CyberSecure Specialist

06 Mar

Ransomware Gang Leaks Data Stolen from City of Oakland

Attacks, Malware

Organizations should initiate proactive measures to ensure they are protected from ransomware. The US DHS website, stopransomware.gov, has links to resources that help organizations protect their systems from intrusions that lead to ransomware. To protect against ransomware attacks, organizations should: • Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.•…

Read More
06 Mar

DoppelPaymer Ransomware Gang Targeted in Europol Operation

Attacks, Malware

According to the German police, the five suspects have ties to Russia. The DoppelPaymer ransomware operation first appeared in 2019, focusing on critical infrastructure and major corporations. Europol reported that victims based in the United States alone paid the group at least $42.4 million between May 2019 and March 2021. German authorities have also reported 37 targeted companies by the ransomware gang. Among DoppelPaymer’s major victims are Dutch Research Council (NWO), Kia Motors America, laptop…

Read More
06 Mar

Modesto Police Department Suffers Ransomware Attack

Attacks, Malware

This incident serves as a reminder of the growing threat of cyber-attacks and that no industry or organization is off limits. This also highlights the need for organizations to take proactive steps to protect their data and systems. All organizations, both public and private, should review their security practices on a regular basis and take appropriate measures to safeguard their sensitive data from cyber threats. https://www.govtech.com/security/personal-data-exposed-in-cyber-attack-on-modesto-calif-pd

Read More
06 Mar

Open letter demands OWASP overhaul, warns of mass project exodus

Data Breaches, Malware, Social Engineering

For more than two decades, the Open Worldwide Application Security Project (OWASP) has provided free and open resources for improving the security of software. Led by the non-profit OWASP Foundation, OWASP has brought together community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and educational and training conferences for developers and technologists to secure the web. However, an open letter signed by dozens of OWASP members, contributors, and supporters questioned…

Read More
06 Mar

Municipal CISOs grapple with challenges as cyber threats soar

Data Breaches, Malware, Social Engineering

On February 10, the City of Oakland, California, announced it had been hit by a ransomware attack that knocked many of its systems offline. Four days later, Oakland declared a state of emergency as it grappled with the wide-ranging impact of the incident, which left city phone systems and multiple non-emergency services inoperable, including its 311 phone system. As of February 24, many city services were still down, including the 311 system, just as a…

Read More
06 Mar

CISA released three (3) Industrial…

Attacks, Insights, Malware

CISA released three (3) Industrial Control Systems (ICS) advisories on February 23, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-054-01 PTC ThingWorx Edge ICSA-22-333-04 Moxa UC Series (Update A) ICSMA-23-047-01 BD Alaris Infusion Central (Update A)  Please share your thoughts. We recently updated our anonymous Product Feedback; we’d welcome your feedback.

Read More
06 Mar

Tracking device technology: A double-edged sword for CISOs

Data Breaches, Malware, Social Engineering

The transportation industry has doubled down in the area of fleet tracking in recent years, which has come with great benefits and not a few security headaches. On the consumer side, we’ve spoken of Apple’s AirTag and how it has been used to find personal items of import — and also its potential to be abused by the nefarious to track and trace individuals. Now we see that Google is jumping into the fray, with…

Read More
06 Mar

Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs

Information, News

German industrial automation solutions provider Wago has released patches for several of its programmable logic controllers (PLCs) to address four vulnerabilities, including ones that can be exploited to take full control of the targeted device. The vulnerabilities were discovered by Ryan Pickren from the Georgia Institute of Technology’s Cyber-Physical Security Lab. The issues were identified by the researcher as part of a PhD project on the security of industrial control systems (ICS). Pickren previously earned…

Read More
05 Mar

Today, CISA retired US-CERT and…

Attacks, Insights, Malware

Today, CISA retired US-CERT and ICS-CERT, integrating CISA’s operational content into a new CISA.gov website that better unifies CISA’s mission. CISA will continue to be responsible for coordinating cybersecurity programs within the U.S. government to protect against malicious cyber activity, including activity related to industrial control systems. In keeping with this responsibility, CISA will continue responding to incidents, providing technical assistance, and disseminating timely notifications of cyber threats and vulnerabilities. Visit the new CISA.gov today!…

Read More
05 Mar

CISA assesses that the United…

Attacks, Insights, Malware

CISA assesses that the United States and European nations may experience disruptive and defacement attacks against websites in an attempt to sow chaos and societal discord on February 24, 2023, the anniversary of Russia’s 2022 invasion of Ukraine. CISA urges organizations and individuals to increase their cyber vigilance in response to this potential threat. In response to the heightened geopolitical tensions resulting from Russia’s full-scale invasion of Ukraine, CISA maintains public cybersecurity resources, including Shields…

Read More