You are here

Home » Cybersecurity

Cybersecurity

Cyber Resilience – 4-Steps to Mapping and Securing Organizational Critical Assets

One of the many challenges that cybersecurity teams of all sizes face, is knowing where to focus their limited efforts and resources. This is why one of the first things any cybersecurity team should be preoccupied with is obtaining a clear picture of the business-critical assets of their organization, and to maintain a proper inventory of the technology used – essentially mapping out the organization to identify the most needed areas to secure. In a recent article, The Hacker News shares a four-step approach to mapping and securing the most critical assets of an organization.

Threat Awareness – AI is Making Scams More Convincing

Not only are threat actors always modifying tactics making it imperative for security teams to maintain situational awareness and adapt training methods, but as of late, cybercriminals have been observed delivering more convincing scams by leveraging generative AI. As this does not come as a huge surprise per se, it is a threat worthy of our attention as scammers have been seen fooling even the savviest internet users and not just the elderly.

Threat Awareness – Threat Actors Target Insecure VPN Instances for Initial Access to Enterprise Networks

WaterISAC is sharing this recent threat actor behavior for member awareness. Threat actors have been identified targeting VPN solutions from various cybersecurity vendors for initial access into enterprise networks. Cybersecurity firm Check Point has monitored such login attempts where attackers leveraged old VPN local accounts with password-only authentication and don’t appear to involve exploitation of a software vulnerability.

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 28, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

May 28 – CISA Releases One Industrial Control Systems Advisory

May 23 – CISA Releases One Industrial Control Systems Advisory

Passthrough – Rockwell Automation Encourages Customers to Assess and Secure Public-Internet-Exposed Assets

CISA shared the following in an alert sent out today:

Rockwell Automation has released guidance encouraging users to remove connectivity on all Industrial Control Systems (ICS) devices connected to the public-facing internet to reduce exposure to unauthorized or malicious cyber activity.

From Rockwell Automation:

Passthrough – (TLP:CLEAR) MS-ISAC Report on How GenAI can be Coerced into a Malicious Response

MS-ISAC, in coordination with the Elections Infrastructure ISAC (EI-ISAC), recently released a cyber threat intelligence (CTI) report titled: An Examination of How Cyber Threat Actors Can Leverage Generative AI Platforms. The report covers the testing conducted by the Center for Internet Security’s (CIS) Cyber Threat Intelligence team to understand how threat actors can leverage GenAI platforms, circumvent usage policies, and generate elections-focused phishing emails.

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins – May 21, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

CISA Releases One Industrial Control Systems Advisory

Products are used across multiple sectors, please check these latest advisories for specific equipment used across your ICS environments and address accordingly.

Risk Awareness – Concerns of Session Token Vulnerabilities of FIDO2 Authentication

While FIDO2 is “phishing-resistant” to credential stealing, it was also designed with the intent to further protect against session hijacking and man-in-the-middle (MiTM) attacks. Silverfort suggests that most applications do not protect the session tokens created after FIDO authentication is successful and that many identity providers are still vulnerable to MiTM and session hijacking attack types.

Pages

Subscribe to Cybersecurity