You are here

Home » Cybersecurity

Cybersecurity

CISA Encourages Heightened Awareness for Iranian Cyber Activity

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory encouraging heightened awareness for potential malicious cyber activity from Iranian threat actors. The advisory states these actors continue to engage in offensive cyber activities that range from the conventional, including website defacement and distributed denial of service attacks, to the more advanced, such as destructive malware.

Cyber Incident Response – Take a Walk on the Human Side and a Look at the CIRP (Canada’s Cyber Incident Response Plan)

The Human Side of Incident Response

Anyone who has heard me (Jennifer Lyn Walker) speak (on the Cyber Threat Briefing, at a conference, or podcast) knows that I like to focus on the human side of cybersecurity. Therefore, it should come as no surprise that this post – Tackle the Human Side of Incident Response with SOAR and Threat Intelligence – by Flashpoint resonates with me.

OT Vulnerability Management – When Patching isn’t Preferred (or even possible)

Patching in the OT environment is a perpetual predicament, but passing over patches is permanently problematic. Simply ignoring a patch because it is impractical or impossible to implement is profoundly poor policy. So what are the preferred practices when patching isn’t possible? According to Verve Industrial, the options greatly depend on whether the system you intend to remediate has embedded vulnerabilities or a Windows/userspace application.

FBI PIN: Cyber Criminals Exploit Email Rule Vulnerability to Increase Likelihood of Successful Business Email Compromise

The FBI has published a Private Industry Notification (PIN) warning that cyber criminals are implementing auto-forwarding on victims’ web-based email clients to conceal their activities. As the PIN explains, the web-based client’s forwarding rules often do not sync with the desktop client, limiting the rules’ visibility to cybersecurity administrators. The cyber criminals then capitalize on this reduced visibility to increase the likelihood of a successful business email compromise (BEC).

Guide to Securing Remote Desktop Protocol

The Center for Internet Security (CIS) has just published the report Exploited Protocols, Remote Desktop Protocol (RDP), which is intended to provide an overview of what RDP is, the attacks associated with this protocol, and how an organization can best protect itself against an RDP-based attack. The information provided in this report is very timely given the increased usage of RDPs as organizations stood up remote environments for employees to utilize when the COVID-19 pandemic struck.

CISA Safe Holiday Online Shopping Campaign

With more Americans expected to shop online this holiday season due to the COVID-19 pandemic, the Cybersecurity and Infrastructure Security Agency (CISA) has launched a public awareness initiative to inform consumers of common risks and encourage basic cybersecurity practices. Over the course of the next month, it plans to share safety information for consumers to keep in mind as they navigate the world-wide web. As part of this, CISA’s “Holiday Online Shopping” website includes easy-to-follow safety tips for online shopping, and additional resources to promote healthy shopping practices.

New Cybersecurity Assessment Tool Designed to Measure Maturity, Resiliency, and Strength

The Ford Foundation has released a Cybersecurity Assessment Tool (CAT), which is designed to measure the maturity, resiliency, and strength of an organization’s cybersecurity efforts. While the CAT appears intended primarily for non-technical groups, its creators note that it can be used by any organization undertaking a cybersecurity journey. The tool is designed to be taken as a survey in one 30-minute sitting.

Pages

Subscribe to Cybersecurity