You are here

Home » Cybersecurity

Cybersecurity

Atlassian Releases Security Advisory for Questions for Confluence App

The Cybersecurity and Infrastructure Security Agency (CISA) has shared a security advisory from the software company Atlassian urging users of the Confluence application to apply the necessary updates to address a critical security vulnerability. Attackers could exploit this vulnerability to acquire sensitive information from users of the Confluence app. Atlassian reports that the vulnerability is likely to be exploited in the wild now that the hardcoded password is publicly known. Many organizations utilize Confluence for project management and for collaboration between remote workers.

CISA Releases Security Advisory on MiCODUS MV720 Global Positioning System (GPS) Tracker

This week, the Cybersecurity and Infrastructure Security Agency (CISA) released a security advisory detailing six vulnerabilities that were detected in MiCODUS MV720 Global Positioning System (GPS) Tracker. Successful exploitation of these vulnerabilities could allow threat actors to gain control over any MV720 GPS tracker, granting access to vehicle location, routes, fuel cutoff commands, and the disarming of various features such as alarms, according to CISA. These devices are present in vehicles used by businesses and governments across the world.

FBI PIN - Cyber Criminals Create Fraudulent Cryptocurrency Investment Applications to Defraud US Investors

The FBI has published a TLP:WHITE Private Industry Notification (PIN) warning that cyber criminals are creating fraudulent cryptocurrency investment applications to defraud financial institutions and other investors. Cyber criminals are seeking to exploit the increased interest in mobile banking and cryptocurrency investing.

Security Awareness – BlackCat Ransomware Adds New Tools and Tricks

Security researchers at Sophos recently published a report on BlackCat ransomware, that warned the threat actors behind the ransomware are adding new tools and practices, making the malware more effective at compromising organizations. BlackCat threat actors have targeted organizations in the US, Europe, and Asia, and don’t appear to favor any type of victim.

CISA Releases Report of its Review into Log4j Vulnerabilities and Response

Last week, DHS’s Cyber Safety Review Board’s (CSRB) released a report reviewing the U.S. government and industry’s response to the Log4j Vulnerabilities first discovered in December 2021. The report stresses the Log4j event is not over and contends it will remain an “endemic vulnerability and that vulnerable instances of Log4j will remain in systems for many years to come.” The study also concluded that defenders from across government and industry collaborated and communicated in a dedicated fashion to address the incident.

OT/ICS Cybersecurity – A Tale of Social Engineering, a Senior Engineer, and an Engineering Workstation

If you think social engineering is predominately for email phishing, you may wish to reconsider. Cyber actors use social engineering with a variety of tactics, including to target industrial operations and engineers for fun and (cryptomining) profit. In a recent instance, software being advertised for “PLC password cracking” wasn’t what it was cracked up to be and was discovered to be malware that is actually part of a larger ecosystem targeting industrial operators.

Security Awareness – The Anatomy of BEC Attacks

A new report from the cybersecurity firm Cofense examines the tactics and trends of one of the costliest cyber threats for companies both large and small – Business Email Compromise (BEC) scams. Unlike other email-based phishing attacks which utilize malware and stolen credentials, BEC scams involve social engineering tactics, via email communications, to trick an employee of a company to transfer unauthorized funds to the threat actor.

Pages

Subscribe to Cybersecurity