CyberSecure Specialist

15 Aug

CISA Releases Eleven Industrial Control Systems Advisories

Attacks, Insights, Malware

CISA released eleven Industrial Control Systems (ICS) advisories on August 15, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-228-01 Siemens SCALANCE M-800, RUGGEDCOM RM1224 ICSA-24-228-02 Siemens INTRALOG WMS ICSA-24-228-03 Siemens Teamcenter Visualization and JT2Go ICSA-24-228-04 Siemens SINEC Traffic Analyzer ICSA-24-228-05 Siemens LOGO! V8.3 BM Devices ICSA-24-228-06 Siemens SINEC NMS ICSA-24-228-07 Siemens Location Intelligence ICSA-24-228-08 Siemens COMOS ICSA-24-228-09 Siemens NX ICSA-24-228-10 AVEVA Historian Web Server ICSA-24-228-11 PTC Kepware…

Read More
14 Aug

Why scammers want your phone number

Information

Scams Your phone number is more than just a way to contact you – scammers can use it to target you with malicious messages and even exploit it to gain access to your bank account or steal corporate data Márk Szabó 13 Aug 2024  •  , 5 min. read Last month, we looked at how scammers can gain access to your phone number and how data breaches and phishing campaigns could make obtaining it easy.…

Read More
13 Aug

Top 6 Craigslist scams: Don’t fall for these tricks

Information

Scams Here’s how to spot and dodge scams when searching for stuff on the classified ads website that offers almost everything under the sun Phil Muncaster 12 Aug 2024  •  , 5 min. read People have been buying and selling items on Craigslist for nearly three decades. As a platform for digital classified ads, its utility is still second to none for many people. But its simplicity (and anonymity) can also create risks that are,…

Read More
13 Aug

The great location leak: Privacy risks in dating apps

Information

Privacy What if your favorite dating, social media or gaming app revealed your exact coordinates to someone you’d rather keep at a distance? Tony Anscombe 12 Aug 2024  •  , 3 min. read In today’s digital age, geolocation features in many apps offer undeniable convenience. Just before writing this blog, I needed to locate some materials for a DIY project, and using the ‘click and collect’ feature I immediately established the closest store that has…

Read More
13 Aug

Six 0-Days Lead Microsoft’s August 2024 Patch Push

Information, Insights

Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers. Image: Shutterstock. This month’s bundle of update joy from Redmond includes patches for security holes in Office, .NET, Visual Studio, Azure, Co-Pilot, Microsoft Dynamics, Teams, Secure Boot, and of course Windows itself. Of the six zero-day weaknesses Microsoft addressed this month, half are local privilege…

Read More
13 Aug

CISA Releases Ten Industrial Control Systems Advisories

Attacks, Insights, Malware

CISA released ten Industrial Control Systems (ICS) advisories on August 13, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-226-01 AVEVA SuiteLink Server ICSA-24-226-02 Rockwell Automation AADvance Standalone OPC-DA Server ICSA-24-226-03 Rockwell Automation GuardLogix/ControlLogix 5580 Controller  ICSA-24-226-04 Rockwell Automation Pavilion8 ICSA-24-226-05 Rockwell Automation DataMosaix Private Cloud ICSA-24-226-06 Rockwell Automation FactoryTalk View Site Edition ICSA-24-226-07 Rockwell Automation Micro850/870 ICSA-24-226-08 Ocean Data Systems Dream Report ICSA-24-226-09 Rockwell Automation ControlLogix, GuardLogix…

Read More
13 Aug

Microsoft Releases August 2024 Security Updates

Attacks, Insights, Malware

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Microsoft Security Update Guide for August

Read More
13 Aug

Ivanti Releases Security Updates for Avalanche, Neurons for ITSM, and Virtual Traffic Manager

Attacks, Insights, Malware

Ivanti released security updates to address multiple vulnerabilities in Ivanti Avalanche, Neurons for ITSM, and Virtual Traffic Manager (vTM).  A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Ivanti advises users to reduce their attack surface and follow industry best practices by adhering to Ivanti’s network configuration guidance to restrict access to the management interface.  CISA encourages users and administrators to review the following Ivanti advisories and…

Read More
11 Aug

Black Hat USA 2024: All eyes on election security

Information

Critical Infrastructure In this high-stakes year for democracy, the importance of robust election safeguards and national cybersecurity strategies cannot be understated Tony Anscombe 09 Aug 2024  •  , 3 min. read The mention of election security, especially in a year where the majority of the world is destined to vote, brings to mind images of a voting machine or even some form of subversion of online voting or counting processes. So it was not a…

Read More
11 Aug

Black Hat USA 2024 recap – Week in security with Tony Anscombe

Information

Video Unsurprisingly, many discussions focused on the implications of the recent CrowdStrike outage, including the lessons it may have offered for bad actors 09 Aug 2024 This week was that time of the year when thousands of cybersecurity experts descended on Las Vegas to attend Black Hat USA, one of the world’s top cybersecurity conferences. With a large proportion of the world’s population going to the polls this year, one of the keynotes focused on…

Read More