Cybersecurity

“Get Your Stuff Off Search” – CISA Promotes Tools for Finding ICS Devices Exposed to the Internet

The Cybersecurity and Infrastructure Security Agency (CISA) has published a series of resources designed to help critical infrastructure organizations reduce internet attack surfaces that are visible to anyone on web-based search platforms. CISA calls this program “Get your Stuff Off Search” and focuses much of its attention on the risks posed to exposed industrial control systems and the potential for impacts to public safety, human life, and national security.

Read more about “Get Your Stuff Off Search” – CISA Promotes Tools for Finding ICS Devices Exposed to the Internet

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - August 3, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

None

Alerts, Updates, and Bulletins:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - August 3, 2021

MeteorExpress – Wiper Attack against the Iranian Railway

SentinelOne analyzed the malware used to bring the Iranian Railway to a screeching halt on July 9, 2021. Based on clues within the code, researchers have dubbed this newly discovered wiper malware “MeteorExpress.” WaterISAC is sharing this incident for awareness given the potential for similar attacks against other types of critical infrastructure in all parts of the world. Check out SentinelOne for details.

Read more about MeteorExpress – Wiper Attack against the Iranian Railway

Ransomware Resilience – How Long Does it Take to Restore?

With ransomware being top of mind and a top cyber attack technique, organizations across all business types and sectors are paying attention. The inception of the Ransomware Task Force and other government efforts such as the StopRansomware webpage demonstrate the commitment by industry and government to help organizations build security and resiliency against this virulent threat.

Read more about Ransomware Resilience – How Long Does it Take to Restore?

CISA Updates Supply Chain Risk Report with Additional Information on Impacts and Mitigations

The Cybersecurity and Infrastructure Security Agency (CISA) has released the latest version of a report from its Information and Communications Technology Supply Chain Risk Management Task Force, adding information on impacts and mitigating controls for threat scenarios provided in the original report published in February 2020. The additional material is included in Appendix C, Threat Scenarios.

Read more about CISA Updates Supply Chain Risk Report with Additional Information on Impacts and Mitigations

NSA Guidance on Securing Wireless Devices while in Public

The National Security Agency (NSA) has released an information sheet with guidance on securing wireless devices while in public. This information sheet provides information on malicious techniques used by cyber actors to target wireless devices and ways to protect against it.

Read more about NSA Guidance on Securing Wireless Devices while in Public

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - July 29, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - July 29, 2021

The Latest Development in Ransomware – Distribution by Group Policy

As if ransomware distribution wasn’t effective enough, LockBit 2.0 reportedly has a new feature to keep an eye on. According to researchers, a new version of LockBit 2.0 leverages Active Directory group policies to automate the encryption process. Once actors have gained control of a domain controller, they deploy group policies to:

Read more about The Latest Development in Ransomware – Distribution by Group Policy

Vulnerability Management – Some Vulnerabilities Don’t Go Out of Style

A Joint Cybersecurity Advisory on the Top Routinely Exploited Vulnerabilities (AA21-209A) was released yesterday. The advisory, coauthored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), the United Kingdom’s National Cyber Security Centre (NCSC), and the U.S.

Read more about Vulnerability Management – Some Vulnerabilities Don’t Go Out of Style

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - July 27, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - July 27, 2021

You are here

Cybersecurity

“Get Your Stuff Off Search” – CISA Promotes Tools for Finding ICS Devices Exposed to the Internet

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - August 3, 2021

MeteorExpress – Wiper Attack against the Iranian Railway

Ransomware Resilience – How Long Does it Take to Restore?

CISA Updates Supply Chain Risk Report with Additional Information on Impacts and Mitigations

NSA Guidance on Securing Wireless Devices while in Public

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - July 29, 2021

The Latest Development in Ransomware – Distribution by Group Policy

Vulnerability Management – Some Vulnerabilities Don’t Go Out of Style

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - July 27, 2021

Pages

You are here

Cybersecurity

Pages

Footer Email Signup