Weekend Update

A quick Saturday digest of cybersecurity news articles from other sources.

Zerologon – hacking Windows servers with a bunch of zeros

Cryptography is hard. And cryptographic blunders can be hard to spot. This one was there for years…  Posted the CISA warning last Saturday, but if you missed it, this is a CRITICAL vulnerability.

A real-life Maze ransomware attack – “If at first you don’t succeed…”

The crooks wanted $15,000,000. They didn’t get it. Huzzah!

AR20-268A: Federal Agency Compromised by Malicious Cyber Actor

Original release date: September 24, 2020

This is a very good very detailed analysis describing what went wrong at this agency.  I could be happening to  your organization, too, so take a look.


This Analysis Report uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor tactics and techniques.

The Cybersecurity and Infrastructure Security Agency (CISA) responded to a recent threat actor’s cyberattack on a federal agency’s enterprise network. By leveraging compromised credentials, the cyber threat actor implanted sophisticated malware—including multi-stage malware that evaded the affected agency’s anti-malware protection—and gained persistent access through two reverse Socket Secure (SOCKS) proxies that exploited weaknesses in the agency’s firewall.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.