You are here

Home » Cybersecurity

Cybersecurity

Large Energy Supplier Suffers Data Breach Caused by Unsecured Cloud Storage

A large energy supplier in New England, Eversource, has reported it suffered a data breach due to customers' personal information, including names, social security numbers, and more, being left exposed on an unsecured cloud server. The company discovered the breach during a security review in mid-March, when it found a cloud data storage folder that was misconfigured so that anyone could access its contents. Eversource immediately secured the folder and has stated that there is no indication that any of the data was acquired or misused by unauthorized people.

OT Cybersecurity – ICS Unicorns are an Endangered Species

It is certainly not impossible to maintain an air gapped control system network, but all too often risk assessments and penetration tests reveal they are a dying breed. Likewise, numerous case studies and research into ICS-focused adversaries reveal many threat groups leveraging IT exploits to traverse into the OT network. Both scenarios confirm the fact that OT and IT cybersecurity need each other for a holistic security posture.

Threat Actors Targeting Cybersecurity Researchers

The Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory noting that Google and Microsoft recently published reports on advanced persistent threat (APT) actors targeting cybersecurity researchers. The APT actors are using fake social media profiles and legitimate-looking websites to lure security researchers into visiting malicious websites to steal information, including exploits and zero-day vulnerabilities.

Annual Canadian Intelligence Service Report Highlights Effects of COVID-19, Foreign Interference, and Extremism and Terrorism

The Canadian Security Intelligence Service’s (CSIS’s) just-released Public Report 2020 shines light on threats to Canada’s security by providing an overview of the organization’s major efforts in the past year and a section on the country’s threat environment. It begins by noting how the COVID-19 pandemic created a situation ripe for exploitation by threat actors, who sought to take advantage of organizations working on COVID-19 research and more individuals working from home.

U.S. Intelligence Community Annual Threat Assessment Warns of Nation State Cyber Operations, Domestic Violent Extremism, and Extreme Weather

The Office of the Director of National Intelligence has released its Annual Threat Assessment of the U.S. Intelligence Community, which examines worldwide threat trends relevant to the security of the country.

OT and IT Cybersecurity – We Need Each Other

Cybersecurity is an organizational initiative; a necessity. It’s not us (OT) versus them (IT). Cybersecurity is not solely a technology problem. IT standards do not always translate well to secure ICS/SCADA systems and processes; however, much can be gained by understanding IT security principles and how they may or may not relate to OT security. Likewise, IT security needs to know/understand the engineering and operations of control systems so together they can better architect secure solutions.

Identity Management Day – Information and Resources

Today is Identity Management Day, which aims to inform business leaders, IT decision makers, and the general public about the dangers of casually or improperly managing and securing digital identities by raising awareness, sharing best practices, and leveraging the support of vendors in the identity security space. The Identity Defined Security Alliance, which operates in partnership with the National Cybersecurity Alliance (the host of National Cybersecurity Month) has posted information and resources to its website to help with this effort.

President Biden Announces Intent to Nominate First National Cyber Director and New CISA Director, among other Positions

Yesterday President Joe Biden announced his intent to nominate key members of his administration to lead on national security, homeland security, and law enforcement at the White House and across key agencies. Two of the positions include the National Cyber Director, which is new, and the Cybersecurity and Infrastructure Security Agency (CISA) Director, a role in which Brandon Wales has served in an acting capacity since November.

Pages

Subscribe to Cybersecurity