Cybersecurity

IRS Launches “Dirty Dozen” Campaign on Tax Scams

The Internal Revenue Service (IRS) has launched its annual awareness campaign on the 12 most prevalent tax scams, known as the “Dirty Dozen.” As part of the campaign, IRS will highlight one scam each weekday. The first topic in the campaign focuses on internet phishing scams that lead to tax fraud and identity theft. IRS warns to be on alert for a continuing surge of fake emails, texts, websites, and social media attempts to steal users’ personal information.

Read more about IRS Launches “Dirty Dozen” Campaign on Tax Scams

Kunbus PR100088 Modbus Gateway (Update B) (ICSA-19-036-05)

March 5, 2019

The NCCIC has updated this advisory with additional information on mitigation measures. Read the advisory at NCCIC/ICS-CERT.

February 7, 2019

Read more about Kunbus PR100088 Modbus Gateway (Update B) (ICSA-19-036-05)

PSI GridConnect Telecontrol (ICSA-19-059-01) – Products Used in the Energy Sector

The NCCIC has published an advisory on a cross-site scripting vulnerability in PSI GridConnect Telecontrol. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker to execute dynamic scripts in the context of the application, which could allow cross-site scripting attacks. PSI recommends users of affected devices update their devices to a version where this vulnerability is patched. The NCCIC also advises on a series of measures for mitigating this vulnerability.

Read more about PSI GridConnect Telecontrol (ICSA-19-059-01) – Products Used in the Energy Sector

M-Trends 2019 Report Examines APT Actors and Trends, Observes Increase in Retargeted Attacks

FireEye Mandiant has just released M-Trends 2019, its annual report on major trends it observed over the past year. One of the trends noted in the report is the significant increase in governments publicly attributing attacks to threat actors, which are oftentimes other nations. FireEye Mandiant is well known for reporting on malicious cyber activity by advanced persistent threat (APT) actors, many of which it indicates are associated with nations.

Read more about M-Trends 2019 Report Examines APT Actors and Trends, Observes Increase in Retargeted Attacks

NIST Launches Small Business Cybersecurity Corner

The National Institute of Standards and Technology (NIST) has launched the “Small Business Cybersecurity Corner,” a website intended to disseminate consistent, clear, concise, and actionable resources – all of which are free – to small businesses. Currently the website contains resources that provide overviews of types of cyber risks and threats; offer recommendations for how to manage risks; help create, evaluate, and improve security plans; provide guidance for responding to a cyber incident; and list training resources like educational courses, webinars, and videos.

Read more about NIST Launches Small Business Cybersecurity Corner

Vulnerability Management – What to Do When There Is No (or will never be a) Patch

Patching is a fundamental process of every OT/ICS vulnerability management strategy. Determining which patches to (or not) apply is crucial to addressing known exploits. But how are you addressing vulnerabilities that do not (or will never) have a patch? Ralph Langner, arguably the world's foremost expert on Stuxnet, posits that the worst OT/ICS vulnerabilities will never be disclosed, let alone patched. Therefore, solely relying on public vulnerability disclosures will result in gaps in your protection strategy. Mr.

Read more about Vulnerability Management – What to Do When There Is No (or will never be a) Patch

National Consumer Protection Week

National Consumer Protection Week (NCPW) is March 3–9. This annual event encourages individuals and businesses to learn about their consumer rights and how to keep themselves secure. The Federal Trade Commission (FTC) and its NCPW partners provide free resources to protect consumers from fraud, scams, and identity theft.

Read more about National Consumer Protection Week

Everything You Need to Know about IP Spoofing

An article from Privacy PC discusses the types of IP spoofing, the kinds of attacks it’s used for, and how to protect yourself against this activity. IP spoofing is the name given to what might otherwise be called IP forgery or IP fraud. It’s a process whereby an attacker uses a fake IP address to hide their identity and carry out things like Distributed Denial of Service (DDoS) attacks and identity thefts.

Read more about Everything You Need to Know about IP Spoofing

IoT Devices Attacked Faster than Ever and DDoS Attacks Up Dramatically, according to Report

In its most recent Threat Landscape Report, cybersecurity firm Netscout reports the second half of 2018 “revealed the equivalent of attacks on steroids” with greatly increased attacks on Internet of Things (IoT) devices and Distributed Denial of Service (DDoS) attacks. Specifically, it found IoT devices are under attack five minutes after being plugged in and targeted by specific exploits within 24 hours.

Read more about IoT Devices Attacked Faster than Ever and DDoS Attacks Up Dramatically, according to Report

Dragos Year in Review Webinars

ICS security company Dragos has announced a series of upcoming webinars on recent annual reports it issued.

Read more about Dragos Year in Review Webinars

You are here

Cybersecurity

IRS Launches “Dirty Dozen” Campaign on Tax Scams

Kunbus PR100088 Modbus Gateway (Update B) (ICSA-19-036-05)

PSI GridConnect Telecontrol (ICSA-19-059-01) – Products Used in the Energy Sector

M-Trends 2019 Report Examines APT Actors and Trends, Observes Increase in Retargeted Attacks

NIST Launches Small Business Cybersecurity Corner

Vulnerability Management – What to Do When There Is No (or will never be a) Patch

National Consumer Protection Week

Everything You Need to Know about IP Spoofing

IoT Devices Attacked Faster than Ever and DDoS Attacks Up Dramatically, according to Report

Dragos Year in Review Webinars

Pages

You are here

Cybersecurity

Pages

Footer Email Signup