Cybersecurity

New APT Threat Actor – Attackers Target Victims in at Least Nine Countries

A new advanced persistent threat (APT) actor, known as ChamelGang, has been observed targeting aviation and energy companies in Russia and government organizations in at least nine other countries. The threat actor has not been linked to any existing APT and its nationality is unknown. ChamelGang was first detected after it breached a Russian energy firm, which was followed by the APT’s identification by the cybersecurity company Positive Technologies (PT).

Read more about New APT Threat Actor – Attackers Target Victims in at Least Nine Countries

Conti Ransomware Gang Issues New Warning: Loose Lips Sink Ships

The Conti ransomware group has jumped on the bandwagon of recent threats made by similar groups about calling in the experts or otherwise publicly sharing information about ransomware attacks. Last week, the Conti ransomware group released a statement threatening to publish victims’ data if details or screenshots of ransomware negotiations are leaked to media or security researchers.

Read more about Conti Ransomware Gang Issues New Warning: Loose Lips Sink Ships

Conti Ransomware Bolsters Targeting Backups

The Conti ransomware group is employing new techniques to cripple a victim’s backup software, according to a recent report from the cyber-risk prevention company Advanced Intelligence. The Conti ransomware gang has earned its spot as one of the more prolific ransomware groups for many of its advanced tactics, techniques, and procedures (TTPs), especially its propensity to destroy backups.

Read more about Conti Ransomware Bolsters Targeting Backups

Cyber Resilience – More Reasons to Voluntarily Espouse NERC CIP Guidance and the NIST Cybersecurity Framework

A prior post, ICS Preparedness/Resilience – More on Following NERC Guidance, Even Though it’s Not Required, discussed the benefits for water and wastewater utilities to voluntarily follow NERC CIP, especially given the cross-sector dependencies.

Read more about Cyber Resilience – More Reasons to Voluntarily Espouse NERC CIP Guidance and the NIST Cybersecurity Framework

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - September 28, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

None

Alerts, Updates, and Bulletins:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - September 28, 2021

Security Awareness – A New Trick to an Old Game: URL Phishing

We often train users about email-based phishing and common signs of an impersonated or fraudulent email address.

Read more about Security Awareness – A New Trick to an Old Game: URL Phishing

National Council of ISACs Statement of Ransomware

Read more about National Council of ISACs Statement of Ransomware

Cyber Resilience – Implementing a Zero Trust Framework

The COVID-19 pandemic and the resultant mass movement to remote work significantly accelerated the development toward a more distributed and fragmented network infrastructure. This paradigm reinforced the need to implement stricter security controls around user and device access.

Read more about Cyber Resilience – Implementing a Zero Trust Framework

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - September 23, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Alerts, Updates, and Bulletins:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - September 23, 2021

Massive Phishing-as-a-Service Campaign Revealed by Microsoft Security Researchers

On Tuesday, Microsoft’s security researchers published a report detailing a massive phishing-as-a-service campaign known as BulletProofLink. Phishing-as-a-Service offerings, or phishing kits, arm even the most novice threat actors with sophisticated platforms to launch widespread phishing campaigns with little more than a computer and a few hundred dollars. Researchers at Microsoft discovered this operation while investigating a separate phishing operation.

Read more about Massive Phishing-as-a-Service Campaign Revealed by Microsoft Security Researchers

You are here

Cybersecurity

New APT Threat Actor – Attackers Target Victims in at Least Nine Countries

Conti Ransomware Gang Issues New Warning: Loose Lips Sink Ships

Conti Ransomware Bolsters Targeting Backups

Cyber Resilience – More Reasons to Voluntarily Espouse NERC CIP Guidance and the NIST Cybersecurity Framework

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - September 28, 2021

Security Awareness – A New Trick to an Old Game: URL Phishing

National Council of ISACs Statement of Ransomware

Cyber Resilience – Implementing a Zero Trust Framework

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - September 23, 2021

Massive Phishing-as-a-Service Campaign Revealed by Microsoft Security Researchers

Pages

You are here

Cybersecurity

Pages

Footer Email Signup