Cybersecurity

The FBI’s Portland, Oregon office has published an advisory on building a digital defense during holiday travel, when many people will be connected to networks other than those at their homes or offices and/or have visitors join theirs. For these situations, the FBI recommends not allowing phones, computers, or other devices to auto-connect to free WiFi networks and to set up separate WiFi accounts for guests to segregate any of their vulnerabilities from your sensitive data.

Another city has come forward with information regarding the ongoing vulnerabilities with online utility payment provider Click2Gov. Unfortunately, this one comes with an added wrinkle. The city of Marietta, GA and the FBI have reason to believe data found on the dark web is linked with recent utility customer online transactions.

CISA has published an advisory on a cross-site scripting vulnerability in GES2020/S2020G Fast Switch 61850. Versions 07A03 and prior are affected. Successful exploitation of this vulnerability may allow an attacker to inject arbitrary code and allow disclosure of sensitive data. GE produced and released Version 07A04, which fixes the vulnerability. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.

In the last few days, the cyber criminals behind the Maze ransomware created a public website where they identify their victims who have chosen to rebuild their operations rather than yield to the ransom demands. The move is part of the criminals’ signaling that they will publish the data stolen from their victims if they don’t pay. “For years, ransomware developers and affiliates have been telling victims that they must pay the ransom or stolen data would be publicly released,” said cybersecurity researcher and BleepingComputer founder Lawrence Adams.