Cybersecurity

NSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing

On Tuesday, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI) published an assessment of 5G network slicing. The paper, Potential Threats to 5G Network Slicing, presents both the benefits and risks associated with 5G network slicing. And provides mitigation strategies that address potential threats to 5G network slicing.

Read more about NSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing

InfraGard Aware of Reports that its Portal may have been Compromised

Tuesday evening, investigative security journalist Brian Krebs (KrebsOnSecurity) broke news about an incident he has been tracking regarding the FBI’s InfraGard database of contact information on more than 80,000 members go up for sale on an English-language cybercrime forum. The KrebsOnSecurity post explains the situation describing activity regarding a potential fraudulent account that may have enabled this compromise.

The FBI is aware and if you are an InfraGard member you were sent the following broadcast message yesterday.

InfraGard Members:

Read more about InfraGard Aware of Reports that its Portal may have been Compromised

(Update December 15, 2022) Six Added to CISA’s Known Exploited Vulnerabilities Catalog Includes Four Zero Days

This week, CISA added 6 vulnerabilities to its Known Exploited Vulnerabilities Catalog, all for disclosed CVEs for 2022. The adds impact 5 vendors/products and have the customary 3 week remediation deadlines of 1/3/2023 and 1/4/2023. Four of the adds are particularly notable due to having been exploited as zero-days for widely used products and platforms prior to the patches being created, including Apple, Citrix, Fortinet, and Microsoft.

Read more about (Update December 15, 2022) Six Added to CISA’s Known Exploited Vulnerabilities Catalog Includes Four Zero Days

Ransomware Awareness – Newly Uncovered Ransomware Families Are Actively Targeting Victims

Security researchers at Fortinet have discovered three new ransomware families that are actively targeting victims around the world. Members are encouraged to keep abreast of the various ransomware families for awareness on unique characteristics and indicators of compromise for each.

Read more about Ransomware Awareness – Newly Uncovered Ransomware Families Are Actively Targeting Victims

Ransomware Resilience – Ransomware Task Force Offers Recommendations in Latest Progress Report

The Ransomware Task Force (RTF), associated with the Institute for Security and Technology, recently published a December 2022 Progress Report, stressing that the scale of the ransomware threat continues to grow, even as stakeholders are devoting more attention to the challenge.

Read more about Ransomware Resilience – Ransomware Task Force Offers Recommendations in Latest Progress Report

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - December 13, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - December 13, 2022

Third-Party Risk Management – Evaluating Cyber Risk Posed by IT and Managed Service Providers

Despite AWIA Section 2013 and/or cyber insurance requirements, do you still struggle with risk management? Even more so with your third-party – vendors, contractors, consultants, and integrators – relationships? As organizations struggle with assessing risk across their own organizational attack surface, it’s often more challenging to assess the cyber risk posed from and preparedness of third-party partners (new and existing). Many aren’t sure where to start or even what questions to ask of these trusted partners – perhaps even more so with technology services partners.

Read more about Third-Party Risk Management – Evaluating Cyber Risk Posed by IT and Managed Service Providers

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - December 8, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - December 8, 2022

Insider Threat – Effective Strategies for Countering Insider Threats

Security Magazine has written an article proposing that utilizing employee surveillance capabilities is not the most effective way to handle the risk of insider threats to an organization, primarily due to the use of technology exacerbating what could already be a negative employee relationship.

Read more about Insider Threat – Effective Strategies for Countering Insider Threats

Cyber Resilience – Considerations for Cyber Insurance Coverage in 2023

CSO Online posted an article discussing what potential purchasers of cyber insurance should be aware of in the new year. As the number of companies reporting attacks to insurers increases, so have the requirements for the purchase or renewal of policies. There are two broad trends impacting cyber insurance: insurers requiring a stronger security posture from organizations and the increasing cost of insurance.

Read more about Cyber Resilience – Considerations for Cyber Insurance Coverage in 2023

You are here

Cybersecurity

NSA, CISA, and ODNI Release Guidance on Potential Threats to 5G Network Slicing

InfraGard Aware of Reports that its Portal may have been Compromised

(Update December 15, 2022) Six Added to CISA’s Known Exploited Vulnerabilities Catalog Includes Four Zero Days

Ransomware Awareness – Newly Uncovered Ransomware Families Are Actively Targeting Victims

Ransomware Resilience – Ransomware Task Force Offers Recommendations in Latest Progress Report

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - December 13, 2022

Third-Party Risk Management – Evaluating Cyber Risk Posed by IT and Managed Service Providers

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - December 8, 2022

Insider Threat – Effective Strategies for Countering Insider Threats

Cyber Resilience – Considerations for Cyber Insurance Coverage in 2023

Pages

You are here

Cybersecurity

Pages

Footer Email Signup