Ember River

Happy 4th of July from the Ember Family! #EmberRiver #EmberEcho

Wishing you all a safe and happy 4th of July from the Ember River Family! #FourthOfJuly #cybersecurity #emberriver

On March 29, 2024, a Microsoft employee discovered a critical backdoor supply-chain vulnerability within XZ Utils, a tool relied upon by linux systems for compression and decompression functionality. This vulnerability allows remote code injection as a superuser, earning a CVSS score of 10.0/10.0. Had this been successful, it would have constituted one of the most extensive backdoor attacks planted in a software product. This attack underlines the inherent risk of relying upon “trusted” third-parties for critical infrastructure software. Outsourcing software opens questions on who should be trusted and how the software is vetted. It is vital to recognize that security goes far beyond the practices and mechanisms implemented “in-house”. An insecure link at any point in the supply-chain can compromise the overall system’s security. #cybersecurity #emberriver #emberecho #emberintel #secure Macy Dennis, Jeff True, Mitch Wells, David W. Samara, CISSP, PMP, M.S., Jacob Novak, Matthew Schlesener

In January of 2024, Microsoft announced a breach by a hacking group associated with Russia's foreign intelligence agency, Identified as Midnight Blizzard. This group has an infamous track record, having previously targeted high-profile entities such as the Democratic National Committee (DNC) in 2015 and 2016, as well as orchestrating the SolarWinds attack in 2020. The announcement of this breach in January was alarming, but the severity escalated when Microsoft disclosed in March that the intrusion was more extensive than initially assessed. It was made known the hackers had successfully infiltrated senior executives' emails and gained access to critical source code. Furthermore, the breach raised concerns about the potential exploitation of sensitive customer information through compromised emails. Microsoft then announced they were collaborating with the Cybersecurity and Infrastructure Security Agency (CISA) on an emergency directive reflecting the gravity of the situation, particularly in safeguarding government agencies against the fallout. This incident serves as a reminder that extensive cybersecurity measures not only within individual organizations like Microsoft but across the broader landscape of companies is necessary. It also confirms the ongoing challenges faced by technology companies in staying ahead of sophisticated threat actors and the need for continuous vigilance in the face of evolving cyber threats.  #cybersecurity #emberriver #emberecho #emberintel #secure Macy Dennis, Mitch Wells, Jeff True, David W. Samara, CISSP, PMP, M.S., Jacob Novak, Matthew Schlesener

While financial institutions, hospitals, and government services are commonly recognized targets for hackers, the vulnerability of public schools to cyber attacks often goes unnoticed. In 2023 alone, 108 K-12 school districts reported breaches in their systems, containing critical data such as social security numbers, medical records, and disciplinary histories. One notable incident occurred in Minneapolis, where a breach led to the exposure of sensitive information affecting more than 105,000 individuals after the school district refused to pay the ransom demanded by the hacker. The leaked information provided ample info for fraudsters to exploit, potentially leading to years of undetected misuse of personal data. It's important for the cybersecurity community to acknowledge that no group is immune to such threats. Vigilance and preparedness are essential to protect all sectors, including education. We as cybersecurity professionals must implement robust security measures, foster awareness among students, parents, and staff, and invest in cybersecurity education to mitigate the risks posed by cyber attacks. Macy Dennis Jeff True Mitch Wells David W. Samara, CISSP, PMP, M.S. Jeremy. Mcdonald

“Humans are the weakest link in a secure system”... A phrase that is taught and reiterated across industries and classrooms. If this mantra is true, then what are the consequences of neglecting board members with the proper cyber understanding to effectively make decisions that factor security? In a security theater that changes overnight, company boards that do a “deep dive in cybersecurity” around “once a year”  might be left vulnerable with outdated information on best security practices.  An emphasis has been placed on training workers to be wary of things such as phishing attacks, But are we doing enough to ensure that the individuals who are making big-picture decisions have the awareness and education to integrate security into the decision-making process? Ember River has seasoned CISOs with decades of experience to provide advisory services to your Board and ELT. They sit on numerous boards as experts guiding the direction and focus so the other Board Members can focus on the business strategy. #EmberRiver #EmberEcho #EmberIntel Jacob Novak Matthew Schlesener Mitch Wells Macy Dennis Jeff True David W. Samara, CISSP, PMP, M.S. Jeremy. Mcdonald https://lnkd.in/dKkEz2Y3 

