Captain's Log, Stardate 2021.06.11


Captain's Log, Stardate is an ongoing series, published every Friday, highlighting interesting cyber news from the past week. To continue the discussion on any of these topics, join us on Slack

J1_Ambassador Hunter @2x

APT actors exploiting Fortinet vulnerabilities to gain access to local governments | Security Magazine
A web server hosting the domain for a local government in the United States was recently breached by advanced hackers taking advantage of old vulnerabilities in firewalls sold by Fortinet, according to an FBI Flash Alert issued. After gaining access to the local government organization's server, the advanced persistent threat (APT) actors moved laterally through the network and created new domain controller, server, and workstation user accounts mimicking already existing ones. Read the full story...

Here’s How Google Knows in Less Than 5 Minutes if a New Employee Will Hit the Ground Running | Inc. Magazine

But why do some new employees get up to speed faster than others?
That’s a good question, one Google spent considerable time and effort trying to answer. (As with determining the qualities of a great leader, it’s no surprise that one of the most data-driven companies in the world put some of its analytical horsepower into finding the best way to get new employees off on the right foot.) Read the full story...

Justice Dept. Claws Back $2.3M Paid by Colonial Pipeline to Ransomware Gang | KrebsOnSecurity
The U.S. Department of Justice said today it has recovered $2.3 million worth of Bitcoin that Colonial Pipeline paid to ransomware extortionists last month. The funds had been sent to DarkSide, a ransomware-as-a-service syndicate that disbanded after a May 14 farewell message to affiliates saying its Internet servers and cryptocurrency stash were seized by unknown law enforcement entities. Read the full story...

‘Battle for the Galaxy’ Mobile Game Leaks 6M Gamer Profiles | Threat Posts
An Elasticsearch server holding personal data of 6 million players of the popular mobile game Battle for the Galaxy was discovered insecure and containing over 1 terabyte of unencrypted data, meaning anyone with a link could access data stored on the repository. Ethical hackers, WizCase, found the data and quickly alerted AMT Games, the publisher of Battle of the Galaxy, that the customer data was exposed. According to WizCase, AMT Games has not responded to inquiries, but the leaky server is now secure. Read the full story...

JupiterOne Cares: Serving our Local Communities | JupiterOne

JupiterOne Cares - Drew Johnson"What did you do this weekend"? It's a typical question that gets asked a million times a day, around the world, every Monday. We posed the question to our team a little differently last week, "What do you do to serve your local community?", and were astounded with the diversity of answers. It's funny how you can learn something about people you've been working with, never having considered their personal projects and why they do what they do. Read the full story...



Posted By Mark Miller

Mark Miller speaks and writes extensively on DevOps and Security, hosting panel discussions on tools and processes within the DevOps Software Supply Chain.

Mark actively participates in the DevOps/DevSecOps community by building DevSecOps tracks at security conferences such as RSA Conference, InfoSec Europe, CD Summit, AppSec USA and AppSec EU. He is the Senior Storyteller and Senior Director of Community and Content at JupiterOne.

As well, Mark is Executive Producer of the DevSecOps Podcast Series (300K+ listens), and the Executive Editor of the LinkedIn DevOps Group (124K+ members).

To hear more from Mark, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.


cyber-security 1

Ad Title Placeholder

Lorem ipsum dolor sit amet, consectetur adipiscing elit.