You are here

Home » Cybersecurity

Cybersecurity

NSA Guide: Mitigating Cloud Vulnerabilities

The National Security Agency (NSA) has published an eight-page guide on mitigating cloud vulnerabilities, intended for both leaders and technical staff. The sections on cloud components and cloud threat actors provide helpful overviews of the equipment and processes involved in cloud architecture as well as the backgrounds and capabilities of those who might try to take advantage of weaknesses for malicious purposes. It is especially helpful information for leaders.

Data Privacy Day 2020 – 28 January

Today is the thirteenth annual Data Privacy Day. As netizens, we all have a duty to respect privacy, safeguard data, and enable trust. Data privacy is two-fold and dual-faceted; individuals and organizations have two duties in maintaining data privacy. As individuals, we should be protecting our own data privacy, but we also have a duty to protect data that belongs to others, especially our employer’s data and any data entrusted to our employer by others, such as clients, customers, and partners.

FBI PSA: Cyber Criminals Use Fake Job Listings to Target Applicants’ Personally Identifiable Information

The FBI has published a Public Service Announcement (PSA) regarding fake job or hiring scams. As described by the PSA, these scams occur when criminal actors deceive victims into believing they have a job or a potential job. Criminals leverage their position as “employers” to persuade victims to provide them with personally identifiable information (PII) or to send them money.

CISA Advisory: Increased Emotet Malware Activity

The U.S. Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA) has posted an advisory noting it is aware of a recent increase in targeted Emotet malware attacks. Emotet is a sophisticated Trojan that commonly functions as a downloader or dropper of other malware. Emotet primarily spreads via malicious email attachments and attempts to proliferate within a network by brute forcing user credentials and writing to shared drives. If successful, an attacker could use an Emotet infection to obtain sensitive information.

CISA Reminder: Safeguard Websites from Cyber Attacks

The U.S. Department of Homeland Security’s (DHS’s) Cybersecurity and Infrastructure Security Agency (CISA) has published a Reminder to protect personal and organizational public-facing websites from defacement, data breaches, and other types of cyberattacks by following cybersecurity best practices. CISA) encourages users and administrators to review CISA’s updated Tip on Website Security and take the necessary steps to protect against website attacks.

Honeywell Maxpro VMS & NVR (ICSA-20-021-01) – Products Used in the Energy Sector

CISA has released an advisory on deserialization of untrusted data and SQL injection vulnerabilities in Honeywell MAXPRO VMS & NVR. Multiple products and versions of these products are affected. Successful exploitation of these vulnerabilities could result in elevation of privileges, cause a denial-of-service condition, or allow unauthenticated remote code execution. Honeywell recommends users update VMS 560 Build 595 T2-Patch for affected VMS systems, and NVR 5.6 Build 595 T2-Patch for affected NVR systems. CISA also recommends a series of measures to mitigate the vulnerability.

DHS Acting Secretary Wolf Talks 2020 Homeland Threats and Priorities

In remarks before the Homeland Security Experts Group (HSEG), an independent, nonpartisan of homeland security policy and counter-terrorism experts, U.S. Department of Homeland Security (DHS) Acting Secretary Chad Wolf provided a 360-degree view of the threat landscape and the Department’s priorities for the year. Wolf began his remarks focusing on international threats, in particular those emanating from Iran, China, and Russia.

Building a Digital Defense against Tech Support Scams

The FBI’s Portland, Oregon office has published two back-to-back advisories on building a digital defense against digital device repair scams. As noted in the first of the advisories, the FBI’s Internet Crime Complaint Center (IC3) is receiving increasing amounts of reports involving this type of scam. Here’s one version of how the scam works: you find someone online to fix your problem and pay the requested amount for the repair services. Shortly after, you receive a call from a scammer saying you are getting a partial refund on your money for one reason or another.

Pages

Subscribe to Cybersecurity