The 2024 Cisco Cybersecurity Readiness Index reveals a concerning trend: only 3% of global organizations are adequately prepared to tackle modern cyber threats, down from 15% the previous year. Many companies struggle due to complex security setups and reliance on multiple solutions, leading to poor response capabilities. The disconnect between perceived readiness and actual preparedness shows the urgent need for revamped cybersecurity strategies. Successful cyber-attacks have significant consequences. 73% of organizations foresee disruptions and over half reported costs exceeding $300,000 due to cyber incidents. However, there's optimism as companies plan to upgrade infrastructure, deploy new technologies, and invest in AI-driven solutions to fortify their defenses. 97% of companies also reported they will increase their cybersecurity budgets over the next year. Prioritizing strategic investments and embracing innovation will be crucial in enhancing readiness and resilience against evolving cyber threats. 73% brace for cybersecurity impact on business in the next year or two. Are you ready? Ember River is ready to bring its decades of experience to help you with the when and not the if... #EmberRiver #EmberEcho #EmberIntel Matthew Schlesener Jacob Novak Mitch Wells Jeff True David W. Samara, CISSP, PMP, M.S. Jeremy. Mcdonald https://lnkd.in/gMu-d9QZ

On March 29, 2024, a Microsoft employee discovered a critical backdoor supply-chain vulnerability within XZ Utils. A tool relied upon by linux systems for compression and decompression functionality. This vulnerability allows remote code injection as a superuser, earning a CVSS score of 10.0/10.0. Had it been successful, it would have constituted one of the most extensive backdoor attacks planted in a software product. This attack underlines the inherent risk of relying upon “trusted” third-parties for critical infrastructure software. Outsourcing software opens questions on who should be trusted and how the software is vetted. It is vital to recognize that security goes far beyond the practices and mechanisms implemented “in-house”. An insecure link at any point in the supply-chain can compromise the overall system’s security. #cybersecurity #emberriver #emberecho #emberintel #security Macy Dennis, Jeff True, Mitch Wells, David W. Samara, CISSP, PMP, M.S., Jacob Novak, Matthew Schlesener

As sophisticated attacks continue to surface, secure platforms are forced to grapple with the potential consequences of potential data breaches. On March 1st, Mintlify received its first signs of compromise via email, indicating multiple requests from unrecognized devices, directly pointing at multiple endpoint APIs. The attackers exploited a vulnerability that ultimately provided access to 91 customers’ GitHub tokens. Although Mintlify has taken the proper steps to mitigate the breach, frequent breaches of secure systems, underscore the focus on identity-based attacks. It is evident through attacks such as this one, that securing credential verification is as critical as ever and cannot be overlooked. Here at Ember River and Ember Intel we focus on helping clients secure their data and identities. These are the main targets no matter if it's a criminal or nation-state actor. To discuss further with one of our CISO Advisors please reach out - www.emberriver.com #emberriver #emberintel #emberecho #cybersecurity #cyberattack

On March 13th, a group called "Solntsepek" claimed responsibility for attacks on four Ukrainian Internet Service Providers (ISPs), because of their connection to government agencies in Ukraine. Solntsepek has ties to Russian military intelligence (GRU) and previously targeted Kyivstar, Ukraine's largest telecom provider, in December. It's suspected that the group used an updated version of the malware AcidRain, named AcidPour, which has the capability to target not only modems but also various other devices. AcidPour's ability to target memory in embedded devices makes it significantly more dangerous, prompting concerns from experts like Rob Joyce, the outgoing director of the NSA, who labeled AcidPour "a threat to watch." #cybersecurity #cyberthreat #cyberattack #malware #emberriver #emberecho #emberintel