You are here

Home » Cybersecurity

Cybersecurity

Don’t Pay the Ransom – Easier Said than Done

When ransomware strikes a company, it is easy for pundits to say, “don’t pay the ransom.” But in reality, that is not always a practical choice. If you have not been impacted by ransomware yet, you are fortunate. Furthermore, if you think you know what you will do when you are (and even if you don’t know), you might want to read this recent post by Mailguard. The article includes a quick timeline of events regarding the WastedLocker ransomware attack on Garmin last month and thoughts on navigating the critical quandary to pay or not to pay.

A Few COVID-19 Cybersecurity Challenges that Might Surprise You

Cybersecurity challenges brought on by COVID-19 have been covered ad-nauseum and are largely unsurprising; however, a recent survey by cybersecurity firm Malwarebytes revealed a few things that make you go 'hmmmm.' In its latest report, Enduring from Home: COVID-19’s Impact on Business Security, Malwarebytes Labs summarizes respondents’ concerns about transitioning to work-from-home, the impacts suffered due to the pandemic, and plans to implement long-term security changes moving ahead.

Water and Wastewater Sector Third Most Affected by ICS Vulnerabilities Disclosed in First Half 0f 2020

With vulnerability management being a pillar of every successful cyber risk management strategy, the latest report by industrial cybersecurity firm Claroty provides material evidence for member utilities challenged with prioritizing cybersecurity in the OT environment. According to findings in the Claroty Biannual ICS Risk & Vulnerability Report: 1H 2020, the water and wastewater sector falls just below energy and critical manufacturing for the critical infrastructure sectors most affected by vulnerabilities published in ICS-CERT advisories.

New Information on North Korean Malicious Cyber Activity: BLINDINGCAN

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have published a new Malware Analysis Report (MAR) on BLINDINGCAN, a malware variant used by North Korean actors. In addition to providing a description of BLINDINGCAN, the MAR contains suggested response actions and recommended mitigation techniques.

Peer Use Case – Water Treatment Plant Manager Discusses Remote Access Readiness During Pandemic

In Day 4 of its Mobility Month mini series, Control Global shares the experience of John D’Aoust, water treatment plant manager, City of Haverhill, Massachusetts. D’Aoust outlines how his 10-member staff is prepared to operate with just one onsite staffer. “If you put the proper plans in place and have the right hardware to enable the necessary security, you can do this safely and securely,” adds D’Aoust, who says his team is prepared if fully remote monitoring is ever required.

Guidance Document – NIST Publishes Final Guidance on Establishing Zero Trust Architecture to Improve Cybersecurity Defenses

NIST recently announced the final publication of Special Publication (SP) 800-207, Zero Trust Architecture, which discusses the core logical components that make up a zero trust architecture (ZTA). Zero trust refers to an evolving set of security paradigms that narrows defenses from wide network perimeters to individual or small groups of resources.

Threat Awareness – Drovorub, New Linux Malware with a Russian Nexus

The National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) have jointly released a comprehensive technical advisory on previously undisclosed Linux malware they are attributing to Russian advanced persistent threat (APT) actors. The malware, dubbed Drovorub, is being associated to APT28/Fancy Bear, a Russian group notoriously known for the 2016 Democratic National Committee attacks.

CISA Alert: Phishing Emails Used to Deploy KONNI Malware

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert advising that is has observed cyber actors using emails containing a Microsoft Word document with a malicious Visual Basic Application (VBA) macro code to deploy KONNI malware. KONNI is a remote administration tool (RAT) used by malicious cyber actors to steal files, capture keystrokes, take screenshots, and execute arbitrary code on infected hosts.

Microsoft Addresses RCE and Spoofing Vulnerabilities under Active Exploitation

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) advises that Microsoft has released security updates to address two vulnerabilities – CVE-2020-1380 and CVE-2020-1464 – that are being actively exploited. CVE-2020-1380 is a remote code execution vulnerability affecting Internet Explorer 11, and CVE-2020-1464 is a spoofing vulnerability that affects multiple Windows products. An attacker could exploit these vulnerabilities to take control of an affected system.

Pages

Subscribe to Cybersecurity