You are here

Home » Cybersecurity

Cybersecurity

FBI FLASH: Intrusion Activities of China-based Cyber Actors Associated with APT 41

The FBI has published a (TLP:WHITE) FLASH message providing technical details of cyber actors based in China, associated with APT 41, who have been indicted for computer intrusions affecting more than 100 victim companies in the U.S. and abroad. Some of the targeted victims were in the “government” industry. The FLASH describes how the actors used a wide range of tactics to gain initial access, including spear-phishing and by exploiting publicly identified security vulnerabilities, including those involving VPNs.

Advtantech WebAccess Node (ICSA-20-261-01)

CISA has published an advisory on an incorrect permission assignment for critical resource vulnerability in Advtantech WebAccess Node. All versions prior to 9.0.1 are affected. Successful exploitation of this vulnerability could allow an attacker to escalate their privileges. Advantech has released update 9.0.1 to mitigate this vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Vulnerability Management – Considerations in OT/ICS Vulnerability Assessments

Identifying and remediating vulnerabilities are paramount to a successful cybersecurity strategy. While vulnerability disclosures, CVEs, and CVSS scores are a good place to start when addressing security gaps, neither offers a complete picture or effective assessment for OT/ICS environments. After ten years of vulnerability assessments, industrial cybersecurity firm Verve has observed several common gaps and offers their top five considerations every OT/ICS environment can benefit from understanding.

National Insider Threat Awareness Month – More Resources to Tackle Insider Threats

Continuing in the spirit of National Insider Threat Awareness Month (NITAM), the InfraGardNCR chapter has publicly posted an excellent Vantage Point blog outlining a basic framework for building, reviewing, and strengthening insider threat programs. In the post, Jim Stone highlights nine fundamental steps for any size and type of organization to follow.

CISA Alert: Chinese Government-affiliated Malicious Cyber Activity

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has published a new alert about cyber threat actors affiliated with the Chinese government – specifically the Ministry of State Security – targeting U.S. government agencies. CISA developed the alert with contributions from the FBI. The alert states that the threat actors are using open-source information to plan and conduct cyber operations and employing readily available exploits and exploit toolkits to quickly engage target networks.

HMS Networks Ewon Flexy and Cosy (ICSA-20-254-03) – Products Used in the Water and Wastewater and Energy Sectors

CISA has published an advisory on a permissive cross-domain policy with untrusted domains vulnerability in HMS Networks Ewon Flexy and Cosy. All versions prior to 14.1 are affected. Successful exploitation of this vulnerability could allow attackers to retrieve limited confidential information. HMS Networks recommends a series of mitigations for the vulnerability. CISA recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

Pages

Subscribe to Cybersecurity