You are here

Home » Cybersecurity

Cybersecurity

Citing Urgent National Security Risk, Task Force Urges Broad Action on Ransomware

The Ransomware Task Force, a group made up of more than 60 experts spanning government, industry, and nonprofit sectors, released a report calling ransomware an urgent national security threat and proposing sweeping recommendations to the public and private sectors on combatting this growing problem. The 81-page Combating Terrorism report begins by discussing how ransomware has evolved and grown into an increasing problem, threatening businesses and governments not just i

NSA Advisory on Ensuring Security of Operational Technology

The National Security Agency (NSA) has released the Cybersecurity Advisory, “Stop Malicious Cyber Activity Against Connected Operational Technology,” detailing how to evaluate risks to systems and improve the security of connections between OT and enterprise networks. This guidance is intended to provide a pragmatic evaluation methodology to assess how to best improve OT and control system cybersecurity for mission success, to include understanding necessary resources for secure systems.

CISA Releases Second Graphic Novel to Educate about the Risk of Disinformation

The Cybersecurity and Infrastructure Security Agency (CISA) has released its second graphic novel in the Resilience Series to educate the public on the dangers and risks associated with dis- and misinformation campaigns. Bug Bytes tells the fictional story of Ava Williams, a graduate student, who uses her wits and journalism skills to uncover a disinformation campaign set to damage critical communications infrastructure in the U.S.

If Your Utility Qualifies for a “.gov” Top-Level Domain (TLD), Consider This

On Tuesday, administration of the “.gov” top-level domain (TLD) was officially transferred to CISA. Organizations that qualify as a government entity but do not currently use a .gov TLD can be confusing to the public as to whether the website is legitimate. Reasons vary for why some government entities do not use a .gov. Often that reason is due to the cost of registering and maintaining .gov, especially for small municipalities.

Emotet Effectively Exhausted – Uninstall Command Executed on April 25

The uninstall code planted by the German Bundeskriminalamt (BKA) federal police agency instructing Emotet to uninstall from roughly one million remaining infected systems executed on Sunday. This action cleans up the Windows registry key that enabled the Emotet modules to run automatically and stops and deletes associated services, but does not remove other files, nor does it erase additional malware that might have been installed through the botnet.

Security Awareness – Recent Analysis of Previously Published “Compilation of Many Breaches” (COMB)

A recent sensational headline states that “3.2 billion leaked passwords contain 1.5 million records with government emails,” is indeed notable. However, this is not a new development, nor are these newly leaked credentials. This 100GB “database” was published for free this February in an online cybercrime forum. Dubbed “COMB,” or “Compilation of Many Breaches,” this data set is composed of multiple leaks and breaches across different companies that have occurred over the years.

Joint Cybersecurity Advisory: Russian Foreign Intelligence Service Cyber Operations Trends and Best Practices for Network Defenders

The FBI, the U.S. Department of Homeland Security, and the Cybersecurity and Infrastructure Security Agency (CISA) have published a Joint Cybersecurity Advisory presenting their assessment that Russian Foreign Intelligence Service (SVR) cyber actors – also known as APT29, the Dukes, CozyBear, and Yttirum – will continue to attempt to exploit U.S. and other foreign entities using a range of initial techniques that vary in sophistication, coupled with stealthy intrusion tradecraft within compromised networks. The U.S.

Trend Micro Vulnerability Being Actively Exploited

Cybersecurity firm Trend Micro has disclosed that a threat actor began using a vulnerability in its antivirus products to gain admin rights on Windows systems as part of its attacks. The vulnerability, tracked as CVE-2020-24557, affects the company’s Apex One and OfficeScan XG, two advanced security products aimed at enterprise customers. The vulnerability was discovered last year and patched, but Trend Micro said it learned of incidents where this same bug was weaponized to attack some of its customers.

U.S. Department of Justice Launches Ransomware Task Force

In one of the latest of the federal government’s efforts to address today’s daunting cybersecurity challenges, the U.S. Department of Justice has formed a task force aimed at curtailing the proliferation of ransomware. The task force’s goal is to make these extortion schemes less lucrative by targeting the entire digital ecosystem that supports them. It will increase training and dedicate more resources to the issue, seek to improve intelligence sharing across the department, disrupt command and control infrastructure, and seize profits.

Pages

Subscribe to Cybersecurity