Today the national and federal press announced a “massive” breach of federal personnel data housed at the Office of Personnel Management (OPM) within the Department of Homeland Security (DHS). Following an earlier breach discovered in March 2014, the breach is said to have exposed the personally identifiable information (PII) of up to four million federal employees. The Washington Post reported that U.S. officials suspect the Chinese government to be behind the attack, which represents “the second significant foreign breach into U.S. government networks in recent months.”
Showing posts with label Hacks. Show all posts
Showing posts with label Hacks. Show all posts
The OPM Breach: What Went Right
Today the national and federal press announced a “massive” breach of federal personnel data housed at the Office of Personnel Management (OPM) within the Department of Homeland Security (DHS). Following an earlier breach discovered in March 2014, the breach is said to have exposed the personally identifiable information (PII) of up to four million federal employees. The Washington Post reported that U.S. officials suspect the Chinese government to be behind the attack, which represents “the second significant foreign breach into U.S. government networks in recent months.”
RDP Hacks: Thwarting the Bad-Guy Network
Brian Krebs of Krebs on Security just posted an article on RDP hacks that exploit weak or default login credentials, and goes on to describe how that provides the basis for a cybercrime business. His article explains that Makost[dot]net rents access to more than 6000 poorly configured and, therefore, compromised Remote Desktop Protocol (RDP)-enabled servers around the globe. As Krebs says, “…the attackers simply needed to scan the Internet for hosts listening on port 3389 (Microsoft RDP), identify valid usernames, and then try the same username as the password.” It’s a classic brute-force attack and it’s aimed directly at an extremely weak target.
Many people on first
reading this would consider this capability a “vulnerability” of Windows, but
that’s like saying that an automated teller machine (ATM) has a “vulnerability”
that allows you to get cash from your bank account. It’s a feature of the
operating system and Windows is not alone in exposing functionality like it.
- Posted by: Siemens
- No comments
- Categories: Anomalies , Baselines , Cyber Threats , Endpoint Analytics , Endpoint Visibility , Hacks , Security Analytics , Threat hunting