Security News

Water may be the greatest vulnerability in our national infrastructure, said Samantha Ravich, chair of CCTI. Much of the problem lies in just how decentralized water systems are, she explained. Water treatment plants are a ripe target because the majority of them serve smaller communities of fewer than 50,000 residents.

The municipality of Palermo in Southern Italy suffered a cyberattack on Friday, which appears to have had a massive impact on a broad range of operations and services to both citizens and visiting tourists. Palermo is home to about 1.3 million people, the fifth most populous city in Italy.

Pharmaceutical giant Novartis says no sensitive data was compromised in a recent cyberattack by the Industrial Spy data-extortion gang. Yesterday, the hacking group began selling data allegedly stolen from Novartis on their Tor extortion marketplace for $500,000 in bitcoins.

The Cybersecurity & Infrastructure Security Agency has added 41 vulnerabilities to its catalog of known exploited flaws over the past two days, including flaws for the Android kernel and Cisco IOS XR. The added vulnerabilities come from a wide range of years, with the oldest disclosed in 2016 and the most recent being a Cisco IOS XR vulnerability fixed last Friday. CISA has given federal agencies until June 13th, 2022, to apply security updates for the Android and Cisco vulnerabilities.

Half of global CISOs feel their organization is unprepared to deal with cyberattacks. As part of Proofpoint's "2022 Voice of the CISO" report, it was revealed that 50% of 1,400 CISOs surveyed feel their company is unequipped to deal with a cyberattack, and 48% feel that their organization is at risk of suffering a material cyberattack within the next year.

Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company's attack surface and the "Blast radius" of a potential attack. So how can you reduce the blast radius once malware is inside?

Multiple cybersecurity authorities from Australia, Canada, New Zealand, the U.K., and the U.S. on Wednesday released a joint advisory warning of threats targeting managed service providers and their customers. Key among the recommendations include identifying and disabling accounts that are no longer in use, enforcing multi-factor authentication on MSP accounts that access customer environments, and ensuring transparency in ownership of security roles and responsibilities.

The Five Eyes nations comprising Australia, Canada, New Zealand, the U.K., and the U.S., along with Ukraine and the European Union, formally pinned Russia for masterminding an attack on an international satellite communication provider that had "Spillover" effects across Europe. The cyber offensive, which took place one hour before the Kremlin's military invasion of Ukraine on February 24, targeted the KA-SAT satellite network operated by telecommunications company Viasat, crippling the operations of wind farms and internet users in central Europe.

The European Union formally accused Russia of coordinating the cyberattack that hit satellite Internet modems in Ukraine on February 24, roughly one hour before Russia invaded Ukraine. One week after the attack, Viasat confirmed that the satellite modems hit in the cyberattack were wiped using AcidRain data destroying malware.

The European Union formally accused Russia of coordinating the cyberattack that hit satellite Internet modems in Ukraine on February 24, roughly one hour before Russia invaded Ukraine. The attack targeted the KA-SAT consumer-oriented satellite broadband service operated by satellite communications provider Viasat.