Cybersecurity

The Cybersecurity and Infrastructure Security Agency (CISA) reports it is aware of a phone scam where a caller pretends to be a CISA representative. The scammer claims to have knowledge of the potential victim’s questionable behavior and attempts to extort money. If you receive a threatening call from someone claiming to be a CISA representative, CISA recommends the following actions:

CISA has published an advisory on an improper input vulnerability in ABB Relion 650 and 670 Series. Numerous versions of both devices are affected. Successful exploitation of this vulnerability may allow an attacker to reboot the device, causing a denial of service. ABB indicates updating to later versions of the products can mitigate the vulnerabilities. It also offers other recommendations to further protect the devices. CISA also recommends a series of measures to mitigate the vulnerability.

The FBI’s Portland, Oregon office has published an advisory discussing the threat of calendar fraud and providing some steps for combating it. Scammers have started sending online users calendar invites, a form of phishing. In many cases, the calendar’s default settings allow the invitation to simply appear on your account. The fraudster could be offering you a prize or an invitation to some special event. Just click on the link and you can register, or click, put in your credit card number, and you are on your way to winning the jackpot.

The National Security Agency (NSA) has released a cyber advisory that addresses managing risk from Transport Layer Security Inspection (TLSI). This short, informative document defines TLSI (a security process that allows incoming traffic to be decrypted, inspected, and re-encrypted), explains some risks and associated challenges, and discusses mitigations. CISA encourages users and administrators to review the advisory and apply the information, as appropriate.