Cybersecurity

Joint Cybersecurity Advisory – Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization

This week, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the National Security Agency (NSA) published a joint Cybersecurity Advisory (CSA) to highlight malicious cyber activity by advanced persistent threat (APT) actors observed on a Defense Industrial Base sector organization’s enterprise network. Most notably, the advisory highlights how threat actors continue to successfully maintain persistence in victim networks by leveraging legitimate account credentials.

Read more about Joint Cybersecurity Advisory – Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization

Update October 6, 2022 – Threat and Vulnerability Advisory: Update to Microsoft Exchange Server Zero-Day Vulnerabilities (ProxyNotShell)

Attention: Microsoft Exchange administrators are highly recommended to revisit and follow Microsoft’s updated guidance to protect vulnerable servers until a patch is made available.

Read more about Update October 6, 2022 – Threat and Vulnerability Advisory: Update to Microsoft Exchange Server Zero-Day Vulnerabilities (ProxyNotShell)

CISA Issues Binding Operational Directive (BOD) 23-01 to Improve Cybersecurity Asset Visibility and Vulnerability Detection

Yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive (BOD) 23-01, Improving Asset Visibility and Vulnerability Detection on Federal Networks. The intent of the BOD is to help federal agencies strengthen their cyber defenses by gaining visibility into all the assets on their networks and improving vulnerability detection capabilities.

Read more about CISA Issues Binding Operational Directive (BOD) 23-01 to Improve Cybersecurity Asset Visibility and Vulnerability Detection

CISA Warns Users to Remain on Alert for Hurricane-Related Scams

The Cybersecurity and Infrastructure Security Agency (CISA) is warning users to remain on alert for malicious cyber activity targeting potential disaster victims and charitable donors following Hurricane Ian. Fraudulent emails – often containing malicious links or attachments—are common after major natural disasters. Exercise caution in handling emails with hurricane-related subject lines, attachments, or hyperlinks. In addition, be wary of social media pleas, texts, or door-to-door solicitations relating to severe weather events.

Read more about CISA Warns Users to Remain on Alert for Hurricane-Related Scams

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 4, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 4, 2022

Cybersecurity Awareness Month 2022 – Become a Champion!

Read more about Cybersecurity Awareness Month 2022 – Become a Champion!

Security Awareness – Office Exploits Continue to Spread More Than Any Other Category of Malware

Overall malware detections have decreased from their record high in the first half of 2021, but there was an increase in encrypted malware and threats targeting Chrome and Microsoft Office, according to WatchGuard Threat Lab’s latest report.

Read more about Security Awareness – Office Exploits Continue to Spread More Than Any Other Category of Malware

New Sophos Report – The State of Ransomware in State and Local Government 2022

Yesterday, the cybersecurity company Sophos released a new report, The State of Ransomware in State and Local Government 2022, which provides insights into ransomware attack trends, costs and recovery, and ransom payouts in state and local government organizations over the last year. To conduct the report, Sophos polled 5,600 IT professionals in mid-sized organizations across 31 countries, including 199 respondents from the state and local government sector. The study found that ransomware attacks against state and local governments are significantly increasing.

Read more about New Sophos Report – The State of Ransomware in State and Local Government 2022

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - September 29, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - September 29, 2022

Cyber Resilience – Get to Know the Enemy Before They Get to Know You

by Jennifer Lyn Walker

Read more about Cyber Resilience – Get to Know the Enemy Before They Get to Know You

You are here

Cybersecurity

Joint Cybersecurity Advisory – Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization

Update October 6, 2022 – Threat and Vulnerability Advisory: Update to Microsoft Exchange Server Zero-Day Vulnerabilities (ProxyNotShell)

CISA Issues Binding Operational Directive (BOD) 23-01 to Improve Cybersecurity Asset Visibility and Vulnerability Detection

CISA Warns Users to Remain on Alert for Hurricane-Related Scams

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - October 4, 2022

Cybersecurity Awareness Month 2022 – Become a Champion!

Security Awareness – Office Exploits Continue to Spread More Than Any Other Category of Malware

New Sophos Report – The State of Ransomware in State and Local Government 2022

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - September 29, 2022

Cyber Resilience – Get to Know the Enemy Before They Get to Know You

Pages

You are here

Cybersecurity

Pages

Footer Email Signup