Cybersecurity

Organizations Failing to Implement all of Microsoft’s 365 Security Features

Many organizations are not utilizing the cybersecurity features offered by Microsoft 365, according to research from the IT company Ensono. For its research Ensono surveyed IT staff whose companies use Microsoft 365. Some key findings from the survey reveal that 38 percent of respondents are not using multi-factor authentication, only 43 percent have Conditional Access setup, and 46 percent do have data loss prevention or data classification configured.

Read more about Organizations Failing to Implement all of Microsoft’s 365 Security Features

Security Awareness – Phishing Campaign Abuses CSV Text Files to Install BazarBackdoor

A recently observed phishing campaign is utilizing malicious CSV text files to install the BazarLoader/BazarBackdoor trojan. BazarBackdoor is a backdoor malware created by the TrickBot gang to provide threat actors with remote access to a compromised device which can then be used to move laterally through a corporate network, install more malware, steal data, and deploy ransomware.

Read more about Security Awareness – Phishing Campaign Abuses CSV Text Files to Install BazarBackdoor

Critical OT Data Leaked on Ransomware Extortion Sites

Data leaks, for whatever reason, are costly. However, financial recovery costs and costs due to damaged trust and reputation are not the only ramifications. Lost data often finds its way into the hands of advanced adversaries who use it for reconnaissance efforts to learn about potential targets, including critical infrastructure organizations.

Read more about Critical OT Data Leaked on Ransomware Extortion Sites

Ransomware Awareness – Study Breaks Down Ransomware Attacks by Sector

A recent study of ransomware attacks between July and September 2021 reveals that the banking, utilities, and retail sectors are the most targeted industries. The utilities sector was the second most targeted by ransomware during the time period, accounting for 20 percent of detected attacks. All three sectors in combination accounted for 58 percent of all detected attacks.

Read more about Ransomware Awareness – Study Breaks Down Ransomware Attacks by Sector

Security Awareness – Fake USPS Phishing Emails Deliver Trickbot and Other Malware

A current phishing scam is purporting to be a message from the U.S. Postal Service (USPS) claiming recipients have missed an important delivery, but instead contains a malicious link. In recent phishing awareness posts, WaterISAC has highlighted threat actors using trusted brands in phishing campaigns to fool users more easily into downloading various malware.

Read more about Security Awareness – Fake USPS Phishing Emails Deliver Trickbot and Other Malware

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - February 1, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - February 1, 2022

Cybersecurity and the New Jersey Water Quality Accountability Act

by Andrew Hildick-Smith, WaterISAC Advisor

Read more about Cybersecurity and the New Jersey Water Quality Accountability Act

NSA Recommendations for Protecting VSAT Communications

Yesterday, the National Security Agency (NSA) released Cybersecurity Advisory (CSA), Protecting VSAT Communications. VSAT (very small aperture terminal) networks are largely used for remote communications when other options are not feasible.

Read more about NSA Recommendations for Protecting VSAT Communications

Water Sector, Federal Partners Launch Effort on ICS Monitoring

Today, the water sector, EPA and the White House National Security Council announced the launch of the Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action Plan - a 100-day “surge” to investigate the pros and cons of utilities implementing industrial control system (ICS) monitoring and sharing monitoring results with the Cybersecurity and Infrastructure Security Agency (CISA).

Read more about Water Sector, Federal Partners Launch Effort on ICS Monitoring

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - January 27, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Alerts, Updates, and Bulletins:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - January 27, 2022

You are here

Cybersecurity

Organizations Failing to Implement all of Microsoft’s 365 Security Features

Security Awareness – Phishing Campaign Abuses CSV Text Files to Install BazarBackdoor

Critical OT Data Leaked on Ransomware Extortion Sites

Ransomware Awareness – Study Breaks Down Ransomware Attacks by Sector

Security Awareness – Fake USPS Phishing Emails Deliver Trickbot and Other Malware

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - February 1, 2022

Cybersecurity and the New Jersey Water Quality Accountability Act

NSA Recommendations for Protecting VSAT Communications

Water Sector, Federal Partners Launch Effort on ICS Monitoring

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - January 27, 2022

Pages

You are here

Cybersecurity

Pages

Footer Email Signup