The vector for infection is CHINA



Apple under attack as always

https://www.breitbart.com/tech/2024/02/06/google-claims-government-backed-hackers-targeted-apple-iphone-vulnerabilities/



New Malware with Google Cookies

https://www.cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking



NEW YEAR NEW PASSWORDS

Change all that you can people
Add that Multi-factor if you can
Long passwords that you never used before
Don’t use the same PW everywhere
Safe storage
Long numbers
More than one special character

Happy New Year



Change those Passwords folks

https://justthenews.com/world/foreign-desk/report-china-already-hacking-us-utilities-pipeline-port-companies



Interesting article about our digital self

https://www.city-journal.org/article/coping-with-the-digital-revolution

Click link above for

We Are More Than Our Data

Preserving individual liberty amid the digital revolution will require carving out a space for the distinctively human.



Spider Hackers

https://www.reuters.com/technology/moodys-says-breach-mgm-is-credit-negative-disruption-lingers-2023-09-13/

Click link to read entire article!

SAN FRANCISCO/WASHINGTON, Sept 13 (Reuters) – A hacking group named Scattered Spider brought down the systems of the $14 billion gaming giant MGM Resorts International (MGM.N) this week, two sources familiar with the matter said, as U.S. law enforcement officials started a probe into the breach.

Several MGM systems remained paralyzed for a third straight day after it said on Monday it had shut some of them to contain a “cybersecurity issue.” The company, which operates over 30 hotel and gaming venues around the world including in Macau and Las Vegas, said it was investigating the incident.



Fake threat

https://arstechnica.com/information-technology/2023/05/fearmongering-over-public-charging-stations-needs-to-stop-heres-why/



Something DIFFERENT – for those that want to learn

https://calculusmadeeasy.org/

Now if you click the above link you will be brought to a web version of the book from 1910
About MATH (yes calculus MATH)
You should be familiar, but this is an easy refresher. And in reality MATH helps you learn logic processing. Good stuff for learning about cybersecurity – logic processing



Lessons from NERC CIP

The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards are a set of mandatory cybersecurity standards that apply to the bulk power system in North America. There are currently 13 CIP standards that cover a range of cybersecurity requirements. Here is a brief overview of each standard:

CIP-001 – Sabotage Reporting: Requires the development of a procedure to report any suspicious activities that could lead to physical damage to the Bulk Electric System (BES).

CIP-002 – Critical Cyber Asset Identification: Defines the criteria for identifying and categorizing assets that are essential to the reliable operation of the BES.

CIP-003 – Security Management Controls: Requires the development of security management controls that establish a framework for managing the security of critical cyber assets.

CIP-004 – Personnel and Training: Requires the development of a training program for personnel with access to critical cyber assets.

CIP-005 – Electronic Security Perimeter(s): Requires the development of policies and procedures to protect the electronic security perimeter of critical cyber assets.

CIP-006 – Physical Security of Critical Cyber Assets: Requires the development of physical security measures to protect critical cyber assets from unauthorized access.

CIP-007 – System Security Management: Requires the development of a system security management plan that outlines the processes and procedures used to identify, assess, and correct security issues.

CIP-008 – Incident Reporting and Response Planning: Requires the development of a plan for reporting and responding to cybersecurity incidents.

CIP-009 – Recovery Plans for Critical Cyber Assets: Requires the development of a recovery plan for critical cyber assets in the event of a cybersecurity incident.

CIP-010 – Configuration Change Management and Vulnerability Assessments: Requires the development of a configuration change management and vulnerability assessment program for critical cyber assets.

CIP-011 – Information Protection: Requires the development of policies and procedures to protect sensitive information related to critical cyber assets.

CIP-012 – Cyber Security Information Protection: Requires the development of a plan to protect sensitive cybersecurity information.

CIP-013 – Supply Chain Risk Management: Requires the development of a supply chain risk management program to ensure the security of equipment, software, and services that are part of the BES.