CyberSecurity Updates

18 Oct

CISA Releases Two Industrial Control Systems Advisories

Attacks, Insights, Malware

Original release date: October 18, 2022 CISA released two Industrial Control Systems (ICS) advisories on October 18, 2022. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-22-291-01 Advantech R-SeeNet ICSA-21-336-06 Hitachi Energy APM Edge (Update A) This product is provided subject to this Notification and this Privacy & Use policy.

Read More
18 Oct

GitGuardian adds IaC scanning to code security platform to protect SDLC

Data Breaches, Malware, Social Engineering

GitGuardian has added infrastructure-as-code (IaC) scanning to its code security platform to enhance the security of software development. The firm said the new feature will help security and development teams write, maintain, and run secure code, protecting the software development lifecycle (SDLC) against risks like tampering, code leakage and hardcoded credentials. The release reflects a growing industry focus on improving the cybersecurity of software development processes to help better protect widely used resources and supply…

Read More
18 Oct

Altruism under attack: why cybersecurity has become essential to humanitarian nonprofits

Data Breaches, Malware, Social Engineering

Humanitarian initiatives have always been of huge global importance, but perhaps never more so than over the past few years. The impacts of the COVID-19 pandemic, unprecedented shifts in weather patterns limiting resource availability and triggering mass migration, Russia’s invasion of Ukraine, and some of the largest rises in living costs for decades have all brought new urgency to the vital support humanitarian work (often led by nonprofits) provides those in need. However, nonprofits engaging…

Read More
18 Oct

Election security, misinformation threats loom large ahead of the US midterms

Data Breaches, Malware, Social Engineering

As the United States nears the 2022 mid-term elections, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued two back-to-back public service announcements (PSAs) that address the state of play when it comes to election integrity. The first announcement, seemingly designed to enhance voters’ faith in the election process, said the two agencies “assess that any attempts by cyber actors to compromise election infrastructure are unlikely to result in…

Read More
17 Oct

Cybersecurity Awareness Month 2022: Updating Software

Insights

Cybersecurity Awareness Month is flying by, and today’s blog identifies different security vulnerabilities that can be exposed if you are unable to keep up with your software updates. We interviewed NIST’s Michael Ogata, a computer scientist in the Applied Cybersecurity Division, and he walked us through different strategies to minimize your cybersecurity risks. Michael also was able to provide cyber tips to improve online safety. This week’s Cybersecurity Awareness Month theme is updating software. How…

Read More
17 Oct

Top skill-building resources and advice for CISOs

Data Breaches, Malware, Social Engineering

The role of the CISO has evolved, and so have the responsibilities. Some believe a CISO must have technical knowledge and experience as a cybersecurity professional, others think leadership skills such as being able to communicate with boards are what matters most. Ultimately, the hiring organisations will define what it needs in terms of cybersecurity to find the right person. In finance and insurance, for example, there will be specific rules that must be followed…

Read More
15 Oct

Anti-Money Laundering Service AMLBot Cleans House

Information, Insights

AMLBot, a service that helps businesses avoid transacting with cryptocurrency wallets that have been sanctioned for cybercrime activity, said an investigation published by KrebsOnSecurity last year helped it shut down three dark web services that secretly resold its technology to help cybercrooks avoid detection by anti-money laundering systems. Antinalysis, as it existed in 2021. In August 2021, KrebsOnSecurity published “New Anti Anti-Money Laundering Services for Crooks,” which examined Antinalysis, a service marketed on cybercrime forums…

Read More
14 Oct

CISA Releases RedEye: Red Team Campaign Visualization and Reporting Tool

Attacks, Insights, Malware

Original release date: October 14, 2022 CISA has released RedEye, an interactive open-source analytic tool to visualize and report Red Team command and control activities. RedEye allows an operator to quickly assess complex data, evaluate mitigation strategies, and enable effective decision making. For more information, CISA encourages users to review RedEye on GitHub and watch CISA’s RedEye tool overview video. This product is provided subject to this Notification and this Privacy & Use policy.

Read More
14 Oct

Security startups to watch for 2022

Data Breaches, Malware, Social Engineering

The problems cybersecurity startups attempt to solve are often a bit ahead of the mainstream. They can move faster than most established companies to fill gaps or emerging needs. Startups can often innovative faster because they are unfettered by an installed base. The downside, of course, is that startups often lack resources and maturity. It’s a risk for a company to commit to a startup’s product or platform, and it requires a different kind of customer/vendor…

Read More