Leveraging Knowledge to Manage Your Data Risks
On May 16, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released three advisories applicable to Industrial Control Systems (ICS). The Alerts cover vulnerabilities of Snap One OvrC Cloud, Rockwell ArmorStart, and Rockwell Automation Factory Talk Vantagepoint.
The Snap One vulnerabilities, if exploited, “could allow an attacker to impersonate and claim devices, execute arbitrary…
As we have pointed out before, it is cumbersome yet critical, to patch vulnerabilities on a timely basis. Cyber-attackers move swiftly to take advantage of known vulnerabilities and are aware of the challenges organizations have in closing those doors.
The Cybersecurity and Infrastructure Security Agency (CISA), along with its counterparts in other countries, issued a…
Passwords are so difficult to remember. We all know we shouldn’t use the same or similar passwords across platforms. Stolen password credentials are dumped on the dark web and criminals use the stolen passwords to steal other data from victims, including frequent flyer miles, online banking credentials, cryptocurrency and other digital assets, and to get…
Researchers at Heimdal Security have detected a new ransomware dubbed DeepBlueMagic. According to Heimdal, it is particularly concerning because it is able to disable security tools that companies have employed in order to avoid detection. After the security tools are disabled, the ransomware is deployed and encrypts entire hard drives, except for the system drive.…
On July 28, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) issued a cybersecurity alert entitled “Top Routinely Exploited Vulnerabilities” in collaboration with the Australian Cyber Security Centre, the United Kingdom’s National Cyber Security Centre, and the FBI.
The Alert concludes that cyber criminals are exploiting vulnerabilities in unpatched systems, but that many of the…
New dictionary words have been formed to describe online scams. Phishing, one that everyone knows by now, is when a scammer uses a pretext in an email to get someone to click on a link or attachment in the email to deploy malicious malware and ransomware.
Social engineering is when criminals conduct online search of…
Coveware issued its Q1 2021 Ransomware Report on April 26, 2021, which concludes that “[D]ata exfiltration extortion continues to be prevalent and we have reached an inflection point where the vast majority of ransomware attacks now include the theft of corporate data.”
The Report states that the average ransom payment increased 43 percent from $154,108…
You executives and managers who are in my age group (that is, you didn’t grow up with mobile devices and computers) listen up. According to several studies, you pose a higher security risk to your organization than the up-and-comers you manage.
According to a new survey of 2,000 workers aged 16 to 55+ in the…
You probably heard about the recent hack of Twitter accounts that took place on July 15, 2020. The hackers took over several prominent Twitter accounts, which resulted in a scam that netted over $118,000 in bitcoin for the hackers. One of the most startling things about the cyberattack was that it was led by a…
Secureworks issues an annual Incident Response Report that is very helpful in obtaining information on what types of incidents are occurring in order to become more resistant to threats. The 2020 IR Report was recently issued, and it contained some conclusions that made sense, while others were surprising.
The Report, entitled Pandemic-Driven Change: The Effect …
