You are here

Home » Cybersecurity

Cybersecurity

CircleCI Releases Post-Attack Incident Report as Core Enterprise Apps Rise in Popularity to Target

Bleeping Computer has posted an article discussing newly released information regarding the CircleCI data breach. This was prompted by CircleCI, a backbone service for many developers, releasing an incident report revealing the initial breach was caused by an engineer’s device becoming “infected with information-stealing malware that [stole] their 2FA-backed SSO session cookie” and allowed criminal actors to begin stealing data beginning December 22, 2022.

Cyber Hygiene – Six Common Mistakes that Facilitate Data Breaches

Threat actors are increasingly targeting employee and customer data information while appearing less interested in financial information and credentials, according to research from the cybersecurity firm Imperva. Notably, Imperva’s research also found that 32 percent of data breaches are due to unsecured databases and social engineering attacks.

Imperva’s research identified the six most common mistakes made by organizations and individuals that enable data breaches:

Cyber Resilience – CISA Releases Supply Chain Handbook for Small and Medium-sized Businesses

On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA) published a handbook offering guidance to small and medium-sized businesses (SMBs) on best practices for securing their cyber supply chain. The guide provides methods and guidance to tackle the most common and highest priority risks faced by SMBs.

Threat Awareness – AnyDesk-Themed Campaign Infecting Victims with Information-Stealing Malware

Bleeping Computer has written an article covering research from a SEKOIA analyst regarding a Vidar malware campaign involving 1,300 domains impersonating the AnyDesk brand. Victims are likely directed to these domains through a phishing campaign or search engine results and are then  redirected to a DropBox folder to download the Vidar malware disguised as an AnyDesk installer. Vidar malware capabilities include copying browser histories, account credentials, passwords, cryptocurrency wallets, and banking data to send to its controller for further malicious use.

Threat Awareness – Ransomware Group Returns to Leverage Backdoor Implanted Prior to Patch

Bleeping Computer has written an article discussing recently discovered activity by the Lorenz ransomware gang in relation to a Mitel MiVoice vulnerability (CVE-2022-29499) publicized in 2022 and included on CISA’s Known Exploited Vulnerabilities Catalog in June. While Mitel released a patch for the vulnerability in a timely manner, researchers from S-RM determined that the Lorenz group was already exploring and exploiting vulnerable networks at least a week ahead of the patch release.

Cyber Resilience – Tips for Improving your Incident Response Plan

Creating incident response plans that define how utilities plan to respond during cyber incidents is crucial for allowing organizations to better recover from potential cyber attacks.

An effective cyber incident response plan (IRP) will limit damage to an organization’s operations and reduce recovery time and costs. Most importantly, IRPs need to be in place and tested before a cyber incident. In other words, regularly exercising the IRP is crucial.

Besides creating an IRP there are a few tips organizations can implement to strengthen response and recovery efforts:

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - January 10, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Alerts, Updates, and Bulletins:

  • None

Threat Advisory – Phishing Campaign Mimicking Primacy Agency Data Validation Request Resurfaces

In August, WaterISAC reported on a phishing campaign pretending to be from the Massachusetts Department of Environmental Protection (EPA Region 1). The campaign was specifically targeting utilities in Massachusetts with a request to verify the PWS information that the threat actor included in the email.

Vendor Risk Management – Using MSPs to Administer Your Cloud Services

The UK’s National Cyber Security Centre (NCSC) posted a blog covering the topic of Managed Service Providers (MSPs) and the risk they pose to an organization. While MSPs can reduce the organizational responsibilities for operating cloud capabilities, the article argues that security responsibilities still remain relevant, albeit shifted. It discusses how security teams need to assess their expanded third party risk before and after procuring a contract.

Pages

Subscribe to Cybersecurity