Cybersecurity

CISA Issues Binding Operational Directive (BOD) 23-01 to Improve Cybersecurity Asset Visibility and Vulnerability Detection

Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive (BOD) 23-01, Improving Asset Visibility and Vulnerability Detection on Federal Networks. The intent of the BOD is to help federal agencies strengthen their cyber defenses by gaining visibility into all the assets on their networks and improving vulnerability detection capabilities.

Read more about CISA Issues Binding Operational Directive (BOD) 23-01 to Improve Cybersecurity Asset Visibility and Vulnerability Detection

CISA Warns Users to Remain on Alert for Hurricane-Related Scams

The Cybersecurity and Infrastructure Security Agency (CISA) is warning users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following Hurricane Ian. Fraudulent emails – often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events.

Read more about CISA Warns Users to Remain on Alert for Hurricane-Related Scams

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 4, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 4, 2022

Cybersecurity Awareness Month 2022 – Become a Champion!

Read more about Cybersecurity Awareness Month 2022 – Become a Champion!

Security Awareness – Office Exploits Continue to Spread More Than Any Other Category of Malware

Overall malware detections have decreased from their record high in the first half of 2021, but there was an increase in encrypted malware and threats targeting Chrome and Microsoft Office, according to WatchGuard Threat Lab’s latest report.

Read more about Security Awareness – Office Exploits Continue to Spread More Than Any Other Category of Malware

New Sophos Report – The State of Ransomware in State and Local Government 2022

Yesterday, the cybersecurity company Sophos released a new report, The State of Ransomware in State and Local Government 2022, which provides insights into ransomware attack trends, costs and recovery, and ransom payouts in state and local government organizations over the last year. To conduct the report, Sophos polled 5,600 IT professionals in mid-sized organizations across 31 countries, including 199 respondents from the state and local government sector. The study found that ransomware attacks against state and local governments are significantly increasing.

Read more about New Sophos Report – The State of Ransomware in State and Local Government 2022

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - September 29, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - September 29, 2022

Cyber Resilience – Get to Know the Enemy Before They Get to Know You

by Jennifer Lyn Walker

Read more about Cyber Resilience – Get to Know the Enemy Before They Get to Know You

Organizational Resilience – Insider Threats

The risk posed by insider threats is increasing. Organizations routinely fall victim to cyber attacks due to both intentional and unintentional insider threats. There are two broad categories of insider threats: the malicious insider and the unwitting asset. Malicious insiders can be motivated by financial or political factors or be driven by personal grievances against an employer. They also may be a disgruntled former employee. While malicious insiders have negative intentions, unwitting assets are also a concern.

Read more about Organizational Resilience – Insider Threats

Threat Awareness – Compromised Microsoft SQL Servers Being Used to Deliver Ransomware

Threat actors have been observed compromising vulnerable Microsoft SQL servers and infecting them with FARGO ransomware. Disrupting database servers can lead to significant disruption of business operations. They are often compromised via brute force, dictionary attacks, or by exploiting unpatched vulnerabilities. According to security researchers at AhnLab, this attack chain involves downloading a .Net file and PowerShell, followed by the execution of a BAT file, which eventually leads to the deployment of the FARGO ransomware and a ransom note on a victim’s device.

Read more about Threat Awareness – Compromised Microsoft SQL Servers Being Used to Deliver Ransomware

You are here

Cybersecurity

CISA Issues Binding Operational Directive (BOD) 23-01 to Improve Cybersecurity Asset Visibility and Vulnerability Detection

CISA Warns Users to Remain on Alert for Hurricane-Related Scams

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 4, 2022

Cybersecurity Awareness Month 2022 – Become a Champion!

Security Awareness – Office Exploits Continue to Spread More Than Any Other Category of Malware

New Sophos Report – The State of Ransomware in State and Local Government 2022

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - September 29, 2022

Cyber Resilience – Get to Know the Enemy Before They Get to Know You

Organizational Resilience – Insider Threats

Threat Awareness – Compromised Microsoft SQL Servers Being Used to Deliver Ransomware

Pages

You are here

Cybersecurity

Pages

Footer Email Signup