Malware

CISA Releases Six Industrial Control Systems Advisories

Original release date: December 20, 2022 CISA released six Industrial Control Systems (ICS) advisories on December 20, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-354-01 Fuji Electric Tellus Lite V-Simulator ICSA-22-354-02 Rockwell Automation GuardLogix and ControlLogix ICSA-22-354-03 ARC Informatique PcVue ICSA-22-354-04 Rockwell Automation MicroLogix 1100 and 1400 ICSA-22-354-05 Delta 4G…

Read More

How to enable event collection in Windows Server

Event logs register information about software and hardware events that occur in a system, and they are a key weapon in the arsenal of computer security teams. Windows Server has offered Windows Event Forwarding (WEF) for aggregating system event logs from disparate systems to a central event log server for several versions now. High end security information and event management (SIEM) or security, orchestration, automation, and response (SOAR) systems are the ideal in an enterprise…

Read More

DarkTortilla Used on Grammarly and Cisco Phishing Sites

Some recommendations from the source article include: • Do not open suspicious links in emails.• Do not download the software from untrusted sources.• Use a reputed anti-virus and Internet security software package on your connected devices, including PC, laptop, and mobile.• Refrain from opening untrusted links and email attachments without verifying their authenticity. It is worth noting that if a link is visited and seems suspicious, it is recommended to navigate directly to the legitimate…

Read More

New Agenda Ransomware Variant, Written in Rust, Aiming at Critical Infrastructure

To protect against ransomware attacks, organizations should:• Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location• Install updates/patch operating systems, software, and firmware as soon as…

Read More

Google Has Improved Gmail Security via Client-Side Encryption

On the contrary, End-to-End Encryption (E2EE) is a communication technique in which data is encrypted on the sender’s device and can only be unlocked by the recipient’s device using a secret key that is shared between the sender and receiver. Other Google products outside of Gmail also have client-side encryption enabled. Earlier this year, the tech giant made the same feature available for Google Meet, Drive, and Calendar. Google Drive apps also support client-side encryption…

Read More

US consumers seriously concerned over their personal data

A report released today by Big Four accounting firm KPMG found that large majorities of the American public are highly concerned about the security of their personal data, and that US companies aren’t helping matters by ramping up their collection of that data. Fully 92% of respondents to KPMG’s survey said that they were concerned to some extent about how personal data that they provide to companies is handled, and nearly nine in 10 said…

Read More

US Food Companies Warned of BEC Attacks Stealing Food Product Shipments

The Federal Bureau of Investigation (FBI), the Food and Drug Administration Office of Criminal Investigations (FDA OCI), and the US Department of Agriculture (USDA) are raising alarm on business email compromise (BEC) attacks leading to the theft of shipments of food products and ingredients. Typically used to steal money, BEC involves threat actors compromising email accounts at target companies and then targeting employees in charge of making payments with fraudulent emails that instruct them to…

Read More

Ukrainian Government Networks Breached via Trojanized Windows 10 Installers

In this campaign, the initial access using the trojanized ISO file was facilitated through phishing and relied on human error to infiltrate these organizations. A look back at campaigns over the past year have shown that many threat actors have turned to phishing tactics, likely because a human operator is often one of the weakest points in an organization’s security infrastructure. General recommendations for mitigation of phishing attacks are largely policy and user education based,…

Read More

FuboTV Suffers Outage During World Cup

Anyone that is a customer of FuboTV should be monitoring for any change in account activity including password or email changes. They should also be on the lookout for an update from FuboTV regarding what, if any, information was stolen and how to mitigate the attack from a customer standpoint. https://www.bleepingcomputer.com/news/security/fubotv-says-world-cup-streaming-outage-caused-by-a-cyberattack/?&web_view=true

Read More

Attackers Leak Personal Info Allegedly Stolen From 5.7M Gemini Users

Gemini advises its customers to rely on strong authentication methods and recommends activating two-factor authentication (2FA) protection and/or the use of hardware security keys to access their accounts. The company also provides the steps necessary for changing the email address associated with the Gemini account. https://www.bleepingcomputer.com/news/security/hackers-leak-personal-info-allegedly-stolen-from-57m-gemini-users/

Read More