You are here

Home » Cybersecurity

Cybersecurity

AutomationDirect C-More Touch Panels (ICSA-20-035-01) – Product Used in the Water and Wastewater and Energy Sectors

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has published an advisory on an insufficiently protected credentials vulnerability in AutomationDirect C-More Touch Panels. Firmware versions prior to 6.53 are affected. Successful exploitation of this vulnerability may allow an attacker to get account information such as usernames and passwords, obscure or manipulate process data, and lock out access to the device. AutomationDirect recommends users upgrade to version 6.53.

Over Half of Organizations Successfully Phished in 2019

According to Proofpoint’s just released State of the Phish report, 55 percent of surveyed organizations dealt with at least one successful phishing attack in 2019. The survey involved more than 600 information security professionals, who also reported a high frequency of social media engineering attempts across a range of methods. Other forms of attack reflected cyber criminals' continued focus on compromising individual end users.

New Snake Malware Adds to Increasing List of Ransomware

SentinelLabs reports it has observed a new ransomware, called “Snake,”  in targeted campaigns over the last month. According to SentinelLabs, Snake stands out among current ransomware variants for being more aggressive and more complex. Upon infection, relevant files are overwritten with encrypted data. Each modified file is also tagged with the string “EKANS” (Snake backwards). In addition, the names of modified files are appended with random characters, rather than a singular or uniform extension change.

NSA Guide: Mitigating Cloud Vulnerabilities

The National Security Agency (NSA) has published an eight-page guide on mitigating cloud vulnerabilities, intended for both leaders and technical staff. The sections on cloud components and cloud threat actors provide helpful overviews of the equipment and processes involved in cloud architecture as well as the backgrounds and capabilities of those who might try to take advantage of weaknesses for malicious purposes. It is especially helpful information for leaders.

Data Privacy Day 2020 – 28 January

Today is the thirteenth annual Data Privacy Day. As netizens, we all have a duty to respect privacy, safeguard data, and enable trust. Data privacy is two-fold and dual-faceted; individuals and organizations have two duties in maintaining data privacy. As individuals, we should be protecting our own data privacy, but we also have a duty to protect data that belongs to others, especially our employer’s data and any data entrusted to our employer by others, such as clients, customers, and partners.

FBI PSA: Cyber Criminals Use Fake Job Listings to Target Applicants’ Personally Identifiable Information

The FBI has published a Public Service Announcement (PSA) regarding fake job or hiring scams. As described by the PSA, these scams occur when criminal actors deceive victims into believing they have a job or a potential job. Criminals leverage their position as “employers” to persuade victims to provide them with personally identifiable information (PII) or to send them money.

CISA Advisory: Increased Emotet Malware Activity

The U.S. Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA) has posted an advisory noting it is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware. Emotet primarily spreads via malicious email attachments and attempts to proliferate within a network by brute forcing user credentials and writing to shared drives. If successful, an attacker could use an Emotet infection to obtain sensitive information.

Pages

Subscribe to Cybersecurity