You are here

Home » Cybersecurity

Cybersecurity

Cyber Resilience – Maintain Holiday Cheer by Reviewing a Few Reminders

As much of the world looks forward to the upcoming holidays, it is a good time for a reminder that cyber threat actors are no respecters of festivities. Observances and traditions notwithstanding, the holidays are an especially risk-filled time of year as cyber threat actors take advantage of employees on leave, burnout, deadlines, and other distractions. A few incidents that have occurred over a holiday during recent years include events such as SolarWinds, log4j, Colonial Pipeline, and Kaseya.

Cyber Incident – Colombian Public Energy, Water, and Gas Provider Taken Down by Ransomware

BleepingComputer has written an article covering a ransomware attack on Empresas Públicas de Medellín (EPM), a Colombian energy, water, and gas utility. According to reports, employees were told to work from home and public facing websites were unavailable, including payment portals, after EPM was targeted by BlackCat ransomware. While the company has not released many details, independent security researchers have found an unsecured server utilized by the threat actor behind the attack where it appears data on over 40 EPM machines was uploaded before being encrypted.

Security Awareness – Executives Are Four Times More Likely to Fall for Phishing Attacks Compared to Regular Employees

Top level executives are more likely to expose their organization to potential cyber attacks compared to regular workers and they are also more likely to use easy to guess passwords, according to a new study by the cybersecurity company Ivanti.

NSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing

On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) published an assessment of 5G network slicing. The paper, Potential Threats to 5G Network Slicing, presents both the benefits and risks associated with 5G network slicing. And provides mitigation strategies that address potential threats to 5G network slicing.

InfraGard Aware of Reports that its Portal may have been Compromised

Tuesday evening, investigative security journalist Brian Krebs (KrebsOnSecurity) broke news about an incident he has been tracking regarding the FBI’s InfraGard database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. The KrebsOnSecurity post explains the situation describing activity regarding a potential fraudulent account that may have enabled this compromise.

The FBI is aware and if you are an InfraGard member you were sent the following broadcast message yesterday.

InfraGard Members:

(Update December 15, 2022) Six Added to CISA’s Known Exploited Vulnerabilities Catalog Includes Four Zero Days

This week, CISA added 6 vulnerabilities to its Known Exploited Vulnerabilities Catalog, all for disclosed CVEs for 2022. The adds impact 5 vendors/products and have the customary 3 week remediation deadlines of 1/3/2023 and 1/4/2023. Four of the adds are particularly notable due to having been exploited as zero-days for widely used products and platforms prior to the patches being created, including Apple, Citrix, Fortinet, and Microsoft.

Pages

Subscribe to Cybersecurity