Cybersecurity

SpringShell (“Spring4Shell”) – What it is and What it is Not (from what we know so far)

Over the past couple of days a developing situation regarding a remote code execution (RCE) vulnerability in Java’s Spring Framework has been surrounded with hype and rumors. Given the confusion, here are a few points and resources to explain.

Despite the seemingly sensationalized and similar nickname, until more is known, this vulnerability is not assessed to be as serious as “log4shell.” However, given this is an RCE vulnerability, utilities are encouraged to have their system administrators review available information and assess impact within your environment.

Read more about SpringShell (“Spring4Shell”) – What it is and What it is Not (from what we know so far)

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 31, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 31, 2022

Act Now: CISA Insights on Mitigating Attacks Against Uninterruptable Power Supply Devices

Act Now: Members are urged to address this information with the utmost scrutiny and timeliness.

Read more about Act Now: CISA Insights on Mitigating Attacks Against Uninterruptable Power Supply Devices

Security Awareness – Phishing Scams Continue Leveraging Tax Season Lures

Threat actors continue leveraging the U.S. tax season across multiple campaigns to scam unsuspecting victims. Last week, WaterISAC reported on a tax-themed phishing campaign that led to Emotet infections.

Read more about Security Awareness – Phishing Scams Continue Leveraging Tax Season Lures

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 29, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 29, 2022

Joint Cybersecurity Advisory on Energy Sector ICS Targeting by Russian State-Sponsored Actors, Including TRISIS/TRITON Malware

In response to unsealed indictments by the Department of Justice, federal agencies have published multiple reports regarding Russian state-sponsored cyber activity. Given the current threat climate, it is prudent to pay specific attention to activity reports that CISA and other federal partners publish, as they may be representative of identifiable cyber activity.

Read more about Joint Cybersecurity Advisory on Energy Sector ICS Targeting by Russian State-Sponsored Actors, Including TRISIS/TRITON Malware

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 24, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 24, 2022

FBI Releases the Internet Crime Complaint Center 2021 Internet Crime Report

The FBI’s Internet Crime Complaint Center (IC3) published its 2021 Internet Crime Report. The project draws data from 847,376 complaints of suspected internet crime reported to the FBI. Reports in 2021 represent a 7 percent increase in complaints from the 2020 report with reported losses exceeding $6.9 billion. The top three cyber crimes reported by victims in 2021 were phishing scams, non-payment/non-delivery scams, and personal data breaches. Victims lost the most money to business email compromise scams and investment fraud.

Read more about FBI Releases the Internet Crime Complaint Center 2021 Internet Crime Report

Keep Your Shields Up, Don’t Panic, and Bolster Resilience Against Potential Russian Cyber Attacks on Critical Infrastructure

In a follow up to White House statements on Monday, March 21, 2022 regarding evolving intelligence, the Cybersecurity and Infrastructure Security Agency (CISA) convened an unclassified call on Tuesday to address observed Russian Government preparatory cyber activity against the U.S.

Read more about Keep Your Shields Up, Don’t Panic, and Bolster Resilience Against Potential Russian Cyber Attacks on Critical Infrastructure

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 22, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Alerts, Updates, and Bulletins:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 22, 2022

You are here

Cybersecurity

SpringShell (“Spring4Shell”) – What it is and What it is Not (from what we know so far)

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 31, 2022

Act Now: CISA Insights on Mitigating Attacks Against Uninterruptable Power Supply Devices

Security Awareness – Phishing Scams Continue Leveraging Tax Season Lures

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 29, 2022

Joint Cybersecurity Advisory on Energy Sector ICS Targeting by Russian State-Sponsored Actors, Including TRISIS/TRITON Malware

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 24, 2022

FBI Releases the Internet Crime Complaint Center 2021 Internet Crime Report

Keep Your Shields Up, Don’t Panic, and Bolster Resilience Against Potential Russian Cyber Attacks on Critical Infrastructure

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - March 22, 2022

Pages

You are here

Cybersecurity

Pages

Footer Email Signup