You are here

Home » Cybersecurity

Cybersecurity

U.S. Accounts for More than Half of World’s Ransomware Attacks

According to Malwarebytes’ Q1 2019 Cybercrime Tactics and Techniques report, the U.S. is the country most affected by ransomware, with data from the company revealing that 53 percent of ransomware detections came from the country. Canada, which is the second most impacted country in the list, accounts for 10 percent of the ransomware detections. Further analysis of the statistics shows that ransomware attacks were most prevalent in Texas and California.

El Paso and Dayton Tragedy-Related Scams and Malware Campaigns

In the wake of the recent shootings in El Paso, TX, and Dayton, OH, the Cybersecurity and Infrastructure Security Agency (CISA) advises users to watch out for possible malicious cyber activity seeking to capitalize on these tragic events. Users should exercise caution in handling emails related to the shootings, even if they appear to originate from trusted sources. Fraudulent emails often contain links or attachments that direct users to phishing or malware-infected websites. Emails requesting donations from duplicitous charitable organizations are also common after tragic events.

NIST Publishes Multifactor Authentication Guide

The National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) has published Cybersecurity Practice Guide: Multifactor Authentication for E-Commerce, which discusses multifactor authentication (MFA) protection methods that can be implemented to reduce fraudulent purchases. Although this guide it specifically intended for online retailers, it can still be of use to any organization that receives payments from customers in online environments.

Suspected State-Sponsored Spear Phishing Campaign Targets U.S. Utilities with New Malware

Cybersecurity firm Proofpoint identified a new spear phishing campaign that targeted three undisclosed U.S. utilities. Based on overlaps with historical campaigns and macros utilized, Proofpoint believes the campaign is state-sponsored. The convincing phishing lures purport to come from the National Council of Examiners for Engineering and Surveying (NCEES), a business that handles professional licensing for engineers and surveyors, indicating the threat actors have a decent amount of industry knowledge.

3S-Smart Software Solutions GmbH CODESYS V3 (ICSA-19-213-03)

The NCCIC has published an advisory on unverified ownership and uncontrolled memory allocation vulnerabilities in 3S-Smart Software Solutions GmbH CODESYS V3. All variants of a series of CODESYS V3 products in all versions prior to v3.5.14.20 that contain the CmpGateway component are affected, regardless of the CPU type or operating system. Successful exploitation of these vulnerabilities could allow a remote attacker to close existing communication channels or to take over an already established user session to send crafted packets to a PLC.

Fuji Electric FRENIC Loader (ICSA-19-213-02)

The NCCIC has published an advisory on an out-of-bounds read vulnerability in Fuji Electric FRENIC Loader. Versions 3.5.0.0 and prior are affected. Successful exploitation of this vulnerability could allow information disclosure. Fuji Electric has released a new version of FRENIC Loader that addresses the reported vulnerability. The NCCIC also advises of a series of measures for mitigating the vulnerability. Read the advisory at CISA.

Pages

Subscribe to Cybersecurity