Cybersecurity

Threat Awareness - DarkTortilla Malware

Security researchers are warning defenders to be aware of ‘DarkTortilla’ which several threat actors are using to deliver a wide range of information stealers, remote-access Trojans (RATs), and other malicious payloads. DarkTortilla was first observed by researchers in October 2021, but they believe it has been active since at least 2015. Similar to other malware, threat actors are distributing DarkTortilla via spam emails with file attachments such as .ISO, .ZIP, and .IMG. In some instances, they have also used malicious documents to deliver the malware.

Read more about Threat Awareness - DarkTortilla Malware

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - August 18, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - August 18, 2022

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - August 16, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - August 16, 2022

Cyber Preparedness – Cyber Insurance Considerations

A new study from BlackBerry and Corvus Insurance examines the state of cyber insurance and offers recommendations for helping close the gaps in coverage affecting organizations of all sizes. The study revealed many concerning gaps in cyber insurance. Only around one fifth of all businesses surveyed have cyber insurance coverage above the median ransomware demand of $600,000. Relatedly, among small and medium businesses (SMBs) with fewer than 1,500 employees, only fourteen percent have coverage limits above $600,000.

Read more about Cyber Preparedness – Cyber Insurance Considerations

Ransomware Resilience – Preparing for Attacks Like They’re Natural Disasters

Ransomware attacks continue to be one of the most pernicious cyber threats organizations face today. A survey from the group CISOs Connect found that almost a quarter of all surveyed companies were impacted by ransomware attacks on more than one occasion. Consequently, some security researchers recommend conceptualizing ransomware defense on FEMA’s four phases of emergency management: mitigation, preparedness, response, and recovery.

Read more about Ransomware Resilience – Preparing for Attacks Like They’re Natural Disasters

A Tale of Two (More) Attacks – How MFA Saved the Day for Cloudflare and Not So Much for Cisco

by Jennifer Lyn Walker, Director of Infrastructure Cyber Defense

Read more about A Tale of Two (More) Attacks – How MFA Saved the Day for Cloudflare and Not So Much for Cisco

Cyber Resilience – U.K. Cyber Center Publishes Guidance for Securing Cloud Infrastructure

The U.K.’s National Cyber Security Center (NCSC) published a guidance highlighting how organizations can better secure their data in cloud environments. The NCSC emphasize its important to use a cloud provider that is secure by design and by default, and one where the provider helps your organization meet its security responsibilities.

Read more about Cyber Resilience – U.K. Cyber Center Publishes Guidance for Securing Cloud Infrastructure

Joint Cybersecurity Advisory – #StopRansomware: Zeppelin Ransomware

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI published a joint Cybersecurity Advisory (CSA) on Zeppelin ransomware, providing tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations defend against this threat. Zeppelin ransomware is a spinoff of the Delphi-based Vega malware family and operates as a Ransomware as a Service (RaaS). From 2019 through at least June 2022, attackers have used this malware to target a wide range of businesses and critical infrastructure entities.

Read more about Joint Cybersecurity Advisory – #StopRansomware: Zeppelin Ransomware

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - August 11, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) has published the following ICS vulnerability advisories, as well as alerts, updates, and bulletins:

ICS Vulnerability Advisories:

Read more about CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - August 11, 2022

DHS Warns of Critical Flaws in Emergency Alert System Devices

Last week, the Department of Homeland Security (DHS) warned that its Emergency Alert System (EAS), which the department uses to transmit emergency communications via TV and radio networks, could be exploited by a cyber threat actor to send out false emergency alerts.

Read more about DHS Warns of Critical Flaws in Emergency Alert System Devices

You are here

Cybersecurity

Threat Awareness - DarkTortilla Malware

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - August 18, 2022

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - August 16, 2022

Cyber Preparedness – Cyber Insurance Considerations

Ransomware Resilience – Preparing for Attacks Like They’re Natural Disasters

A Tale of Two (More) Attacks – How MFA Saved the Day for Cloudflare and Not So Much for Cisco

Cyber Resilience – U.K. Cyber Center Publishes Guidance for Securing Cloud Infrastructure

Joint Cybersecurity Advisory – #StopRansomware: Zeppelin Ransomware

CISA ICS Vulnerability Advisories and Alerts, Updates, and Bulletins - August 11, 2022

DHS Warns of Critical Flaws in Emergency Alert System Devices

Pages

You are here

Cybersecurity

Pages

Footer Email Signup