This week, in addition to the news-catching, ongoing dispute between Twitter and Elon Musk, Twitter’s former head of cybersecurity, Peiter Zatko, claimed in a whistleblower filing with several federal agencies that Twitter...more
8/26/2022
/ Bots ,
Data Collection ,
Data Protection ,
Data Security ,
Elon Musk ,
Federal Trade Commission (FTC) ,
Government Investigations ,
Internet ,
Risk Management ,
Securities and Exchange Commission (SEC) ,
Social Media ,
Social Networks ,
Twitter ,
Vulnerability Assessments
Like all technology, mobile apps can be infected with malicious code, or malware, that is intended to gain access to your mobile phone when you download the app. Although app stores try their best to not allow malicious apps...more
The Cybersecurity & Infrastructure Security Agency (CISA) added 21 new vulnerabilities to its Known Exploited Vulnerabilities Catalog on May 23, 2022, due to active exploitation by cyber criminals. The vulnerabilities are a...more
The National Institutes of Science and Technology (NIST) Information Technology Laboratory recently released guidance entitled “Software Supply Chain Security Guidance,” in response to directives set forth in President...more
5/12/2022
/ Biden Administration ,
China ,
Cybersecurity ,
Cybersecurity Framework ,
Data Protection ,
Information Technology ,
New Guidance ,
NIST ,
Popular ,
Risk Management ,
Russia ,
Software ,
Supply Chain ,
Vulnerability Assessments
I traveled this week by plane to a client to conduct a cybersecurity tabletop exercise—one of my favorite things to do (the tabletop, not the flying). -
To be able to use the wi-fi, everyone instructed in the gate area was...more
As we have pointed out before, it is cumbersome yet critical, to patch vulnerabilities on a timely basis. Cyber-attackers move swiftly to take advantage of known vulnerabilities and are aware of the challenges organizations...more
Unscrupulous criminals use crises to their advantage. Scammers are using the conflict in Ukraine to bilk money from people trying to help those impacted from the attacks....more
The cybersecurity authorities of the United States (including CISA, FBI, NSA and DOE), Australia, Canada, New Zealand, and the United Kingdom released a joint Cybersecurity Advisory (CSA) on April 20, 2022, “to warn...more
4/21/2022
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Military Conflict ,
Regulatory Agencies ,
Risk Management ,
Russia ,
Ukraine ,
Vulnerability Assessments
Microsoft released its monthly patches this week to fix 128 vulnerabilities, including 10 rated as critical, 115 as important, and three flagged as moderately severe. One of the vulnerabilities (CVE-2022-24521 Windows Common...more
Scammers use familiarity to get victims to fall for their scams. One way to do that is to spoof a cell phone number from the same area code to make the targeted person think that the person calling or texting them is someone...more
Although we are receiving frequent alerts from CISA and the FBI about the potential for increased cyber threats coming out of Russia, China continues its cyber threat activity through APT41, which has been linked to China’s...more
Organizations often struggle with budgeting for cybersecurity risk and mitigation. It’s hard to see the return on investment for prevention of things that attack the company through the clouds....more
A joint Cybersecurity Advisory issued by U.S. and international partners, entitled “2021 Trends Show Increased Globalized Threat of Ransomware,” warns of “the growing international threat posed by ransomware over the past...more
Threat actors don’t wait for a convenient time to attack your company. They attack when it suits them, and when they can find any small opening. Being prepared for different types of attacks helps companies prepare for the...more
CYBERSECURITY -
CISA Warns “Every Organization” in U.S. to Assess + Respond to Cyber Risks -
The Cybersecurity & Infrastructure Security Agency (CISA) recently issued another warning to “every organization” in the...more
1/28/2022
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Drones ,
FERC ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Personally Identifiable Information ,
Ransomware ,
Risk Management ,
Robots ,
Transmission Grid ,
Vulnerability Assessments
It’s very hard to keep up with digital and crypto lingo. But if you are dabbling in crypto, you need to know about rug pulls. What is a rug pull you ask? According to blogger Migi Delfin, “A rug pull is a fraud scheme that...more
1/28/2022
/ Bitcoin ,
Cryptocurrency ,
Digital Currency ,
Financial Crimes ,
Financial Fraud ,
Hackers ,
Risk Management ,
Smart Contracts ,
Token Sales ,
Virtual Currency ,
Vulnerability Assessments
The Cybersecurity & Infrastructure Security Agency (CISA) recently issued another warning to “every organization” in the U.S. about cybersecurity risks during the ongoing escalation of tension between the U.S. and Russia over...more
1/27/2022
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
New Guidance ,
Personally Identifiable Information ,
Popular ,
Risk Management ,
Russia ,
Ukraine ,
Vulnerability Assessments
Microsoft has issued frequent updates on the Log4j vulnerability that we have been hearing so much about. The vulnerability is a serious problem that will become more widespread as time goes on....more
1/14/2022
/ China ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Hackers ,
Information Technology ,
Personally Identifiable Information ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
The Cybersecurity & Infrastructure Security Agency (CISA), jointly with the FBI and NSA, issued a Cybersecurity Advisory on January 22, 2022, to warn organizations, especially critical infrastructure operators, to be on...more
1/14/2022
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
FBI ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
National Security Agency (NSA) ,
Risk Management ,
Russia ,
Vulnerability Assessments
In what I would describe as an unusual but interesting move by the Federal Trade Commission (FTC), on January 4, 2022, it issued a warning to companies “to remediate Log4j security vulnerability” or face an enforcement action...more
It was a crazy weekend for cyberattacks. People seem surprised, but those of us in the industry aren’t surprised one bit. It is very logical and foreseeable that hackers are leveraging attacks that have maximum disruption on...more
12/17/2021
/ Cloud Computing ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Hackers ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Popular ,
Risk Management ,
Software ,
Vulnerability Assessments
The Cybersecurity and Infrastructure Security Agency (CISA) recently issued guidance on protecting the security of organizations’ social media accounts to reduce the risk of unauthorized access to those accounts....more
On December 6, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) updated a previously issued Alert entitled APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine...more
Researchers at Mandiant have recently reported that a new ransomware group calling itself Sabbath appears to be the rebranded group Arcane and “picked up their pace” in November....more
12/2/2021
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Educational Institutions ,
Hackers ,
Health Care Providers ,
Information Technology ,
Personally Identifiable Information ,
Popular ,
Ransomware ,
Risk Management ,
Vulnerability Assessments
The Cybersecurity & Infrastructure Security Agency (CISA) and the FBI issued a joint Alert this week, entitled “Reminder for Critical Infrastructure to Stay Vigilant Against Threats During Holidays and Weekends” outlining...more
11/24/2021
/ Critical Infrastructure Sectors ,
Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
FBI ,
Holidays ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Information Technology ,
Ransomware ,
Risk Management ,
Vulnerability Assessments