CyberSecure Specialist

20 Oct

CISA Releases Fact Sheet on Effort to Revise the National Cyber Incident Response Plan (NCIRP)

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA) released a fact sheet on the effort to revise the National Cyber Incident Response Plan (NCIRP). Through the Joint Cyber Defense Collaborative (JCDC), CISA will work to ensure that the updated NCIRP addresses significant changes in policy and cyber operations since the initial NCIRP was released. First published in 2016, the NCIRP was developed in accordance with Presidential Policy Directive 41 (PPD-41) on U.S. Cyber Incident Coordination…

Read More
20 Oct

Better safe than sorry: 10 tips to build an effective business backup strategy

Information

Business Security How robust backup practices can help drive resilience and improve cyber-hygiene in your company Phil Muncaster 18 Oct 2023  •  , 5 min. read Could your company survive if its most critical data stores were suddenly encrypted or wiped out by cybercriminals? This is the worst-case scenario many organizations have been plunged into as a result of ransomware. But there are also many other scenarios that could create serious business risk for companies.…

Read More
19 Oct

Harmonic Lands $7M Funding to Secure Generative AI Deployments

Information, News

A British startup called Harmonic Security has attracted $7 million in seed-stage investment to build technology to help secure generative AI deployments in the enterprise. Harmonic, based in London and San Francisco, said it is working on software to mitigate against the ‘wild west’ of unregulated AI apps harvesting company data at scale. The company said the early-stage financing was led by Ten Eleven Ventures, an investment firm actively investing in cybersecurity startups. Storm Ventures…

Read More
19 Oct

Oracle Releases October 2023 Critical Patch Update Advisory

Attacks, Insights, Malware

Oracle has released its Critical Patch Update Advisory for October 2023 to address 387 vulnerabilities across multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the Oracle Critical Patch Update Advisory – October 2023 and apply the necessary updates.  

Read More
19 Oct

CISA, NSA, FBI, and MS-ISAC Release Update to #StopRansomware Guide

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released an updated version of the joint #StopRansomware Guide. The update includes new prevention tips such as hardening SMB protocols, revised response steps, and added threat hunting insights. Developed through the U.S. Joint Ransomware Task Force (JRTF), #StopRansomware Guide is designed to be a one-stop resource to…

Read More
19 Oct

Operation King TUT: The universe of threats in LATAM

Information

ESET Research ESET researchers reveal a growing sophistication in threats affecting the LATAM region by employing evasion techniques and high-value targeting 17 Oct 2023  •  , 3 min. read Much like the life and mysterious demise of Pharaoh Tutankhamun, also known as King Tut, the threat landscape in Latin America (LATAM) remains shrouded in mystery. This is primarily due to the limited global attention on the evolving malicious campaigns within the region. While notable events…

Read More
18 Oct

Finland Charges Psychotherapy Hacker With Extortion

Data Breaches, Information, News

Finland on Wednesday charged a hacker, accused of the theft of tens of thousands of records from psychotherapy patients, with over 21,000 counts of extortion, the national prosecutor announced. “The suspect is held on remand and has denied being guilty of the offenses,” the National Prosecution Authority said in a statement. The prosecutor is seeking a seven-year prison sentence for the defendant, Aleksanteri Kivimaki, who was formerly identified as Julius Kivimaki. In the 2018 breach…

Read More
18 Oct

The Fake Browser Update Scam Gets a Makeover

Information, Insights

One of the oldest malware tricks in the book — hacked websites claiming visitors need to update their Web browser before they can view any content — has roared back to life in the past few months. New research shows the attackers behind one such scheme have developed an ingenious way of keeping their malware from being taken down by security experts or law enforcement: By hosting the malicious files on a decentralized, anonymous cryptocurrency…

Read More
18 Oct

Cybersecurity Awareness Month 2023 Blog Series | Updating Software

Insights

Credit: NIST It’s week three in our Cybersecurity Awareness Month blog series! This week, we interviewed NIST’s Michael Ogata (Computer Scientist) and Paul Watrobski (IT Security Specialist) about the importance of updating software. This week’s Cybersecurity Awareness Month theme is ‘updating software.’ How does your work/specialty area at NIST tie into this behavior? NIST’s Applied Cybersecurity Division’s core mission is to explore, measure, and evaluate both the cybersecurity guidance NIST provides as well as industry…

Read More
18 Oct

CISA, NSA, FBI, and MS-ISAC Release Phishing Prevention Guidance

Attacks, Insights, Malware

Today, the Cybersecurity Infrastructure and Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a joint guide, Phishing Guidance: Stopping the Attack Cycle at Phase One. The joint guide outlines phishing techniques malicious actors commonly use and provides guidance for both network defenders and software manufacturers to reduce the impact of phishing techniques used in obtaining credentials and deploying malware.…

Read More