cisa (10)

9297005663?profile=RESIZE_400xCybersecurity professionals, including the US expert team at the Cybersecurity and Infrastructure Security Agency (CISA), often focus on promoting best practices: the necessary steps that organizations must take to secure their enterprises. It is equally important for organizations to focus on stopping bad practices.

High-risk and dangerous technology practices are often accepted because of competing priorities, lack of incentives, or resource limitations that preclude sound risk management deci

9243849699?profile=RESIZE_400xThe current US administration has a message for Russia: Rein in the criminal hackers operating from inside your borders who hit Western targets, or we will do it for you.  The White House says that is the imperative being stressed in ongoing talks between high-level officials in the US and Russian national security teams following the mid-June summit in Geneva between the US President and the Russian President. 

Experts say disrupting ransomware will take more than diplomacy, and needed cybersec

9241445861?profile=RESIZE_400xPatches to fix a severe flaw in the Windows Print spooler are now available for Windows 10 Version 1607, Windows Server 2012 and Windows Server 2016.  Microsoft (MS) has now released patches to protect all versions of Windows against the critical PrintNightmare flaw.  MS recently deployed fixes to cover most but not all editions of Windows.  They patched the remaining versions of Windows, according to an update on its message center page.

Newly patched as of 7 July 7 are Windows 10 version 1607,

9103820261?profile=RESIZE_400xThe Department of Homeland Security has issued a cybersecurity directive that requires the operators of oil and gas pipelines to report ransomware attacks and other security incidents to the government.  The new cybersecurity mandates, which will replace some voluntary guidelines that had been in place for a decade, were announced Thursday in the wake of a 07 May 2021 ransomware attack that led Colonial Pipeline Co. to temporarily shut down its pipeline serving the East Coast, triggering fuel sh

8895950496?profile=RESIZE_400xThe current US administration is introducing a 100-day plan to improve cybersecurity and address cyber threats across the nation's electrical grid.  Officials state the program is part of a broader cybersecurity plan designed to address issues across the nation's critical infrastructure.

The 100-day initiative will involve government agencies that are responsible for the security of critical infrastructure as well as businesses and private utilities that oversee or own infrastructure, such as el

8321594296?profile=RESIZE_400xThis Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) version 8 framework.  See the ATT&CK for Enterprise version 8 for all referenced threat actor tactics and techniques.

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020.  This APT actor has demonstrated

8267297470?profile=RESIZE_400xRussian state level hackers have been exploiting a vulnerability found in VMware products including virtual workspaces, this according to a cybersecurity advisory issued last week by the the US based, National Security Agency.

PHOTOGRAPH: YIFEI FANG, GETTY IMAGES

The VMware vulnerability, which is called in CVE-2020-4006 and rated 7.2 on the Common Vulnerability Scoring System (CVSS), was disclosed and patched last week.  According to the NSA advisory, threat actors are using the vulnerability t

8011196853?profile=RESIZE_400xThroughout the USA, State and County election computer networks are still vulnerable to cyber-attacks and Election Day is only 29 days.  In a little-noticed episode in 2016, an unusual number of voters in Riverside, California, complained that they were turned away at the polls during the primary because their voter registration information had been changed.

The Riverside County district attorney, Mike Hestrin, investigated and determined that the voter records of dozens of people had been tampe

7990672077?profile=RESIZE_400xOur friends at the US Department of Homeland Security (DHS), Cyber Security and Infrastructure Agency (CISA) shared the follow good practices:

DRIVE CYBERSECURITY STRATEGY, INVESTMENT, CULTURE  [Link to DHS CISA report with helpful active links: 20-02019b - Telework_Essentials-08272020-508.pdf

After rapidly adopting wide-scale remote work practices in response to COVID-19, organizations have started planning for more permanent and strategic teleworking postures. An organization’s executive leade

7756134874?profile=RESIZE_400xThe Cybersecurity and Infrastructure Security Agency (CISA) and other US agencies have issued a warning about increases in bank e-thefts worldwide organized by a hacking group called "BeagleBoyz."  Researchers believe this group has ties to the North Korean government.  The BeagleBoyz group is a subset of the North Korean-backed hacking collective known as the Lazarus Group or Hidden Cobra.  The report with details of how the BeagleBoyz have made off with an estimated $2 billion in funds and cry