Cybersecurity

Cyber Resilience – NSA Urges Organizations to Implement Zero Trust in New Resource Sheet

The NSA has released a Cybersecurity Information Sheet titled “Advancing Zero Trust Maturity throughout the User Pillar” that provides recommendations for maturing identity, credential and access management (ICAM) capabilities. Noting the increased trend in threat actors targeting users and user accounts, the NSA promotes the use of the Zero Trust framework by organizations looking to achieve a more maturity cybersecurity posture.

Read more about Cyber Resilience – NSA Urges Organizations to Implement Zero Trust in New Resource Sheet

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 14, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 14, 2023

FBI’s IC3 Releases 2022 Internet Crime Report

The FBI’s Internet Crime Complaint Center (IC3) recently published its 2022 Internet Crime Report. The study draws data from 800,944 complaints of suspected internet crime reported to the FBI last year.

Read more about FBI’s IC3 Releases 2022 Internet Crime Report

Ransomware Resilience – CISA Announces Ransomware Vulnerability Warning Pilot

CISA has announced the establishment of the Ransomware Vulnerability Warning Pilot (RVWP). Through the RVWP, CISA will determine vulnerabilities commonly associated with known ransomware exploitation and warn critical infrastructure entities of those vulnerabilities.

Read more about Ransomware Resilience – CISA Announces Ransomware Vulnerability Warning Pilot

Industry Experts Discuss Importance of Critical Infrastructure Protection

Industrial Cyber has written an article discussing the importance of critical infrastructure protection through the lens of four industry experts, including WaterISAC’s director of infrastructure cyber defense Jennifer Lyn Walker and Health-ISAC’s president and CEO Denise Anderson.

Read more about Industry Experts Discuss Importance of Critical Infrastructure Protection

Advisory: Potential for Mandatory Microsoft DCOM Patch to Disrupt SCADA Communications

Action may be Required: Tomorrow (March 14, 2023), it will no longer be possible to disable the Microsoft DCOM hardening patch. This could result in the disruption of critical communications between ICS/SCADA/OT devices.

In other words, if ICS/OT/SCADA devices suddenly stop communicating after applying the Microsoft DCOM patch from March 14, 2023, it may be practical to consider this as a possible cause during your troubleshooting efforts.

Read more about Advisory: Potential for Mandatory Microsoft DCOM Patch to Disrupt SCADA Communications

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 9, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 9, 2023

Threat Awareness – Keep Our Eyes on Emotet

Various cybersecurity firms have observed that everybody’s email enemy emerged after another routine respite. As Emotet has proven to be a resilient threat, researchers report that it resumed activity again on March 7. While Emotet is still leveraging email as its initial infection vector, it’s important for defenders to track the various behaviors it adopts during each resurrection and detect and protect accordingly. According to Cofense, for this round Emotet is attaching very large .zip files that are not password protected.

Read more about Threat Awareness – Keep Our Eyes on Emotet

Security Awareness – Recruitment Scams are a Threat to Seekers and Employers

Job recruitment scams are nothing new, but related campaigns have been on an uptick in recent weeks as threat actors seem to be exploiting mass layoffs, resignations, and recruitment efforts.

Read more about Security Awareness – Recruitment Scams are a Threat to Seekers and Employers

Cyber Resilience – How to Block Microsoft OneNote Files from Delivering Malware

Since mid-December 2022, threat actors have been increasingly exploiting Microsoft OneNote files to deliver malware and compromise victims. Last week, WaterISAC shared a DHS report on attackers successfully utilizing weaponized Microsoft OneNote files for malware distribution. Threat actors, including ransomware gangs, are actively using this delivery method to infect organizations.

Read more about Cyber Resilience – How to Block Microsoft OneNote Files from Delivering Malware

You are here

Cybersecurity

Cyber Resilience – NSA Urges Organizations to Implement Zero Trust in New Resource Sheet

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 14, 2023

FBI’s IC3 Releases 2022 Internet Crime Report

Ransomware Resilience – CISA Announces Ransomware Vulnerability Warning Pilot

Industry Experts Discuss Importance of Critical Infrastructure Protection

Advisory: Potential for Mandatory Microsoft DCOM Patch to Disrupt SCADA Communications

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 9, 2023

Threat Awareness – Keep Our Eyes on Emotet

Security Awareness – Recruitment Scams are a Threat to Seekers and Employers

Cyber Resilience – How to Block Microsoft OneNote Files from Delivering Malware

Pages

You are here

Cybersecurity

Pages

Footer Email Signup