CyberSecurity Updates

25 Oct

CISA Has Added One Known Exploited Vulnerability to Catalog    

Attacks, Insights, Malware

Original release date: October 25, 2022 CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This type of vulnerability is a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: To view the newly added vulnerabilities in the catalog, click on the arrow in the “Date Added to Catalog” column, which will sort by descending dates.       Binding Operational Directive…

Read More
25 Oct

CISA Releases Eight Industrial Control Systems Advisories

Attacks, Insights, Malware

Original release date: October 25, 2022 CISA has released eight (8) Industrial Control Systems (ICS) advisories on October 25, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations: •    ICSMA-22-298-01 AliveCor KardiaMobile •    ICSA-22-298-01 Haas Controller •    ICSA-22-298-02 HEIDENHAIN Controller TNC •    ICSA-22-298-03 Siemens Siveillance Video Mobile Server •    ICSA-22-298-04 Hitachi Energy…

Read More
25 Oct

CISA Upgrades to Version 2.0 of Traffic Light Protocol in One Week – Join Us!

Attacks, Insights, Malware

Original release date: October 25, 2022 On Nov. 1, 2022, CISA will upgrade from Traffic Light Protocol (TLP) 1.0 to TLP 2.0 in accordance with the recommendation by the Forum of Incident Response Security Teams (FIRST) that organizations move to 2.0 by the end of 2022. TLP Version 2.0 brings the following key updates: TLP:CLEAR replaces TLP:WHITE for publicly releasable information. TLP:AMBER+STRICT supplements TLP:AMBER, clarifying when information  may be shared with the recipient’s organization only. CISA…

Read More
25 Oct

Why Employers Should Embrace Competency-Based Learning in Cybersecurity

Insights

Credit: Shutterstock/EtiAmmos There is a growing movement toward increasing the use of competency and skills-based education and hiring practices in both the public and private sectors. For example, the Executive Order on Modernizing and Reforming the Assessment and Hiring of Federal Job Candidates calls upon the Federal Government to “ensure that the individuals most capable of performing the roles and responsibilities required of a specific position are those hired for that position”—resulting in “merit-based reforms…

Read More
25 Oct

Akamai to boost network-layer DDoS protection with new scrubbing centers

Data Breaches, Malware, Social Engineering

Content delivery network (CDN) provider Akamai said Tuesday that its Prolexic DDoS protection service will become able to handle DDoS attacks of up to 20Tbps, thanks to a new wave of construction of so-called scrubbing centers. The company’s announcement said that this will effectively double its current capacity to handle network-level DDoS attacks, with rollouts planned for “all major regions,” which includes US East and West, Canada, Italy, Spain, Switzerland, India, Japan, Hong Kong and…

Read More
25 Oct

Blockchain security companies tackle cryptocurrency theft, ransom tracing

Data Breaches, Malware, Social Engineering

According to data from the Rekt leaderboard, cybercriminals have stolen as much as $3 billion of investor funds through 141 various cryptocurrency exploits since January, putting 2022 on track to top 2021 levels of digital currency malfeasance. Comparitech’s cryptocurrency heists tracker indicates that since 2011, hackers have stolen $7.9 billion in cryptocurrency worth about $45.5 billion in today’s value. Along with the increased dollar amounts of cryptocurrency thefts, the scams, hacks, and exploits of cryptocurrency,…

Read More
25 Oct

8 hallmarks of a proactive security strategy

Data Breaches, Malware, Social Engineering

CISOs have long been tasked with building response and recovery capabilities, the objective being to have teams that can react to a security incident as quickly as possible and can restore business functions with as little damage as possible. The need for those activities is certainly not going to go away, but many security chiefs are seeking to take more proactive steps to balance out reactive ones. “On the proactive side, you’re trying to predict…

Read More
24 Oct

ESET research into new attacks by Lazarus – Week in security with Tony Anscombe

Information

The attack involved the first recorded abuse of a security vulnerability in a Dell driver that was patched in May 2021 This week, the ESET Research team has published the results of their analysis of recent attacks carried out by the Lazarus APT group. Using spear-phishing emails that contained malicious Amazon-themed documents, the group targeted an employee of an aerospace company in the Netherlands and a political journalist in Belgium. Notably, one of the tools…

Read More
24 Oct

8 questions to ask yourself before getting a home security camera

Information

As each new smart home device may pose a privacy and security risk, do you know what to look out for before inviting a security camera into your home? Security cameras were once the preserve of the rich and famous. Now anyone can get their hands on one thanks to technological advances. The advent of the Internet of Things (IoT) has created a  major new market – for manufacturers of devices like connected doorbells and…

Read More
24 Oct

5 reasons to keep your software and devices up to date

Information

Next time you’re tempted to hold off on installing software updates, remember why these updates are necessary in the first place Technology enables us to do wonderful things. The PCs and mobile devices at the center of our digital world are an indispensable part of our personal and working lives. They offer us a gateway to social media, online banking, media streaming, instant messaging, fitness tracking and much else besides. Depending on your circumstances they…

Read More