Cybersecurity

Beyond Policies and Procedures – The Cybersecurity Audit Program

There is a juncture where a maturing cybersecurity program will experience an audit, where policies and procedures will be evaluated for accuracy and adherence. While it’s important to compose effective governance documents, Dale Peterson suggests that concurrently developing your cybersecurity audit program has equal benefits. Incorporating audit testing criteria during development should help identify the “must” policies versus the “shall” guidance often found confusingly intertwined in governance documents.

Read more about Beyond Policies and Procedures – The Cybersecurity Audit Program

Security Awareness – The Growing Scourge of Brand Impersonation Attacks

Phishing is one of the most widely used cyber attack techniques and has grown more sophisticated in the form of brand impersonation attacks. While many phishing scams are easy to spot, brand impersonation – through its use of impersonating the likeness of trusted brands – is typically more difficult to detect. Indeed, “brand impersonation emails increased 44% in 2020 vs. 2019. However, it’s not only a significant increase in frequency as much as an increasing level of sophistication,” according to Dirk Jan Koekkoek, VP DMARC at Mimecast.

Read more about Security Awareness – The Growing Scourge of Brand Impersonation Attacks

FBI Issues Multiple Reports on Current Ransomware Activity

FBI FLASH: Tactics, Techniques, and Indicators of Compromise Associated with Hello Kitty/FiveHands Ransomware

Read more about FBI Issues Multiple Reports on Current Ransomware Activity

2021 CWE Most Important Hardware Weaknesses

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Most Important Hardware Weaknesses List.

Read more about 2021 CWE Most Important Hardware Weaknesses

NSA-CISA Series on Securing 5G Cloud Infrastructures

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published the first of a four-part series, Security Guidance for 5G Cloud Infrastructures.

Read more about NSA-CISA Series on Securing 5G Cloud Infrastructures

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 28, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 28, 2021

New Squirrelwaffle Malware Mimics Emotet Tactics

Security researchers at Cisco Talos recently uncovered a new malware threat, called Squirrelwaffle, that spreads via spam campaigns, providing threat actors with an initial entry into a compromised device or network and allowing them to deploy additional malware, such as Qakbot or Cobalt Strike. Squirrelwaffle, which was first identified last month, leverages stolen reply-chain emails to propagate across devices and networks.

Read more about New Squirrelwaffle Malware Mimics Emotet Tactics

Microsoft Warns of Increase in Password Spraying Attacks

Microsoft’s Detection and Response Team (DART) has detected an increase in password spray attacks over the past year. With increasing intelligence of security software and cybersecurity awareness, breaking into a network undetected has become more difficult. Therefore, threat actors are increasingly focused on stealing a victim’s credentials so they can access a network and carry out malicious activity that appears as normal network traffic. To gain these credentials, adversaries are employing password spraying.

Read more about Microsoft Warns of Increase in Password Spraying Attacks

Nearly Three-Quarters of Organizations Experienced a DNS Attack in the Last Year

Although ransomware and phishing attempts are often perceived as the most frequent and persistent cyber threats by many, a new survey by the Neustar International Security Council (NISC), however, shows that domain name system (DNS) attacks are impacting businesses at an increasing rate. According to the survey, which was conducted in September 2021, 72 percent of respondents experienced a DNS attack within the last year. Among the targeted respondents, 58 percent experienced business disruptions that lasted more than an hour and 14 percent took several hours to recover.

Read more about Nearly Three-Quarters of Organizations Experienced a DNS Attack in the Last Year

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 26, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Fuji Electric Tellus Lite V-Simulator and V-Server Lite

Alerts, Updates, and Bulletins:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 26, 2021

You are here

Cybersecurity

Beyond Policies and Procedures – The Cybersecurity Audit Program

Security Awareness – The Growing Scourge of Brand Impersonation Attacks

FBI Issues Multiple Reports on Current Ransomware Activity

2021 CWE Most Important Hardware Weaknesses

NSA-CISA Series on Securing 5G Cloud Infrastructures

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 28, 2021

New Squirrelwaffle Malware Mimics Emotet Tactics

Microsoft Warns of Increase in Password Spraying Attacks

Nearly Three-Quarters of Organizations Experienced a DNS Attack in the Last Year

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 26, 2021

Pages

You are here

Cybersecurity

Pages

Footer Email Signup