You are here

Home » Cybersecurity

Cybersecurity

CISA Alert: North Korean Cryptocurrency Malware “AppleJeus”

The Cybersecurity and Infrastructure Security Agency (CISA) has published an alert to highlight the cyber threat to cryptocurrency posed by North Korea and provide mitigation recommendations. CISA refers to the malware and other activity by the North Korean government as “AppleJeus.” In a series of seven malware analysis reports (MARs), it provides full technical details of the malware and associated indicators of compromise. Access the alert and MARs at CISA.

Even the Basics are Critical for Critical Infrastructure

The dust (new details/disclosures) seems to be settling on the incident at the Oldsmar, Florida Water Treatment Plant that occurred on February 5, 2021. If you haven’t already, now is a good time to assess that your utility is not as vulnerable to the same basic cybersecurity shortcomings that reportedly contributed to the incident and/or have been identified during the investigation.

Security Tips for Social Media and Social Networking Apps

The Australian Cyber Security Centre (ACSC) has posted advice on secure usage of social media and social networking or messaging apps, underscoring that both can pose a number of security and privacy risks to organizations and individuals when used in an inappropriate or unsafe manner. It also observes that social networking or messaging apps are a common way for an adversary to gather information on organizations and their employees, projects, and systems.

Egregor Ransomware Members Arrested

Law enforcement authorities arrested members of the Egregor ransomware cartel in Ukraine last week, the result of a joint investigation by French and Ukrainian police. The arrested suspects are believed to be some of these "affiliates" (or partners) of the Egregor gang, whose job was to hack into corporate networks and deploy the ransomware. They are also believed to have provided logistical and financial support to help prop up operations.

Joint Cybersecurity Advisory (TLP:WHITE): Compromise of U.S. Water Treatment Facility

Federal government partners have just released a TLP:WHITE* Joint Cybersecurity Advisory on the recent compromise of a U.S. water treatment facility. This product provides a summary of the incident informed by personnel who assisted with the onsite response, threat overviews based on what was observed, and series of recommendations organizations are encouraged to consider to protect themselves against similar activity.

CISA and FBI Warn of Valentine’s Day Scams

Both the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI have released advisories warning of internet romance scams on the occasion of Valentine’s Day. The FBI’s advisory explains well-rehearsed criminals search dating sites, apps, chat rooms, and other social media networking sites attempting to build “relationships” for the sole purpose of getting your money or your personally identifiable information.

Microsoft Windows Privilege Escalation Vulnerability

As part of its regular patch Tuesday release, Microsoft has announced an escalation of privileges vulnerability (CVE-2021-1732) in Microsoft Win32k. A local attacker can exploit this vulnerability to take control of an affected system. Microsoft has stated that Windows 10 and Windows Server 2019 are affected by this vulnerability. Microsoft has also reported that this vulnerability has

Pages

Subscribe to Cybersecurity