Captain's Log, Stardate 2021.05.21


Captain's Log, Stardate is an ongoing series, published every Friday, highlighting interesting cyber news from the past week. To continue the discussion on any of these topics, join us on Slack

J1_Ambassador Hunter @2x

Irish Hospitals Are Latest to Be Hit by Ransomware Attacks | The New York Times
Hospitals in Ireland, New Zealand and Scripps Health in San Diego are reeling from digital extortion attacks. Using ransomware, which is malware that encrypts victims’ data until they pay a ransom, the people behind the attack have been holding hostage the data at Ireland’s publicly funded health care system, the Health Service Executive. The attack forced the H.S.E. to shut down its entire information technology system.

The Full Story of the Stunning RSA Hack Can Finally Be Told | Wired

The RSA breach, when it became public days later, would redefine the cybersecurity landscape. The company’s nightmare was a wake-up call not only for the information security industry—the worst-ever hack of a cybersecurity firm to date—but also a warning to the rest of the world. Timo Hirvonen, a researcher at security firm F-Secure, which published an outside analysis of the breach, saw it as a disturbing demonstration of the growing threat posed by a new class of state-sponsored hackers. “If a security company like RSA cannot protect itself,” Hirvonen remembers thinking at the time, “how can the rest of the world?”

IC3 Logs 6 Million Complaints | The FBI
It took nearly seven years for the FBI’s Internet Crime Complaint Center (IC3) to log its first million complaints. It took only 14 months to add the most recent million. The IC3 logged five million complaints on March 12, 2020, a few weeks before it marked its 20th anniversary. After a period of record reporting, the center received its 6 millionth complaint on May 15, 2021. IC3 saw complaints increase nearly 70% between 2019 and 2020. The top three crimes reported by victims in 2020 were phishing scamsnon-payment/non-delivery scams, and extortion. 

How to Tell a Job Offer from an ID Theft Trap | KrebsOnSecurity
Last week, someone began began posting classified notices on LinkedIn for different design consulting jobs at Geosyntec Consultants, an environmental engineering firm based in the Washington, D.C. area. One of the oldest scams around — the fake job interview that seeks only to harvest your personal and financial data — is on the rise, the FBI warns. Here’s the story of a recent LinkedIn impersonation scam that led to more than 100 people getting duped, and one almost-victim who decided the job offer was too-good-to-be-true. 

Modern-Visibility-for-Cybersecurity-and-IT-Asset-Management-JupiterOne_thumb-1Modern Visibility for Cybersecurity and IT Asset Management | JupiterOne
The cybersecurity technology landscape is fragmented and niche, and for good reason. Enterprises use specialized infrastructure and security tools each of which has its own definition of asset. Understanding your entire cyber asset landscape is nearly impossible due to the breadth of technologies in play. Identifying a new definition of cyber asset is mandatory to building a successful security program. Learn how to find, monitor, visualize, and govern your cyber assets with deep understanding of cyber asset relationships.



Posted By Mark Miller

Mark Miller speaks and writes extensively on DevOps and Security, hosting panel discussions on tools and processes within the DevOps Software Supply Chain.

Mark actively participates in the DevOps/DevSecOps community by building DevSecOps tracks at security conferences such as RSA Conference, InfoSec Europe, CD Summit, AppSec USA and AppSec EU. He is the Senior Storyteller and Senior Director of Community and Content at JupiterOne.

As well, Mark is Executive Producer of the DevSecOps Podcast Series (300K+ listens), and the Executive Editor of the LinkedIn DevOps Group (124K+ members).

To hear more from Mark, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.


cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.