Assessing The North Korean Cyber Threat to U.S. Infrastructure
Recent developments have highlighted the ongoing cyber threat from North Korea. In many recent incidents we see North Korea targeting critical infrastructure in the United States. These incidents shine light on the need for vigilance in cybersecurity practices across all industries. Overview of the incidents: North Korean cyber criminals, identified with the Andariel Unit of […]
The CrowdStrike Global Incident in Perspective
This morning, a significant IT outage caused widespread disruptions across the globe effecting various industries, including airlines, banking, and media. This incident was linked to a software update from CrowdStrike, and issues with Microsoft’s Azure cloud platform. The combination of these factors led to major operational disruptions, affecting computers running the Windows operating system with […]
UK Ministry of Defense Data Breach & Global Implications
In May 2024, the UK Ministry of Defense (MoD) was struck by a severe cybersecurity breach, resulting in the exposure of sensitive personal data of nearly 270,000 current and former staff members. Orchestrated through the payroll systems managed by MoD’s private contractor, Shared Services Connected Limited (SSCL), this breach highlights significant vulnerabilities within government cybersecurity […]
Japan’s Space Agency JAXA Faces Significant Cybersecurity Breach
The Japan Aerospace Exploration Agency (JAXA), has recently experienced a severe cybersecurity breach that compromised its internal networks. This sophisticated attack targeted JAXA’s Active Directory server. The breach has exposed potentially sensitive space-related technologies and data, including but not limited to employee credentials and network operations data. Officials from JAXA have expressed significant concern, labeling […]
Navigating the Unprecedented HTTP/2 “Rapid Reset” DDoS Attack
Recently, the digital world witnessed the largest Distributed Denial of Service (DDoS) attack in history, with internet titans like Google and Amazon grappling with an assault that surged to a staggering 398 million requests per second. This attack exploited a novel technique known as “Rapid Reset,” targeting the widely utilized HTTP/2 protocol, integral for boosting […]
Understanding the Cisco Duo MFA Service Breach
Introduction In early April 2024, Cisco’s Duo multifactor authentication (MFA) service, a cornerstone of secure access to corporate applications, was compromised. This incident exposes the vulnerabilities even in systems designed to protect against unauthorized access, shedding light on the sophistication of cyber threats in today’s digital age. The Breach Explained The breach targeted a third-party […]
Shadow Intrusion: The CVE-2024-3094 Threat
The CVE-2024-3094 incident, involving a sophisticated backdoor in XZ Utils versions 5.6.0 and 5.6.1, casts a spotlight on the critical vulnerabilities in open-source software supply chains. This event not only highlights the potential risks to internet security but also emphasizes the importance of community collaboration, vigilance, and rapid response mechanisms in the cybersecurity domain. Through […]
The Big 3 Cyber Updates of March 2024
In the dynamic world of cybersecurity, staying ahead means being well-informed about the latest developments. As digital technologies weave deeper into our lives, so does the sophistication of cyber threats. This month’s update from Black Rock Engineering & Technology dives into the latest cybersecurity challenges. We’re examining everything from advanced phishing techniques exploiting software vulnerabilities […]
The AI Cyber Security Challenge: Adapting to New Threats
The recent warning from the UK’s Government Communications Headquarters (GCHQ) about the potential rise in cyberattacks due to advancements in artificial intelligence (AI) has put the spotlight on the evolving landscape of cybersecurity threats. This development signals a pivotal shift in the cyber world, where AI’s growth might fuel more complex and challenging digital threats. […]
Insights from Microsoft’s Breach by Cozy Bear
The cybersecurity world was shaken by the news of Microsoft’s recent breach, a sophisticated cyber-espionage effort by the Russian group Cozy Bear. This high-profile incident raises significant concerns about the security preparedness of even the most technologically advanced companies. In this dynamic digital era, where information is as valuable as currency, the Microsoft breach serves […]