Cybersecurity

Security Awareness – Third Quarter of 2022 Saw the Most Phishing Attacks Ever Observed

Phishing attacks during the third quarter of this year were their highest number ever observed, according to a new report from the Anti-Phishing Working Group (APWG). The report, Phishing Activity Trends Report 3rd Quarter 2022, detected 1,270,883 total phishing attacks.

Read more about Security Awareness – Third Quarter of 2022 Saw the Most Phishing Attacks Ever Observed

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - December 29, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

None

Alerts, Updates, and Bulletins:

CISA Adds Two Known Exploited Vulnerabilities to Catalog

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - December 29, 2022

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - December 27, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

None

Alerts, Updates, and Bulletins:

None

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - December 27, 2022

VIP Impersonation Phishing Attack in Microsoft Office 365 targeted 100,000 Users

Security researchers at Amorblox recently published a report on a phishing impersonation attack in a Microsoft Office 365 environment that targeted 100,000 mailboxes at a large educational institution. The researchers were able to thwart the attack by using Natural Language Understanding, which is a type of artificial intelligence program.

Read more about VIP Impersonation Phishing Attack in Microsoft Office 365 targeted 100,000 Users

Security Awareness – Researchers Observe an Increase in Ransomware Attacks in November, with Royal Ransomware the Most Active Strain

Royal ransomware was the most active ransomware strain in November, knocking Lockbit ransomware from the top spot for the first time since September 2021, according to a recent report from the cybersecurity company NCC Group.

Read more about Security Awareness – Researchers Observe an Increase in Ransomware Attacks in November, with Royal Ransomware the Most Active Strain

FBI PSA – Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users

The FBI has published a Public Service Announcement (PSA) warning the public that cyber criminal threat actors are actively exploiting search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information.

Read more about FBI PSA – Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users

Vulnerability Awareness – Please Review – Previously Patched Microsoft Windows Vulnerability Discovered to have EternalBlue-like Capabilities

Review suggested: Given Microsoft is a widely used platform, please review the following and address accordingly. With respect to the holidays, please do not defer reviewing these latest threats.

CVE-2022-37958 is a remote code execution (RCE) vulnerability in the SPNEGO NEGOEX protocol of Windows operating systems, which supports authentication in applications.

Read more about Vulnerability Awareness – Please Review – Previously Patched Microsoft Windows Vulnerability Discovered to have EternalBlue-like Capabilities

Threat Awareness – Threat Actors Currently Bypassing Previous ProxyNotShell Workaround for Microsoft Exchange

Review recommended: Given Microsoft is a widely used platform, please review the following and address accordingly. With respect to the holidays, please do not defer reviewing these latest threats.

Read more about Threat Awareness – Threat Actors Currently Bypassing Previous ProxyNotShell Workaround for Microsoft Exchange

ICS/OT/SCADA Impacting Vulnerability – Microsoft to Force DCOM Patch in March, Could Shutdown ICS/OT/SCADA Devices

Microsoft DCOM Patch Incompatibility Requires Resolution Before March 14, 2023

Attention: ICS/OT/SCADA engineers and operators are encouraged to assess the use of the DCOM component in your industrial environment before March 14, 2023.

Read more about ICS/OT/SCADA Impacting Vulnerability – Microsoft to Force DCOM Patch in March, Could Shutdown ICS/OT/SCADA Devices

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - December 22, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - December 22, 2022

You are here

Cybersecurity

Security Awareness – Third Quarter of 2022 Saw the Most Phishing Attacks Ever Observed

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - December 29, 2022

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - December 27, 2022

VIP Impersonation Phishing Attack in Microsoft Office 365 targeted 100,000 Users

Security Awareness – Researchers Observe an Increase in Ransomware Attacks in November, with Royal Ransomware the Most Active Strain

FBI PSA – Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users

Vulnerability Awareness – Please Review – Previously Patched Microsoft Windows Vulnerability Discovered to have EternalBlue-like Capabilities

Threat Awareness – Threat Actors Currently Bypassing Previous ProxyNotShell Workaround for Microsoft Exchange

ICS/OT/SCADA Impacting Vulnerability – Microsoft to Force DCOM Patch in March, Could Shutdown ICS/OT/SCADA Devices

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - December 22, 2022

Pages

You are here

Cybersecurity

Pages

Footer Email Signup