You are here

Home » Cybersecurity

Cybersecurity

When Technology Fails, Phishing Evades Security

It is well-known that phishing is purposefully designed to evade security tools and target humans, so when it does it should come as no surprise. Likewise, when security technology fails humans need to be able to recognize suspicious activity such as phishing emails and report them accordingly. Cybersecurity firm Cofense recently analyzed phishing messages that evaded Proofpoint’s Secure Email Gateway (SEG). The platform/vendor should not be the point, because it happens to (dare I say) every platform.

Who Doesn’t Like a Story about Stuxnet?

Members of WaterISAC are no strangers to Stuxnet. Uncovered in 2010, Stuxnet was the first of what was anticipated, if not expected, to be the beginning of a “cyber warfare” era. Stuxnet marked the first true cyber weapon in history designed to physically attack a military target. For those not intimately familiar with its background, Ralph Langner, the foremost authority on Stuxnet, recounts the backstory and enriched technical details of the autonomous, stealthy, patient, calculating, uber-virus. Mr.

Two More Attacks on Israeli Water Infrastructure – Israeli Government Advises Securing Cellular Communications Equipment

Another round of cyber attacks reportedly targeted Israeli water infrastructure in June. According to officials, two cyber attacks took place. Reports state that one of the attacks hit agricultural water pumps in upper Galilee, while the other one hit water pumps in the central province of Mateh Yehuda.

Experiencing an Inbox Influx? – It’s Probably Emotet, Again

Last week, researchers observed Emotet awake from its 160 day slumber. The “public cyber enemy,” as Malwarebytes is calling it, seemed to warm-up as it began lightly populating inboxes on July 13. But by July 17, the malspam onslaught commenced with nearly a quarter million messages. Emotet usually emerges out of hibernation with a new tactic in its arsenal, but so far nothing remarkable.

CISA Alert: Malicious Cyber Actor Use of Network Tunneling and Spoofing to Obfuscate Geolocation

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert about malicious cyber actors using network tunneling and spoofing to obfuscate geolocation. According to the alert, attributing malicious cyber activity that uses network tunneling and spoofing techniques to a specific threat actor is difficult. Attribution requires analysis of multiple variables, including location.

Beware, More OT-Aware Ransomware – Recent Research Discovers Financially Motivated Threat Actors Dying to Kill More OT Processes

Prior reporting in multiple Security & Resilience Updates, most recently on June 18, 2020, has covered OT-aware ransomware families, notably EKANS, MegaCortex, and LockerGoga. Newly published research from FireEye suggests additional families are now incorporating common OT processes in their kill list.

SIGRed - Wormable DNS Vulnerability

As included in the Spotlight section of the Security & Resilience Update on Tuesday, Microsoft released a patch for CVE-2020-1350, a critical remote code execution (RCE) vulnerability dubbed SIGRed. All Windows Server versions from 2008 to the present are vulnerable. SIGRed only affects Windows DNS Servers; Windows DNS clients are not susceptible. However, SIGRed is wormable so it can be spread between vulnerable devices without user interaction.

The Tweets Heard ‘round the World – High-Profile Twitter Accounts Used to Send Fake Cryptocurrency Messages

Yesterday afternoon fake Tweets began circumnavigating the Twitter-sphere after a malicious actor presumably gained access to Twitter’s internal systems and tools. In what is believed to be a coordinated social engineering attack, several high-profile and Twitter-verified globally influential accounts tweeted fake cryptocurrency messages among millions of followers.

Siemens LOGO! Web Server (ICSA-20-196-08) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on a classic buffer overflow vulnerability in Siemens LOGO! Web Server. Numerous versions are affected. Successful exploitation of this vulnerability could allow remote code execution. Should the attacker gain access to the session cookies, they could then hijack the session and perform arbitrary actions in the name of the victim. Siemens recommends users apply upgrades. It has also identified specific workarounds and mitigations customers can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability.

Pages

Subscribe to Cybersecurity