You are here

Home » Cybersecurity

Cybersecurity

Cyber Criminals Utilize Social Engineering Techniques to Obtain Employee Credential to Conduct Payroll Diversion

The FBI’s Internet Crime Complaint Center (IC3) has released a Public Service Announcement (PSA) noting it has has received complaints reporting cybercriminals are targeting the online payroll accounts of employees in a variety of industries. According to the PSA, cyber criminals target employees through phishing emails designed to capture an employee’s login credentials. Once the cyber criminal has obtained an employee’s credentials, the credentials are used to access the employee’s payroll account in order to change their bank account information.

WECON PLC Editor (ICSA-18-261-01) - Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on a stack-based buffer overflow vulnerability in WECON PLC Editor. For SCALANCE X300 and X408, all versions prior to 4.0.0 are affected. Version 1.3.3U is affected. Successful exploitation of this vulnerability could result in unauthorized code execution within the current process. WECON has verified the vulnerability but has not yet released an updated version. All users should limit application interaction to only trusted files and update software to the latest version as updates become available.

The Increasingly Vulnerable Supply Chain

According to a recent Crowdstrike study, two-thirds of organizations across a wide variety of sectors experienced a software supply chain attack in the past 12 months. Adversaries have turned to this attack vector because traditional cybersecurity solutions that protect the network perimeter are advancing to the point they have had to find other ways to infiltrate an enterprise.

Unattended Corporate Websites Cause Headaches

Businesses, especially large ones, usually have more than one department registering new domains. In theory, the people who register a site are responsible for it, but those one-off chores can get eclipsed by more urgent tasks. Well before a registration expires, people might change positions or quit the job. An abandoned site might simply not seem like a pressing matter. And so they remain on an organization’s website until their registration expires and they go back on the market. What can go wrong? An abandoned website is actually rife with possibility for cyber criminal mischief.

How to Protect against Phishing Attacks that Follow Natural Disasters

Recent natural disasters have shown that cyber threat actors are still attempting to exploit the charitable inclinations of people following these adverse events for their financial gain. A common ploy is a phishing email that pretends to promote the relief effort, with the intent of enticing the victim into credential theft or endpoint infection. Cybersecurity firm Cofense Intelligence, which claims to have analyzed much of this activity, provides an example of a campaign executed in the aftermath of the hurricanes that recently impacted Hawaii.

Potential Hurricane Florence Phishing Scams

The NCCIC warns users to remain vigilant for malicious cyber activity seeking to exploit interest in Hurricane Florence. Fraudulent emails commonly appear after major natural disasters and often contain links or attachments that direct users to malicious websites. Users should exercise caution in handling any email with a subject line, attachments, or hyperlinks related to the hurricane, even if it appears to originate from a trusted source. NCCIC advises users to verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number.

Honeywell Mobile Computers with Android Operating Systems (ICSA-18-256-01) – Product Used in the Energy Sector

The NCCIC has released an advisory on an improper privilege vulnerability in Honeywell Mobile Computers with Android Operating Systems. Numerous versions are affected. A vulnerability in a system service on CT60, CN80, CT40, CK75, CN75, CT50, D75e, CN51, and EDA series mobile computers running the Android Operating System (OS) could allow a malicious third-party application to gain elevated privileges. Honeywell has released software updates that resolve this vulnerability. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of this vulnerability.

What is Vulnerability Management Anyway?

The vulnerability management process is a continuous information security risk undertaking that requires management oversight. There are four high-level processes that encompass vulnerability management: discovery, reporting, prioritization, and response. Vulnerability management is only one piece of a security program. It’s not going to solve the entire risk management challenge. You have to start with a comprehensive understanding of what’s on your network. If you don’t know it’s there, there’s no way you can protect it.

Implementing a Risk-Based Approach to Vulnerability Management

In a recently published report, cybersecurity company Gartner advocates for a risk-based approach to vulnerability management that correlates asset value, the severity of the vulnerabilities, and threat actor activity. As discussed by an analyst from IBM who reviewed the report, one of the biggest challenges plaguing security teams worldwide is figuring out which vulnerabilities, out of the multitude that are uncovered daily, to remediate first.

Pages

Subscribe to Cybersecurity