You are here

Home » Cybersecurity

Cybersecurity

Vulnerability Awareness – Please Review – Previously Patched Microsoft Windows Vulnerability Discovered to have EternalBlue-like Capabilities

Review suggested: Given Microsoft is a widely used platform, please review the following and address accordingly. With respect to the holidays, please do not defer reviewing these latest threats.

CVE-2022-37958 is a remote code execution (RCE) vulnerability in the SPNEGO NEGOEX protocol of Windows operating systems, which supports authentication in applications.

Cyber Resilience – Maintain Holiday Cheer by Reviewing a Few Reminders

As much of the world looks forward to the upcoming holidays, it is a good time for a reminder that cyber threat actors are no respecters of festivities. Observances and traditions notwithstanding, the holidays are an especially risk-filled time of year as cyber threat actors take advantage of employees on leave, burnout, deadlines, and other distractions. A few incidents that have occurred over a holiday during recent years include events such as SolarWinds, log4j, Colonial Pipeline, and Kaseya.

Cyber Incident – Colombian Public Energy, Water, and Gas Provider Taken Down by Ransomware

BleepingComputer has written an article covering a ransomware attack on Empresas Públicas de Medellín (EPM), a Colombian energy, water, and gas utility. According to reports, employees were told to work from home and public facing websites were unavailable, including payment portals, after EPM was targeted by BlackCat ransomware. While the company has not released many details, independent security researchers have found an unsecured server utilized by the threat actor behind the attack where it appears data on over 40 EPM machines was uploaded before being encrypted.

Security Awareness – Executives Are Four Times More Likely to Fall for Phishing Attacks Compared to Regular Employees

Top level executives are more likely to expose their organization to potential cyber attacks compared to regular workers and they are also more likely to use easy to guess passwords, according to a new study by the cybersecurity company Ivanti.

NSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing

On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) published an assessment of 5G network slicing. The paper, Potential Threats to 5G Network Slicing, presents both the benefits and risks associated with 5G network slicing. And provides mitigation strategies that address potential threats to 5G network slicing.

Pages

Subscribe to Cybersecurity