You are here

Home » Cybersecurity

Cybersecurity

Latest VPN Breaches Reinforce Importance of Trusting Your Provider

Detailed credentials for more than 21 million VPN users were swiped and advertised for sale online last week, offered by a cyber thief who allegedly stole user data collected by the VPN providers themselves. The data includes email addresses, randomly generated password strings, payment information, and device IDs belonging to users of three VPNs that offer their services for free – SuperVPN, GeckoVPN, and ChatVPN. While shocking, the unfortunate truth about the recent VPN data leak is that this type of data mishap is nothing new.

Pen Tester Shows Weaknesses at Nuclear Plant

In a recent interview published by Trustwave, a pen tester proved that even a well-protected nuclear power plant could use a cybersecurity tune up. Consultant Charles Hamilton reported that he had encountered a low-security Wifi hot-spot at his client’s facility set up by contractors.  From there, he was able to gain access to the network and some monitoring tools. Within two hours, he and domain-level access.

NSA Guidance on Zero Trust Security Model

The National Security Agency (NSA) has released Cybersecurity Information Sheet: Embracing a Zero Trust Security Model, which provides information about, and recommendations for, implementing Zero Trust within networks. The Zero Trust security model is a coordinated system management strategy that assumes breaches are inevitable or have already occurred. The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators and organizations review NSA’s guidance to help secure sensitive data, systems, and services.

Greater Preparedness and Security in Light of Oldsmar, Regardless of Intent or Motivation

Risk management firm, The Gate 15 Company reviews the February 5, 2021 blended threat (cyber-physical) incident at the Oldsmar, Florida Water Treatment Plant in a recent blog post titled, “Blended Threats: Did Florida’s Cyber Attack Whet Your Appetite for Better Preparedness and Security?” The post highlights the blended threat concerns and reviews some best practices and mitigation actions drawn from WaterISAC’s 15 Cybersecurity Fundamentals for Water and Wastewater Utilities for greater preparedness.

Dragos 2020 ICS Cybersecurity Year in Review

In case you haven’t seen it yet, Dragos published its 2020 ICS Cybersecurity Year in Review yesterday. This years' report has some cool interactive elements displayed as an executive summary. Based on extensive experience, assessments, and incident response insights, Dragos shares its observations, lessons learned, and recommendations in this annual data-driven analysis of Industrial Control System (ICS)/Operational Technology (OT) focused cyber threats and vulnerabilities.

In addition to several key findings and recommendations for ICS defenders, read the report for more on:

CISA Alert: Exploitation of Accellion File Transfer Appliance

The Cybersecurity and Infrastructure Security Agency (CISA) has published an alert about cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance, noting this activity has impacted organizations globally. According to the alert, the actors have attacked government entities at all levels (federal, state, local, and more) as well as private industry organizations, including those in the telecommunications and energy sectors. The alert contains technical details of the activity and a list of recommendations for organizations that use Accellion FTA.

OT/ICS Security – Going From A(ir Gap) to Z(ero Trust)

Zero trust has become a bit of a buzzword lately, especially since the disclosure of the SolarWinds incident. In addition, it’s possible that the concept of zero trust is thought of as applicable only to IT systems and may have industrial systems operators dismissing it. But as the air-gap continues to erode in favor or greater (remote) access to control systems, zero trust becomes essential.

ACSC Small Business Cybersecurity Guide

The Australian Cyber Security Centre (ACSC) has published a guide intended to help small businesses protect themselves from the most common cybersecurity incidents. It identifies and explains the most common types of cyber threats and what can be done to protect a business, with some examples being malicious software, automatic updates, and multi-factor authentication. It also includes a series of checklists, including on people and procedures, as well as a glossary of terms.

Aperture: A Claroty Podcast, Features WaterISAC to Discuss Oldsmar and Sector Cybersecurity

As the country continues discussing the cyber incident which occurred at the Oldsmar Florida Water Treatment Plant on February 5, 2021, it is important to continue highlighting the need for information sharing across the sector. Michael Mimoso, Aperture’s host and Claroty Editorial Director invited Water ISAC Managing Director Michael Arceneaux and Cyber Threat Analyst Jennifer Lyn Walker to discuss the incident, how it underscores the need for better information-sharing about incidents, and improved security hygiene inside critical infrastructure sectors such as water and wastewater.

Pages

Subscribe to Cybersecurity