On the heels of the concerning security incident experienced by FireEye [view related post], during the investigation of its own incident, FireEye discovered that multiple updates issued by SolarWinds, a cybersecurity firm that many governmental and private companies use to monitor networks, were “trojanized” and malware was inserted into the updates between March and May … Continue Reading
The Department of Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) this week issued Alert (AA20-301A) titled North Korean Advanced Persistent Threat Focus: Kimsuky warning U.S. businesses, and particularly those in the commercial sector, about tactics used by North Korean advanced persistent threat (APT) group Kimusky. https://us-cert.cisa.gov/ncas/alerts/aa20-301a The Alert, co-authored by the Federal Bureau of … Continue Reading
When the Federal Bureau of Investigations (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) get together to issue an alert to warn us about a security threat, you can bet that the threat is real, and that they have seen it used successfully at an alarming rate. The joint advisory issued on August 20, … Continue Reading
The Federal Bureau of Investigations (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert warning the public about vishing campaigns [see related post]. Vishing is defined by the FBI as “a form of criminal phone fraud, using social engineering over the telephone system to gain access to private personal and financial … Continue Reading
The Federal Bureau of Investigations (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint Flash Alert to U.S. based businesses doing business in China about a remote targeting campaign whereby the tax software that Chinese domestic banks require foreign companies to install is loaded with malware. Trustwave researchers warned in June … Continue Reading
On July 10, 2020, the Securities and Exchange Commission, through its Office of Compliance Inspections and Examinations (OCIE), issued a warning to advisors and broker-dealers to “immediately” review their cybersecurity controls to prevent and respond to an increase in phishing campaigns and ransomware attacks. The Risk Alert advises that the OCIE has “observed an apparent … Continue Reading
The Federal Aviation Administration (FAA) estimates that by 2023 there will be more than 835,000 commercial drones in the United States. As the use of drones for many commercial purposes (such as aerial inspections, utility projects, monitoring real estate and construction activities) increases, more and more organizations will consider how to integrate these devices into … Continue Reading
On the heels of an FDA committee report concerning cybersecurity issues with medical devices [view related post] the U.S. Food and Drug Administration (FDA) issued an alert regarding cybersecurity vulnerabilities, referred to as “URGENT/11,” that could introduce risks for some medical devices and hospital networks. According to the FDA’s October 1st notice, the URGENT/11 vulnerabilities … Continue Reading
We’ve written a few times recently about municipalities, companies, and government agencies hit with ransomware attacks this year. In early July, it was reported that a court system in Georgia was attacked with ransomware, causing lawyers, court employees and the public to have to rely on “old school” paper to file pleadings and keep the … Continue Reading
After a long delay, with a vote of 74 to 21, the United States Senate passed the Cybersecurity Information Sharing Act (CISA) on October 27, 2015. The bill has been touted as being controversial and is opposed by privacy advocates, some tech companies and several Senate Republicans as it “would grant legal immunity to companies … Continue Reading
