According to statements by the Cybersecurity and Infrastructure Security Agency (CISA), the People’s Republic of China-backed (PRC) hacking group Salt Typhoon, which attacked telecommunications providers last month, is still infiltrating the providers and it is “impossible for us to predict a time frame on when we’ll have full eviction.” One reason is that the hackers
Federal Bureau of Investigation
Public Urged to Encrypt Mobile Phone Messaging and Calls
On December 4, 2024, four of the five members of the Five Eyes intelligence-sharing group (the United States, Australia, Canada, and New Zealand) law enforcement and cyber security agencies (Agencies) published a joint guide for network engineers, defenders of communications infrastructure and organizations with on-premises enterprise equipment (the Guide). The Agencies strongly encourage applying the…
Joint Advisory Lists Top Routinely Exploited Vulnerabilities
On November 12, 2024, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency, along with its security partners in Australia, Canada, New Zealand, and the United Kingdom, issued the cybersecurity advisory “2023 Top Routinely Exploited Vulnerabilities,” outlining top vulnerabilities impacting companies across the free world.
The…
CISA and FBI Issue Cybersecurity Guidance for the Use of Chinese-Manufactured Drones
Last week, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released Cybersecurity Guidance: Chinese-Manufactured Unmanned Aircraft Systems (UAS), which outlines the risks and threats posed by Chinese-manufactured unmanned aerial systems (UAS or drones) and provides cybersecurity safeguards to reduce these risks to networks and sensitive data.
The biggest issue:…
CISA + FBI Issue Joint Advisory on AvosLocker Ransomware
The Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a Joint Cybersecurity Advisory on October 11, 2023, urging companies (particularly those in the critical infrastructure sector) to take steps to mitigate cyber threats for AvosLocker Ransomware.
The Advisory urges companies to:
CISA Lists Top CVEs Exploited by Chinese State-Sponsored Cyber Actors
The Cybersecurity & Infrastructure Security Agency (CISA) recently issued an Alert outlining the top Common Vulnerabilities and Exposures (CVEs) that have been used by the People’s Republic of China (PRC) state-sponsored cyber actors since 2020.
According to the Alert, these threat actors “continue to exploit known vulnerabilities to actively target U.S. and allied networks as…
NSA + FBI Warn Defense Contractors of Russian Hackers
When the National Security Agency (NSA) and the Federal Bureau of Investigations (FBI) get together to issue a joint warning, you may wish to listen up.
The NSA and FBI recently alerted the defense industry through a Cybersecurity Advisory of the risk of malware attacks targeted at the defense and aerospace sectors by Russia’s General…
Chinese and Russian Hackers Targeting COVID-19 Vaccine Makers in U.S. Crosshairs
Last week, authorities from the United States, United Kingdom and Canada accused a well-known hacker group tied to the Russian government, APT29 a/k/a Cozy Bear of using malware to exploit security vulnerabilities to enable it to steal COVID-19 vaccine research from companies located in these countries working to develop a vaccine. This was after a…
FBI Issues Warning of Increased BEC During COVID-19 Pandemic
On April 6, 2020, the Federal Bureau of Investigation (FBI) issued a warning to companies to be aware of an increase in business email compromises (BEC) entitled “FBI Anticipates Rise in Business Email Compromise Schemes Related to the Covid-19 Pandemic.” Although BECs have been around for years, attackers are using the fact that many…
Diagnostic Medical Imaging Company Pays $3 Million to Resolve Potential HIPAA Violations Stemming from Data Breach
The Office of Civil Rights (OCR), the enforcement arm of the Department of Health & Human Services (HHS), announced that a Tennessee diagnostic medical imaging services company has agreed to pay $3 million to settle potential HIPAA violations arising from a data breach that exposed over 300,000 patients’ protected health information. As part of the…