Friday Security Brief
This release is trial for a weekly security brief compiled from trusted sources that encourage a general awareness of cyber security issues. I'm still not sure about how to do this so any thoughts or feedback will be appreciated.
Brexit deal mandates a limit to security standards
"In what is surely an unthinking cut-and-paste issue, page 921 of the Brexit deal mandates the use of SHA-1 and 1024-bit RSA:"
FBI Warns of Hijacked Security Devices being exploited for Swatting
"Stolen email passwords are being used to hijack smart home security systems to “swat” unsuspecting users, the Federal Bureau of Investigation warned this week. The announcement comes after concerned device manufacturers alerted law enforcement about the issue."
A look back at some email attacks of 2020
"In 2020, our spam folders bulged with malware-laced emails, phishing lures linking to ransomware schemes, impersonation attacks, spoofed brand and fake domain missives, and dubious requests from legit-sounding companies. So, what defined 2020 in spam?"
SolarWinds hackers accessed Microsoft source code
"The hackers behind the SolarWinds supply chain attack managed to escalate access inside Microsoft's internal network and gain access to a small number of internal accounts, which they used to access Microsoft source code repositories, the company said on Thursday."
CISA updates SolarWinds guidance
"The US Cybersecurity and Infrastructure Security Agency has updated its official guidance for dealing with the fallout from the SolarWinds supply chain attack.
In an update posted late last night, CISA said that all US government agencies that still run SolarWinds Orion platforms must update to the latest 2020.2.1HF2 version by the end of the year."