

Here we go, more posturing that ultimately doesn't fix the problem. :(

https://therecord.media/counter-ransomware-initiative-washington-meeting-2024

Here's what to expect from the Counter Ransomware Initiative meeting this week

The fourth annual gathering of the Counter Ransomware Initiative will include “significant, major new deliverables” according to Anne Neuberger, the U.S. deputy national security adviser.

David KrauseSep 30, 2024

I saw a great comment on Reddit in response to "Why do some people prefer Unix to Linux": https://www.reddit.com/r/freebsd/comments/1fjtg9v/comment/lnqiylg/

#FreeBSD #NetBSD #OpenBSD

David KrauseJul 9, 2024
The best article I’ve seen so far on this:
OFAC the Ransomware Gangs
https://www.lawfaremedia.org/article/ofac-the-ransomware-gangs
OFAC the Ransomware Gangs

It is time for OFAC to designate every ransomware gang by default.

Default
David KrauseMar 9, 2024
We also need the federal government "to drastically step up its game when it comes to" stopping ransomware and other cyberattacks. Cyber hygiene only goes so far and terrorists will keep up with any improvements. We need more law enforcement and covert/overt kinetic actions along with legislation to support that including banning ransomware payments. Otherwise we might as well just pay the terrorists 100% of the time. And, yes I said terrorists, because that's what they are and should be sanctioned as such.
https://www.warner.senate.gov/public/index.cfm/2024/3/statement-of-sen-warner-on-change-healthcare-cyberattack
Statement of Sen. Warner on Change Healthcare Cyberattack

WASHINGTON – Today, U.S. Sen. Mark Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, released the following statement on the cybersecurity incident at Change Healthcare: “This ransomware attack on a major health care company should surprise no one. For some time, I have been sounding the alarm on the need for the entire health care sector to drastically step up its game when it comes to cybersecurity. We’ve previously seen incidents that have caused regional disruptions in clinical care, and it was only a matter of time before one disrupted the ability to treat patients nationwide. “The U.S. Department of Health and Human Services is working around the clock to help health care providers navigate the attack, and I urge them to ensure all Medicare providers can receive advance and accelerated payments to help them ride this crisis out. If HHS requires additional authorities from Congress to support providers during this time, it’s critical we know that so that we can act as soon as possible. “This attack demonstrates that we need to have backup plans in place for such incidents. I plan to write and introduce legislation that would provide for accelerated and advanced payments to providers and vendors to protect them in the event of future disruptions, as long as they meet minimum cybersecurity standards. “While the repercussions of this incident have been primarily – though not wholly – financial, what keeps me up at night is the possibility of a similar widespread attack directly affecting patient care and safety. That is why it is time to consider mandatory cyber hygiene standards for health care providers and their vendors. Sterilization and hand hygiene practices prevent infections – and cyber hygiene practices prevent cyber intrusions. Both are critical to protect patients.” Sen. Warner has been a leader in the cybersecurity realm throughout his time in the Senate, crafting numerous pieces of legislation aimed at addressing these threats facing our nation. Recognizing that cybersecurity is an increasingly complex issue that affects the health, economic prosperity, national security, and democratic institutions of the United States, Sen. Warner cofounded the bipartisan Senate Cybersecurity Caucus in 2016. A year later, in 2017, he authored the Internet of Things (IoT) Cybersecurity Improvement Act. This legislation, signed into law by President Donald Trump in December 2020, requires that any IoT device purchased with federal funds meet minimum security standards. As Chairman of the Senate Select Committee on Intelligence, Sen. Warner co-authored legislation that requires companies responsible for U.S. critical infrastructure report cybersecurity incidents to the government. This legislation was signed into law by President Joe Biden as part of the Consolidated Appropriations Act in March 2022. Sen. Warner has also examined cybersecurity in the health care sector specifically. In 2022, Sen. Warner authored “Cybersecurity is Patient Safety,” a policy options paper, outlining current cybersecurity threats facing health care providers and systems and offering for discussion a series of policy solutions to improve cybersecurity across the industry. Since publishing, Sen. Warner has launched the Health Care Cybersecurity Working Group with a bipartisan group of colleagues to examine and propose potential legislative solutions to strengthen cybersecurity in the health care and public health sector. ###

Mark R. Warner
Show threadDavid KrauseFeb 16, 2024
I've updated the Nmap script for the Feb 14, 2024 Ivanti release.
Show threadDavid KrauseFeb 16, 2024
Someone is doing to die at a hospital somewhere in the future because care was delayed in a ransomware attack encouraged by previous victim payments. And the taxpayers of the county are funding it. #ransomware
David KrauseFeb 16, 2024
I think it’s pretty safe to say that the Washington County, PA commissioners just committed manslaughter and DigitalMint got a 5% reward for helping. #ransomware
David KrauseFeb 12, 2024
I have created an Nmap script to detect likely vulnerable Ivanti Connect Secure and Ivanti Policy Secure versions.
https://github.com/krausedw/nmap-scripts/blob/main/http-vuln-ivanti-ics-ips.nse
#Ivanti #ConnectAround #threatintel
nmap-scripts/http-vuln-ivanti-ics-ips.nse at main · krausedw/nmap-scripts

Repository containing Nmap scripts. Contribute to krausedw/nmap-scripts development by creating an account on GitHub.

GitHub
David KrauseFeb 3, 2024
I was reading the @BleepingComputer article about hospital ransomware when an ad pops up and it goes to a fake virus site securitypatch[.]life. 14/89 on VT.
Show threadDavid KrauseJan 7, 2023
I reported some #OWASSRF #ProxyNotShell via #HackerOne because I wanted to alert those companies that they hadn’t patched their Exchange Server, not because I necessarily wanted a bounty. But these programs require that you obtain RCE proof otherwise they are closed out. I’m not going to do that because Exchange Server is typically not in scope which would be illegal to do. I also don’t want to step on any webshells that may have already been deployed by other attackers.