You are here

Home » Cybersecurity

Cybersecurity

ICS/OT and CVEs with Publicly Available Exploits

With over ten years of experience and analysis tracking and responding to exploited vulnerabilities in OT networks, Dragos recently published a whitepaper with key findings to help all asset owners better remediate vulnerabilities. Out of more than 3000 ICS/OT impacting CVEs (Common Vulnerabilities and Exposures) that Dragos tracks, it has identified more than 400 that have at least one publicly available exploit enabling a low-skilled threat actor to knowingly and quickly bypass a security boundary.

CISA Cybersecurity Workforce Training Guide

The Cybersecurity and Infrastructure Security Agency (CISA) released a new training manual last week for current and future federal, state, local, tribal, and territorial personnel looking to develop their cybersecurity skills. This new guide, titled the Cybersecurity Workforce Training Guide, includes over 100 training and certification prep courses for cybersecurity professionals along with access to resources from across the government. These training programs and tools provide opportunities at every proficiency level, from beginner through advanced.

Australian Government Warns of Escalating LockBit Ransomware Attacks

The Australian Cyber Security Centre (ACSC) has issued a security alert advising of an increase in reports from Australian organizations that have been impacted by LockBit 2.0 ransomware. The ACSC reports this activity has occurred across multiple industry sectors and that, in addition to demands for ransom payments, victims have received threats that data stolen during the incidents will be published. To help organizations further understand and protect themselves from this activity, the ACSC has published a profile on LockBit 2.0.

“Get Your Stuff Off Search” – CISA Promotes Tools for Finding ICS Devices Exposed to the Internet

The Cybersecurity and Infrastructure Security Agency (CISA) has published a series of resources designed to help critical infrastructure organizations reduce internet attack surfaces that are visible to anyone on web-based search platforms. CISA calls this program “Get your Stuff Off Search” and focuses much of its attention on the risks posed to exposed industrial control systems and the potential for impacts to public safety, human life, and national security.

MeteorExpress – Wiper Attack against the Iranian Railway

SentinelOne analyzed the malware used to bring the Iranian Railway to a screeching halt on July 9, 2021. Based on clues within the code, researchers have dubbed this newly discovered wiper malware “MeteorExpress.” WaterISAC is sharing this incident for awareness given the potential for similar attacks against other types of critical infrastructure in all parts of the world. Check out SentinelOne for details.

Ransomware Resilience – How Long Does it Take to Restore?

With ransomware being top of mind and a top cyber attack technique, organizations across all business types and sectors are paying attention. The inception of the Ransomware Task Force and other government efforts such as the StopRansomware webpage demonstrate the commitment by industry and government to help organizations build security and resiliency against this virulent threat.

Pages

Subscribe to Cybersecurity