You are here

Home

Cybersecurity

FBI Advises to Beware of Holiday Scams

The FBI has issued an advisory warning of various scams that coincide with the holiday season. The FBI notes that the perpetrators of these scams can be aggressive and creative, whether they involve online shopping, social media, gift cards, or charities, but in each case certain red flags are raised. In the case of gift card scams, a type of fraudulent activity that has been observed targeting water and wastewater utilities in the past, the FBI advises consumers should be careful if someone asks them to purchase gift cards for them.

Do You Remember When? – The Most Notable Cybersecurity Events of the Past Decade

ZDNet has posted an enlightening summary about some of the most influential cyber events during the past decade. Not all of the events are the biggest, but each incident represents a new trend, watershed moment, or paradigm shift in the field of cybersecurity. Several incidents are relevant to industrial cybersecurity, such as Stuxnet (2010), Flame (2012), Ukraine (2015), and even Wannacry and NotPetya (2017).

Survival of the Fittest – Incident Response Planning

In this “assume breach” world, survival usually means having a response plan in place before an incident occurs. Matthew J. Scwartz, Executive Editor of DataBreachToday, asked seven cybersecurity experts how organizations can better detect, defend, and mitigate cyber attacks; the overwhelming responses revolved around incident response plans. Given that you will not detect an attack if you cannot see it, investing in intrusion detection and monitoring is fundamental to being able to respond timely.

NIST Seeking Input on Updates to Cybersecurity Workforce Framework

The National Institute of Standards and Technology (NIST) is seeking input between now and January 13, 2020 for the National Initiative for Cybersecurity Education’s (NICE’s) Cybersecurity Workforce Framework. First published in August 2017, the document is intended to define and provide guidance on different aspects of cybersecurity workforce development, planning, training, and education.

ABB Relion 650 and 670 Series (ICSA-19-330-02) – Products Used in the Energy Sector

CISA has published an advisory on an improper input vulnerability in ABB Relion 650 and 670 Series. Numerous versions of both devices are affected. Successful exploitation of this vulnerability may allow an attacker to reboot the device, causing a denial of service. ABB indicates updating to later versions of the products can mitigate the vulnerabilities. It also offers other recommendations to further protect the devices. CISA also recommends a series of measures to mitigate the vulnerability.

ABB Relion 670 Series (ICSA-19-330-01) – Product Used in the Energy Sector

CISA has published an advisory on a path traversal vulnerability in ABB Relion 670 Series. Numerous versions are affected. Successful exploitation of this vulnerability may allow an attacker to read and delete files on the device. ABB indicates updating to current versions of the product can mitigate the vulnerabilities. It also offers other recommendations as workarounds. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Building a Digital Defense against Calendar Fraud

The FBI’s Portland, Oregon office has published an advisory discussing the threat of calendar fraud and providing some steps for combating it. Scammers have started sending online users calendar invites, a form of phishing. In many cases, the calendar’s default settings allow the invitation to simply appear on your account. The fraudster could be offering you a prize or an invitation to some special event. Just click on the link and you can register, or click, put in your credit card number, and you are on your way to winning the jackpot.

Pages

Subscribe to Cybersecurity