CyberSecure Specialist

CISA Releases Four Industrial Control Systems Advisories

Original release date: October 27, 2022 CISA has released four (4) Industrial Control Systems (ICS) advisories on October 27, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: •    ICSA-22-300-01 Rockwell Automation FactoryTalk Alarm and Events Server •    ICSA-22-300-02 SAUTER Controls moduWeb •    ICSA-22-300-03 Rockwell Automation Stratix Devices Containing Cisco IOS •  …

Read More

New York Post ‘Hacked’ in Tweets Calling for Assassination of Biden, Lawmakers

The New York Post said Thursday it had been “hacked” by an employee after the tabloid newspaper’s Twitter account posted a series of antagonistic messages, including a call for the assassination of US President Joe Biden. The rogue tweets were removed late Thursday morning.  “The New York Post has been hacked. We are currently investigating the cause,” a message on the tabloid’s account said. “The New York Post’s investigation indicates that the unauthorized conduct was…

Read More

Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector

It is highly recommended to implement and maintain a regular patching cycle for all devices in an organization and particularly devices that are Internet-facing. Vice Society exploits vulnerabilities to both gain an initial foothold into an environment as well as escalating privileges on infected systems. By making sure all devices are up-to-date on patches consistently, an organization can help prevent threat actors like Vice Society from being able to gain a foothold into an environment.…

Read More

Medibank Provides An Update

Medibank plans to aid their customers moving forward by providing some resources free of charge, those include: • Financial support for customers who are in a uniquely vulnerable position because of this crime.• Free identity monitoring services for customers who have had their primary ID compromised• Reimbursement of fees for re-issue of identity documents that have been fully compromised in this crime.• Specialist identity protection advice and resources from IDCARE.• Medibank’s mental health and wellbeing…

Read More

LinkedIn’s New Security Features Combat Fake Profiles, Threat Actors

Fake accounts, fake job offers, and phishing attacks are all common tactics of threat actors using LinkedIn to target individuals. Threat actors may message individuals asking them to visit a company site which is reality, a fake site designed to steal credentials. Users should always be cautious if sent an external link on LinkedIn. Additionally, users should be wary of any files sent on LinkedIn from unknown users — threat actors will often use this…

Read More

How Cisco’s Cloud Control Framework helps it comply with multiple security standards

An XKCD comic strip shows two tech workers frustrated that there are 14 competing standards for a variety of use cases. “We need to develop one unified standard that covers everyone’s use cases,” they say. The next frame shows that there are now 15 standards instead of one. Brad Arkin, the chief security and trust officer at Cisco, will tell you that this illustration of how standards proliferate hits uncomfortably close to the truth. “Everybody…

Read More

5 tips to help children navigate the internet safely

The online world provides children with previously unimagined opportunities to learn and socialize, but it also opens them up to a range of hazards. How can you steer kids toward safe internet habits? The way our digital lives have become entangled with our physical world has brought new, major challenges for parents, caregivers and teachers. Not only because it is essential to teach children how to read and understand information online and generally navigate the…

Read More

What to consider before disposing of personal data – Week in security with Tony Anscombe

A major financial services company has learned the hard way about the importance of proper disposal of customers’ personal data The U.S. Securities and Exchange Commission (SEC) has announced that Morgan Stanley has agreed to pay a penalty of $35 million for exposing the personal information of 15 million customers. According to SEC, the financial services company failed to properly dispose of hard drives and servers that contained the personal data of its customers. The…

Read More

Parcel delivery scams are on the rise: Do you know what to watch out for?

As package delivery scams that spoof DHL, USPS and other delivery companies soar, here’s how to stay safe not just this shopping season Where there are users to be scammed and money to be made, cybercriminals won’t be far behind. So it was during the pandemic, when internet users eager to get hold of the latest COVID news were susceptible to scams. At one point, Google claimed to be blocking 18 million daily phishing emails…

Read More

Online ticketing company “See” pwned for 2.5 years by attackers

by Paul Ducklin See Tickets is a major global player in the online event ticketing business: they’ll sell you tickets to festivals, theatre shows, concerts, clubs, gigs and much more. The company has just admitted to a major data breach that shares at least one characteristic with the amplifiers favoured by notorious rock performers Spinal Tap: “the numbers all go to 11, right across the board.” According to the email template that See Tickets used…

Read More