Cybersecurity

Let Me Show you my Shocked Face for $1000, Alex

In an homage to Alex Trebek, what is: Ransomware gangs not honoring ransom payments for stolen data? While this is not an entirely surprising development, it is a little confusing. It hasn’t been since the early days of ransomware attacks where amateur groups did not honor their “promise” to discontinue an attack or unlock files after payment. It’s been quite a few years since ransomware groups realized they needed to protect their credibility in order to profit.

Read more about Let Me Show you my Shocked Face for $1000, Alex

Threat Awareness – Ransomware Compendium

It has been a bit of a whirlwind in ransomware this past week. Bits have been circulating about Ryuk reaping the rewards from its wreckage, a new strain detonating within an hour after gaining access to the network, and an indiscriminate sample with a version to infect Linux. BleepingComputer has those details and much more in its recent “The Week in Ransomware” series for November 6, 2020.

Read more about Threat Awareness – Ransomware Compendium

Information and Communication Technology Supply Chain COVID-19 Lessons Learned

The Cybersecurity and Infrastructure Security Agency (CISA) and government and industry partners recently published the Building A More Resilient ICT Supply Chain: Lessons Learned During The COVID-19 Pandemic report, which examines how the COVID-19 pandemic impacted the logistical supply chains of information and communication technology companies and provides recommendations to increase supply chain resilience.

Read more about Information and Communication Technology Supply Chain COVID-19 Lessons Learned

Cisco Releases Security Updates – Updated November 5, 2020

November 5, 2020

Tags:

us-cert Cisco index

Read more about Cisco Releases Security Updates – Updated November 5, 2020

Adobe Releases Security Updates – Updated November 4, 2020

November 4, 2020

Tags:

adobe us-cert

Read more about Adobe Releases Security Updates – Updated November 4, 2020

Mitsubishi Electric Factory Automation Engineering Products (Update A) (ICSA-20-212-04)

November 5, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

August 4, 2020

Read more about Mitsubishi Electric Factory Automation Engineering Products (Update A) (ICSA-20-212-04)

Mitsubishi Electric MELSEC iQ-R Series (Update B) (ICSA-20-161-02)

November 5, 2020

CISA has updated this advisory with additional information on affected products and mitigation measures. Read the advisory at CISA.

June 16, 2020

CISA has updated this advisory with additional information on mitigation measures. Read the advisory at CISA.

June 10, 2020

Read more about Mitsubishi Electric MELSEC iQ-R Series (Update B) (ICSA-20-161-02)

Mitsubishi Electric GT14 Model of GOT1000 Series (ICSA-20-310-02)

CISA has published an advisory on improper restriction of operations within the bounds of a memory buffer, session fixation, NULL pointer dereference, improper access control, argument injection, and resource management errors vulnerabilities in Mitsubishi Electric GT14 Model of GOT1000 Series products.

Read more about Mitsubishi Electric GT14 Model of GOT1000 Series (ICSA-20-310-02)

WECON PLC Editor (ICSA-20-310-01) - Product Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on stack-based buffer overflow and heap-based buffer overflow vulnerabilities in WECON PLC Editor. Versions 1.3.8 and prior are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of the application. WECON is aware of these vulnerabilities and is currently developing a solution. CISA also recommends a seried of measures to mitigate these vulnerabilities.

Read more about WECON PLC Editor (ICSA-20-310-01) - Product Used in the Water and Wastewater and Energy Sectors

What Every CISO Should Ask about OT/ICS Security

It is not uncommon for OT/ICS cybersecurity to fall under the authority of IT. This isn’t necessarily a bad thing, unless IT is taking responsibility/action and lacks OT-specific knowledge. While many concepts can be drawn from IT security to help secure OT, many of the processes do not translate well. The opposite also presents a challenge, as many OT operators and engineers may not have cybersecurity experience. This is why it is imperative for both OT and IT cybersecurity teams to work together; however, that isn’t always as easy as it sounds.

Read more about What Every CISO Should Ask about OT/ICS Security

You are here

Cybersecurity

Let Me Show you my Shocked Face for $1000, Alex

Threat Awareness – Ransomware Compendium

Information and Communication Technology Supply Chain COVID-19 Lessons Learned

Cisco Releases Security Updates – Updated November 5, 2020

Adobe Releases Security Updates – Updated November 4, 2020

Mitsubishi Electric Factory Automation Engineering Products (Update A) (ICSA-20-212-04)

Mitsubishi Electric MELSEC iQ-R Series (Update B) (ICSA-20-161-02)

Mitsubishi Electric GT14 Model of GOT1000 Series (ICSA-20-310-02)

WECON PLC Editor (ICSA-20-310-01) - Product Used in the Water and Wastewater and Energy Sectors

What Every CISO Should Ask about OT/ICS Security

Pages

You are here

Cybersecurity

Pages

Footer Email Signup