Insights

21 Nov

CISA Releases Insights from Red Team Assessment of a U.S. Critical Infrastructure Sector Organization

Attacks, Insights, Malware

Today, CISA released Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a U.S. Critical Infrastructure Sector Organization in coordination with the assessed organization. This cybersecurity advisory details lessons learned and key findings from an assessment, including the Red Team’s tactics, techniques, and procedures (TTPs) and associated network defense activity. This advisory provides comprehensive technical details of the Red Team’s cyber threat activity, including their attack path to compromise a domain controller and human…

Read More
21 Nov

Kicking-Off with a December 4th Workshop, NIST is Revisiting and Revising Foundational Cybersecurity Activities for IoT Device Manufacturers, NIST IR 8259!

Insights

In May 2020, NIST published Foundational Cybersecurity Activities for IoT Device Manufacturers (NIST IR 8259), which describes recommended cybersecurity activities that manufacturers should consider performing before their IoT devices are sold to customers. These foundational cybersecurity activities can help manufacturers lessen the cybersecurity-related efforts needed by customers, which in turn can reduce the prevalence and severity of IoT device compromises and the attacks performed using compromised devices. In the nearly five years since this document…

Read More
20 Nov

2024 CWE Top 25 Most Dangerous Software Weaknesses

Attacks, Insights, Malware

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical software weaknesses that adversaries frequently exploit to compromise systems, steal sensitive data, or disrupt essential services. Organizations are strongly encouraged to review this list and use it to inform their software security strategies. Prioritizing these weaknesses…

Read More
20 Nov

CISA and Partners Release Update to BianLian Ransomware Cybersecurity Advisory

Attacks, Insights, Malware

Today, CISA, the Federal Bureau of Investigation (FBI), and the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) released updates to #StopRansomware: BianLian Ransomware Group on observed tactics, techniques, and procedures (TTPs) and indicators of compromise attributed to data extortion group, BianLian. The advisory, originally published May 2023, has been updated with additional TTPs obtained through FBI and ASD’s ACSC investigations and industry threat intelligence as of June 2024. BianLian is likely based in…

Read More
20 Nov

USDA Releases Success Story Detailing the Implementation of Phishing-Resistant Multi-Factor Authentication

Attacks, Insights, Malware

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authentication for its personnel in situations where USDA could not exclusively rely on personal identity verification (PIV) cards.  USDA turned to Fast IDentity Online (FIDO) capabilities, a set of authentication protocols that uses cryptographic keys on user devices, to offer a secure…

Read More
19 Nov

Fintech Giant Finastra Investigating Data Breach

Data Breaches, Information, Insights

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned. Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. London-based Finastra has offices in 42 countries and reported $1.9 billion in revenues last year. The company…

Read More
18 Nov

Unlocking Cybersecurity Talent: The Power of Apprenticeships

Insights

Cybersecurity is a fast-growing field, with a constant need for skilled professionals. But unlike other professions — like medicine or aviation — there’s no clear-cut pathway to qualifying for cybersecurity positions. For employers and job seekers alike, this can make the journey to building a team (or entering a successful cybersecurity career) feel uncertain. Enter the registered apprenticeship program — a proven method for developing skilled talent in cybersecurity that benefits both the employer and…

Read More
14 Nov

An Interview With the Target & Home Depot Hacker

Data Breaches, Information, Insights

In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who confirmed using the Rescator identity in a recent interview, also admitted reaching out because he is broke and seeking publicity for several new money making schemes. Mikhail “Mike” Shefel’s former Facebook profile. Shefel has since…

Read More
13 Nov

Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem

Insights

If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver’s license” or “mDL.” These terms, among others, all reference a growing ecosystem around what we are calling “verifiable digital credentials.” But what exactly is a verifiable digital credential? Take any physical credential you use in everyday life – your driver’s license,…

Read More
13 Nov

Palo Alto Networks Emphasizes Hardening Guidance

Attacks, Insights, Malware

Palo Alto Networks (PAN) has released an important informational bulletin on securing management interfaces after becoming aware of claims of an unverified remote code execution vulnerability via the PAN-OS management interface. CISA urges users and administrators to review the following for more information, follow PAN’s guidance for hardening network devices, review PAN’s instruction for accessing organization’s scan results for internet-facing management interfaces, and take immediate action if required: PAN-SA-2024-0015 Important Informational Bulletin: Ensure Access to Management…

Read More